Xmas 2011 Security Puzzle

2011-12-27 Thread Ivan Buetler
Dear list, We are proud to present two free XMAS 2011 hacking challenges for you! The first challenge is just fun. Hack the file and become a music hero! The second challenge is about oracle padding. A difficult one, scratch your head and solve the challenge. A lot to learn, I promise.

FreeBSD Security Advisory FreeBSD-SA-11:07.chroot

2011-12-27 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-11:07.chroot Security Advisory The FreeBSD Project Topic:

FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd

2011-12-27 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-11:08.telnetdSecurity Advisory The FreeBSD Project Topic:

FreeBSD Security Advisory FreeBSD-SA-11:09.pam_ssh

2011-12-27 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-11:09.pam_sshSecurity Advisory The FreeBSD Project Topic:

FreeBSD Security Advisory FreeBSD-SA-11:10.pam

2011-12-27 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-11:10.pamSecurity Advisory The FreeBSD Project Topic:

Merry Christmas from the FreeBSD Security Team

2011-12-27 Thread FreeBSD Security Officer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, No, the Grinch didn't steal the FreeBSD security officer GPG key, and your eyes aren't deceiving you: We really did just send out 5 security advisories. The timing, to put it bluntly, sucks. We normally aim to release advisories on

[ MDVSA-2011:192 ] mozilla

2011-12-27 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:192 http://www.mandriva.com/security/

Lighttpd Proof of Concept code for CVE-2011-4362

2011-12-27 Thread pi3
29 of November 2011 was the date of public disclosure interesting vulnerability in lighttpd server. Xi Wang discovered that mod_auth for this server does not propely decode characters from the extended ASCII table. The vulnerable code is below: src/http_auth.c:67 --- CUT --- static const short

[SECURITY] [DSA 2372-1] heimdal security update

2011-12-27 Thread Florian Weimer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2372-1 secur...@debian.org http://www.debian.org/security/Florian Weimer December 25, 2011

[SECURITY] [DSA 2373-1] inetutils security update

2011-12-27 Thread Florian Weimer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2373-1 secur...@debian.org http://www.debian.org/security/Florian Weimer December 25, 2011

[SECURITY] [DSA 2374-1] openswan security update

2011-12-27 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2374-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff December 26, 2011

[SECURITY] [DSA 2375-1] krb5. krb5-appl security update

2011-12-27 Thread Florian Weimer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2375-1 secur...@debian.org http://www.debian.org/security/Florian Weimer December 26, 2011

MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]

2011-12-27 Thread Tom Yu
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MITKRB5-SA-2011-008 MIT krb5 Security Advisory 2011-008 Original release: 2011-12-26 Last update: 2011-12-26 Topic: buffer overflow in telnetd CVE-2011-4862 CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C CVSSv2 Base Score: 10

[ MDVSA-2011:193 ] squid

2011-12-27 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:193 http://www.mandriva.com/security/

[ MDVSA-2011:194 ] icu

2011-12-27 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:194 http://www.mandriva.com/security/