On Wed, 15 Aug 2007, Wojciech Purczynski wrote:
> The problem is that without suid binary execved from parent process you
> can not send the signal. ;) With suid binary you can and that makes this
> issue a privilege escalation vulnerability.
>
Could you please explain it to me where do you see p
> > In this case check_kill_permission() returns -EPERM for unprivileged
> > parent.
> >
> You always talked about setuid root process sending PDEATH_SIG to the
> root child, didn't you? check_kill_permission() checks current->euid and
> current->uid against t->uid and t->suid, where 'current' is
[EMAIL PROTECTED] wrote:
>safari browser doesn't prompt for a download, it just download the file
>and send it directly on the desktop, which is totally unsecure on a
>windows operating system.
Firefox will do the same if it's configured that way. Is this the default
behavior with Safari?
I do
> In my eyes this is definitely a security issue. But I cannot imagine a
> way to exploit this issue at the moment. First you have to find a suid
> binary which fork()'s. Next thing is that you need access to that
> binary. And then? If both conditions are really met, what's next? The
> possibilit
On Wed, 15 Aug 2007, Wojciech Purczynski wrote:
>
> > This doesn't change anything in what I said previously. If the sender's
> > EUID or RUID equals to any of SUID or RUID of the victim or the sender
> > process is root, the sender can send any signal to the victim; if none
> > of those conditio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:165
http://www.mandriva.com/security/
___
Product: Safari browser for windows
Tested on: Last version ( 3.0.3 )
Download url :http://www.apple.com/safari/
Demo url:
http://images.apple.com/movies/us/apple/safari/2007/wwdc/apple-safari_672x416.mov
Bug: Remote arbitry file upload
Impact: Critical
Fix Available: No
-
I'm looking for technical contacts at Secure Computing in the Snap Gear
and Cyberguard product divisions who would be familiar with IP version 6
support.
Please reply directly, thank you!
begin:vcard
fn:David Piscitello
n:Piscitello;David
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
email;
///
Trackeur v.1 Remote File İnclude Bug
///
Author : Crackers_Child
> This doesn't change anything in what I said previously. If the sender's
> EUID or RUID equals to any of SUID or RUID of the victim or the sender
> process is root, the sender can send any signal to the victim; if none
> of those conditions are met, it obviously can't, no matter how and what
> si
rPath Security Advisory: 2007-0161-1
Published: 2007-08-14
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Remote User Deterministic Privilege Escalation
Updated Versions:
dovecot=/[EMAIL PROTECTED]:devel//1/1.0.3-0.1-1
References:
http://cve.mitre.org/cgi-bin/cven
Système de vote en temps réel v1.0 Remote File İnclude Bug
Author : Crackers_Child
Contact : [EMAIL PROTECTED] & http://karanliktaoynayanlar.com &
http://biy
ESRI ArcSDE Numeric Literal Buffer Overflow Vulnerability
iDefense Security Advisory 08.15.07
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 15, 2007
I. BACKGROUND
ESRI Inc. ArcSDE is a multi-user database server bundled with ArcGIS to
provide access to Geographic Information Systems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:162
http://www.mandriva.com/security/
___
On Wed, 15 Aug 2007, Glynn Clements wrote:
> > If setuid program just
> > trusts the environment in that it doesn't properly handle or block signals
> > whose default action is terminating the process and doesn't perform it's
> > actions in a fail-safe manner, it is certainly broken. Setuid prog
Debasis Mohanty wrote:
No offence intended but if you take a little more effort of validating your
work before posting publicly then you can save yourself from embarrassment.
I don't see anything in the script that can bypass zone security and run
successfully from internet zone. I am sure you
Advisory : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos
Vulnerability
Dated : 15 August 2007
Severity : Critical
Explanation :
The vulnerability persists in the popup blocker functioning to allow
specific websites to execute
popup in the running instance of Internet Explorer.
