===
Ubuntu Security Notice USN-1050-1March 03, 2011
thunderbird vulnerabilities
CVE-2010-1585, CVE-2011-0053, CVE-2011-0061, CVE-2011-0062
===
A security issue affects the fo
===
Ubuntu Security Notice USN-1083-1March 03, 2011
linux-lts-backport-maverick vulnerabilities
CVE-2009-4895, CVE-2010-0435, CVE-2010-2066, CVE-2010-2226,
CVE-2010-2248, CVE-2010-2478, CVE-2010-2495, CVE-2010-2521,
CVE-2010-2524,
On Mar 2, 2011, at 12:36 PM, Charles Morris wrote:
>>>
1. Read Tim's e-mail.
>>> In short-
>>> Encryption without authentication is ALWAYS BETTER than no encryption
>>
>> It's not. Would you like to jump out of an airplane with a parachute that
>> you THINK will work, but doesn't, or one t
===
Ubuntu Security Notice USN-1080-2March 02, 2011
linux-ec2 vulnerabilities
CVE-2010-3865, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877,
CVE-2010-3880, CVE-2010-4248, CVE-2010-4343, CVE-2010-4346,
CVE-2010-4526, CVE-2010-4527, CVE
ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-103
March 2, 2011
-- CVE ID:
CVE-2011-0055
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Mozilla
-- Affected Products:
Mozilla Fi
ZDI-11-102: PostgreSQL Plus Advanced Server DBA Management Server Remote
Authentication Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-102
March 2, 2011
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Postgres
-- Affected Products:
Postgres Plus SQL
ZDI-11-101: Apple iPhone Webkit Library Javascript Array sort Method Remote
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-101
March 2, 2011
-- CVE ID:
CVE-2011-0154
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Apple
-- Affected Products:
App
ZDI-11-100: Apple Webkit Root HTMLBRElement Style Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-100
March 2, 2011
-- CVE ID:
CVE-2011-0149
-- CVSS:
9, (AV:N/AC:M/Au:N/C:C/I:P/A:C)
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
-- Tippi
ZDI-11-099: Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-099
March 2, 2011
-- CVE ID:
CVE-2011-0133
-- CVSS:
9.7, (AV:N/AC:L/Au:N/C:C/I:P/A:C)
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
-- TippingPoin
ZDI-11-098: Apple Safari Webkit Runin Box Promotion Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-098
March 2, 2011
-- CVE ID:
CVE-2011-0132
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
-- Vul
ZDI-11-097: Apple Webkit setOuterText Memory Corruption Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-097
March 2, 2011
-- CVE ID:
CVE-2011-0116
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
--
ZDI-11-096: Apple Safari WebKit Range Object Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-096
March 2, 2011
-- CVE ID:
CVE-2011-0115
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
-- TippingPoin
ZDI-11-095: Apple Webkit Error Message Mutation Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-095
March 2, 2011
-- CVE ID:
CVE-2010-1824
-- CVSS:
9.7, (AV:N/AC:L/Au:N/C:C/I:P/A:C)
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
-- Tippi
> The list does go on. However, I completely disagree with your
> assertion that "O(MitM) = O(sniff)"
>
> Yes there are many vectors to MITM at many levels, but they are
> (perhaps not ALL) not only detectable but also preventable in many scenarios.
>
> > * DNS cache poisoning =>Don't fail
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2179-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
March 02, 2011
>
> It's hard to do if you're starting from zero and have to write your own
> tools. It's not hard to do when you can just download something off the
> Internet, which is the reality we're dealing with. Jay Beale released a tool
> to do this years ago at Toorcon. There are many others. Game
> the same. Another way to look at it is O(MitM) = O(sniff). There may
> be some implementation details that make MitM harder, but it's within
> a constant factor.
>
> To illustrate this point, we merely need to search the web for MitM
> tools. At the network layer, we could achieve this in one
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2178-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
March 02, 2011
I appreciate that!
-J
-Original Message-
From: Nathan Power [mailto:n...@securitypentest.com]
Sent: Wednesday, March 02, 2011 10:46 AM
To: Weir, Jason
Cc: Full Disclosure
Subject: Re: [Full-disclosure] Facebook URL Redirect
Vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2177-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
March 02, 2011
On 2011-03-02, at 06:30, Nathan Power wrote:
> There are 3 different steps to perform an attack using a URL redirect: 1)
> trick the user 2) redirect 3) exploit .. We are using a Facebook URL to
> trick the user, we are using the URL redirect as the catalyst to perform an
> exploit.
>
> Here are
On Mar 2, 2011, at 6:23 AM, Charles Morris wrote:
>> - ENCRYPTION IS POINTLESS WITHOUT AUTHENTICATION
>> BTW there really isn't a security difference between
>> encrypted-but-unauthenticated traffic and just plain unencrypted traffic.
>> The only "attacker" you're defeating is a casual observ
> > - ENCRYPTION IS POINTLESS WITHOUT AUTHENTICATION
> > BTW there really isn't a security difference between
> > encrypted-but-unauthenticated traffic and just plain unencrypted traffic.
> > The only "attacker" you're defeating is a casual observer,
>
> Fail. I hear the blackhats cackle as yo
===
Ubuntu Security Notice USN-1082-1March 02, 2011
pango1.0 vulnerabilities
CVE-2010-0421, CVE-2011-0020, CVE-2011-0064
===
A security issue affects the following Ubuntu rel
> - ENCRYPTION IS POINTLESS WITHOUT AUTHENTICATION
> BTW there really isn't a security difference between
> encrypted-but-unauthenticated traffic and just plain unencrypted traffic.
> The only "attacker" you're defeating is a casual observer,
Fail. I hear the blackhats cackle as you switch to t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:039
http://www.mandriva.com/security/
_
26 matches
Mail list logo
