-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2472-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
May 15, 2012
Guys... Great! That's 2 of 3 issues!
Any eta on the previous bug reports? from my last email?
Package: gridengine
Vulnerability : privilege escalation
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0208
Dave Love discovered that users who are allowed to
On Tue, May 15, 2012 at 06:29:03PM -0700, Michael J. Gray wrote:
Ill clarify a bit.
If you log on to your Google account from the website and it prompts you for
additional security questions, you can circumvent this by simply checking
mail via POP or what have you and then it adds
I'm just copying the original message's part that probably answer your
question (I did not test it...):
From there, I attempted to log-in to my Google account with the same
username and password.
To my surprise, I was not presented with any questions to confirm my
identity.
This completes
Is available at:
http://waleedassar.blogspot.com/2012/05/resource-tuner-heap-overflow.html
Waliedassar
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Ill clarify a bit.
If you log on to your Google account from the website and it prompts you for
additional security questions, you can circumvent this by simply checking
mail via POP or what have you and then it adds your IP address to the list
of recognized addresses.
From: Thor (Hammer
I received this message from a Google employee. I figure since it's a
response to my post, it should go here as well.
It seems that by design there are cases where this exact situation can
happen. But I am very curious as to why they would ever permit this?
In the situation I had, it involved
I think what he was trying to say, and I'm not sure since I havnt tested
it, is that you can bypass the 2nd layer of authentication by logging into
IMAP. Cause normally if you try to login from a strange device Google
becomes highly suspicious and starts asking you questions(the 2nd layer)
and
Hello,
SVG is a XML-based file format for static or animated images. Some SVG
specifications (like SVG 1.1 and SVG Tiny 1.2) allow to trigger some
Java code when the SVG file is opened.
Given that I had to look at these features for a customer, I developed
some PoC codes which are now available
TL;DR
Submit here: http://sec-t.org/2012/cfp.html
Crack this: http://youtu.be/rMqZW0fFThc
TL;DR
CFP for the 5th annual SEC-T conference in Stockholm, Sweden is open!
This year the conference is held on the 13th and 14th of September.
Don't forget to try your hand at the challenge, this year
The story of the Linux kernel 3.x...
In 2005 everybody was exited about possibility of bypass ASLR on all
Linux 2.6 kernels because of the new concept called VDSO (Virtual
Dynamic Shared Object). More information about this story can be found
at the following link:
hi
someone report a security flaw of struts on wooyun,it allow you bypass
the struts's csrf protection without XSS
much more information here:
http://zone.wooyun.org/content/205
:)
___
Full-Disclosure - We believe in it.
Charter:
LongTail Video is a New York-based startup that has pioneered the web
video market. Our flagship product the - JW Player - is active on over
one million websites and streams billions of videos each month.
Someone has reported a xss security flaw of JW Player on wooyun,much
more information here:
Yeah, there's a bunch of wild stuff in SVG. The browsers ignore most of
it, AFAIK. I think Firefox is the only browser to even consider
ForeignObjects (which let you throw HTML back into SVG).
Probably the most interesting SVG thing is how they either do or don't have
script access, depending
Mario Heiderich did a lot of research on that, he found so many bugs
that allowed
to embed Javascript in SVG images.
Nice stuff Nick btw,
Cheers
antisnatchor
On Wed, May 16, 2012 at 10:13 AM, Dan Kaminsky d...@doxpara.com wrote:
Yeah, there's a bunch of wild stuff in SVG. The browsers ignore
Adam Zabrocki p...@pi3.com.pl wrote:
Btw. I wonder why no-one point this out before... Btw2. Go and write
reliable exploit for kernel 3.x ;p
You must be using CONFIG_COMPAT_VDSO, it's rarely used unless you need
compatibility with an ancient libc that was released during the narrow
window
Anything from img in any browser?
On Wed, May 16, 2012 at 2:25 AM, Michele Orru antisnatc...@gmail.comwrote:
Mario Heiderich did a lot of research on that, he found so many bugs
that allowed
to embed Javascript in SVG images.