Hello Thierry,
On Mon, 13 Aug 2007, Thierry Zoller wrote:
> Have you tried to pin down the actualy requests that bring the service
> down ? As the nmap service probes are easy to read _ Have you tried
> reproducing the behaviour by sending the requests listed in the nmap
> service probe file ?
th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory:
Local Privilege Escalation Vulnerabilities in Cisco VPN Client
Advisory ID: cisco-sa-20070815-vpnclient
http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml
Revision 1.0
For Public Release 2007 August
[EMAIL PROTECTED] wrote:
> I may be rusty with knowledge about mirc (say almost 10 years out of
> date)...but, in what situation would the pipe ('|') ever be processed from a
> variable, even if it was read from a mp3 ID3?
This is probably a bigger concern for *nix scripts, especially of the
hom
No offence intended but if you take a little more effort of validating your
work before posting publicly then you can save yourself from embarrassment.
I don't see anything in the script that can bypass zone security and run
successfully from internet zone. I am sure you have tested it locally an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01110627
Version: 1
HPSBMA02240 SSRT061260 rev.1 - HP OpenView Operations Manager for Windows
(OVOW) with the OpenView Operations Add On Module for OpenView
Operations-Business Availability Ce
> V - EXPLOIT CODE
>
> An exploit for this vulnerability has been developed but will not
> released to the general public at this time.
Don't ever release that to general public. Why would we like to run rm
-rf / in such a funny way? I can type the command in the shell if all
I want to do is attac
I may be rusty with knowledge about mirc (say almost 10 years out of
date)...but, in what situation would the pipe ('|') ever be processed from a
variable, even if it was read from a mp3 ID3?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I - TITLE
Security advisory: McAfee Virus Scan for Linux and Unix v5.10.0 Local
Buffer Overflow
II - SUMMARY
Description: Local buffer overflow vulnerability in McAfee Virus Scan
for Linux and Unix allows arbitrary code execution
Author: Sebastian
NSFOCUS Security Advisory (SA2007-01)
Microsoft IE5 CSS Parsing Memory Corruption Vulnerability
Release Date: 2007-08-15
CVE ID: CVE-2007-0943
http://www.nsfocus.com/english/homepage/research/0701.htm
Affected systems & software
===
Internet Explorer 5.01
Unaffected systems
Cross Site Request Forgery in 2wire routers
Vulnerable Routers: 1701HG, 2071 Gateway
Software: v3.17.5, 5.29.51 Password Not Set (default)
Greetz a la Comunidad Underground de México, y a los
que me ayudaron a probarlo: Preth00nker, nitr0us, ...
[EMAIL PROTECTED]
I. Background
-
Th
On Tue, 14 Aug 2007, Wojciech Purczynski wrote:
>
> Small correction - I forgot to add setuid(0) ;)
>
> PARENT CHILD
>
> fork()
> prctl(PR_SET_PDEATHSIG)
> exec
Magnus Holmgren said:
>[the superglobals] shadow everything - you cannot define your own
>$_SERVER array, nor can it be overridden with HTTP GET or POST
>values. If that were possible, using the superglobals would be
>useless; all scripts would be vulnerable unless register_globals is
>off.
This
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200708-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Dan Yefimov wrote:
> > An unprivileged local user may send arbitrary signal to a child process
> > despite security restrictions.
> I'm not sure this is a real security issue. If some process has the same
> effective UID as the given one, the former can always send any signal to the
> latter.
Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability
iDefense Security Advisory 08.14.07
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 14, 2007
I. BACKGROUND
XML Core Services (also known as MSXML) is a library for processing XML
files. It works with, and was original
In my eyes this is definitely a security issue. But I cannot imagine a way to
exploit this issue at the moment. First you have to find a suid binary which
fork()'s. Next thing is that you need access to that binary. And then? If both
conditions are really met, what's next? The possibilities are
Microsoft Windows Vista Sidebar RSS Feeds Gadget Cross Site Scripting
Vulnerability
iDefense Security Advisory 08.14.07
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 14, 2007
I. BACKGROUND
The Vista sidebar is a desktop extension that allows the user to keep a
number of "gadgets", w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:164
http://www.mandriva.com/security/
___
35 matches
Mail list logo