Re: [Full-disclosure] Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Noam Rathaus wrote: Hi, The vulnerability also affects unrar (3.70 beta 3 freeware by Alexander Roshal), as it tries to read a negative location from a pointer reference in the SET_VALUE(false,Data,Addr-Offset) function (found in rarvm.cpp). The values of Addr is 1666528 while Offset is 4546004 which of course results in -2879476 being accessed, or even better the value of 4292087820 as it is casted to an unsigned value without checking. Yes we have reported to them also. All the products using the code from unrar for linux are vulnerable. The RAR Labs requested to delay the advisory until next release. Regards Metaeye SG // http://www.metaeye.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGlPtwgHlN5ncUR6wRAkxRAJ4n5ONzoP31FFAJzMAaw/L4dSXqwQCfarcK /0u6i3AQ7otAsN4YSeZoIoU= =MYBk -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vendor - -- Clam Antivirus (http://www.clamav.net) Product - --- Clamav (libclamav) Versions Affected - - All before 0.91 Severity - Moderate Issue - - Clamav crashes due to processing of standard filters in RAR VM, while processing a corrupted RAR file. Processing the corrupted file results in a null pointer deference. Impact - -- Processing the corrupted file will result in crashing of clamscan application and clamd daemon. Fix - --- Upgrade to version 0.91. PoC - --- http://www.metaeye.org/codes/corrupted.rar Vendor Status - - Reported: 25/06/2007 Fixed:11/07/2007 References - -- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555 http://www.metaeye.org/advisories/54 Metaeye SG // http://www.metaeye.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGlPzXgHlN5ncUR6wRAsjSAJ9/AQDZBJBYywO/8m3EUCgMUXBlQgCfWiL8 f3Hq+HVMtsVrs1W+HOpI+kk= =t5nN -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vendor - -- Clam Antivirus (http://www.clamav.net) Product - --- Clamav (libclamav) Versions Affected - - All before 0.91 Severity - Moderate Issue - - Clamav crashes due to processing of standard filters in RAR VM, while processing a corrupted RAR file. Processing the corrupted file results in a null pointer deference. Impact - -- Processing the corrupted file will result in crashing of clamscan application and clamd daemon. Fix - --- Upgrade to version 0.91. PoC - --- http://www.metaeye.org/codes/corrupted.rar Vendor Status - - Reported: 25/06/2007 Fixed:11/07/2007 References - -- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555 http://www.metaeye.org/advisories/54 Metaeye SG // http://www.metaeye.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGlPN/gHlN5ncUR6wRAo1AAJ9dNI51Y4t5BRG3aqIUHPih8cJQ7ACfVrW1 21o5Oadk6A7OVGhdzJph2gk= =YuBi -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory - Redirection Vulnerability in wp-login.php.
Vendor -- Wordpress (http://www.wordpress.org). Severity Moderate. Dated - 03 March 2007. Versions Affected - All. Issue - The wp-login.php page redirects a user to arbitrary page after successful login by setting the redirect_to url parameter. For example if a user logins successfully with his credentials on the following page http://www.foo.com/wp-login.php?redirect_to=http://www.google.co.in He will be redirected to www.google.co.in. Impact -- This can lead to credentials stealing. Also cookie stealing is possible coupled with some browser bugs. Vendor Status - Reported on 03 March 2007. Fix will be made available in next version. -- MSG // http://www.metaeye.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory: SQL Injection Vulnerability In Multiple AOL Websites.
Vendor: AOL. Severity: Critical. Dated: 23 December 2006. Explanation: SQL injection vulnerability has been noticed in number of AOL websites. When a malformed input is injected in the URL parameter the relative information regarding database , tables and various queries are displayed on the web page. An attacker can execute arbitrary SQL queries. Successful exploitation can lead to full compromise of the database and the server. Websites Affected: -- AOL Ringtone: http://ringtones.aol.com/ Example: http://ringtones.aol.com/popArtist.php?_pgtyp=pdctartistID=' AOL NHL DraftNET: http://nhldraftnet.aol.com/ Example: http://nhldraftnet.aol.com/NHLDraftNet/index.php?ID=' AOL Ability: http://ability.aol.com/ Example: http://ability.aol.com/ability/index.php?ID=' Vendor Status: -- Reported. No Response. Not Patched. Advisory URL: http://www.metaeye.org/advisories/31 -- MSG // http://www.metaeye.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] SQID v0.2 - SQL Injection Digger.
SQL injection digger is a command line program that looks for SQL injections and common errors in websites.Current version looks for SQL injections and common errors in website urls found by performing a google search. The use of google search SOAP API has been removed due to no more issuing of keys. Now it directly performs search over the web. Sqid can be downloaded from http://sqid.rubyforge.org. -- MSG // http://www.metaeye.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] SQID v0.1 - SQL Injection Digger.
SQL injection digger is a command line program that looks for SQL injections and common errors in websites.Current version looks for SQL injections and common errors in website urls found by performing a google search. Sqiud can be downloaded from http://sqid.rubyforge.org. -- MSG // http://www.metaeye.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/