Nice stuff Nick btw,
Cheers
antisnatchor
On Wed, May 16,
PRE-CERT Security Advisory
==
* Advisory: PRE-SA-2012-03
* Released on: 10 May 2012
* Affected product: Linux Kernel 3.3.x = 3.3.4
2.6.x = 2.6.35.13
* Impact: code execution / privilege escalation
* Origin: HFS plus file system
* Credit:
Hi Tavis,
I've checked with the same result:
*) Fedora 16
*) latest Ubuntu
*) latest Suse
Best regards,
Adam Zabrocki
--
pi3 (pi3ki31ny) - pi3 (at) pi3 com£ pl
http://pi3.com.pl
___
Full-Disclosure - We believe in it.
Charter:
Probably the most interesting SVG thing is how they either do or don't
have script access, depending on whether or not they're loaded as
img's.
Agreed. Uploading a SVG chameleon (SVG file triggering a XSLT
transformation) to a website allows to display nearly arbitrary content
if the file is
Kind of. You can still do some stuff from img in Opera.
http://kotowicz.net/opera/
On Wed, May 16, 2012 at 12:25 PM, Dan Kaminsky d...@doxpara.com wrote:
Anything from img in any browser?
On Wed, May 16, 2012 at 2:25 AM, Michele Orru antisnatc...@gmail.com
wrote:
Mario Heiderich did a lot
I've made a video tutorial about buffer overflows take a look and share it
if you like it!
Video tutorial: http://www.youtube.com/watch?v=yPKCSXK8ZYo
Enjoy!
___
Full-Disclosure - We believe in it.
Charter:
Adam Zabrocki p...@pi3.com.pl wrote:
Hi Tavis,
I've checked with the same result:
*) Fedora 16 *) latest Ubuntu *) latest Suse
Best regards, Adam Zabrocki
You must be doing something unusual, are these stock kernels?
Those distributions all have good security teams who certainly
are you serious?, if so...this is how that technique will work in the real
world: http://surfwithberserk.com/img/funny/epic_fails/24.jpg
On May 16, 2012, at 5:48 AM, Juan Sacco wrote:
I've made a video tutorial about buffer overflows take a look and share it
if you like it!
Video
I can't reproduce with current openSUSE 12.1...
sh-4.2$ uname -rop
3.1.10-1.9-desktop x86_64 GNU/Linux
sh-4.2$ lsb-release -ri
Distributor ID: SUSE LINUX
Release:12.1
sh-4.2$ cat /proc/self/maps | grep vdso
7fff48b58000-7fff48b59000 r-xp 00:00 0 [vdso]
Uploading a SVG chameleon (SVG file triggering a XSLT
transformation) to a website allows to display nearly arbitrary
content if the file is called directly.
In order to demonstrate this point _and_ the weird Opera behavior, I put
online a SVG chameleon and a HTML file calling it via img:
Hi Tavis,
Don't know why you don't believe me :) Anyway:
1) Suse:
linux-1n2n:~ # cat /etc/SuSE-release
openSUSE 12.1 (i586)
VERSION = 12.1
CODENAME = Asparagus
linux-1n2n:~ # uname -a
Linux linux-1n2n.site 3.1.0-1.2-default #1 SMP Thu Nov 3 14:45:45 UTC
2011 (187dde0) i686 i686 i386 GNU/Linux
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module
when allocating memory for an embedded image object
Reference: http://www.openoffice.org/security/cves/CVE-2012-1149.html
Severity: Important
Vendor: The Apache Software
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
CVE-2012-2149 OpenOffice.org memory overwrite vulnerability
Reference: http://www.openoffice.org/security/cves/CVE-2012-2149.html
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
OpenOffice.org 3.3 and 3.4 Beta, on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files
in OpenOffice.org 3.3.0
Reference: http://www.openoffice.org/security/cves/CVE-2012-2334.html
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
View online: http://drupal.org/node/1585532
* Advisory ID: DRUPAL-SA-CONTRIB-2012-076
* Project: Ubercart Product Keys [1] (third-party module)
* Version: 6.x
* Date: 2012-May-16
* Security risk: Moderately Critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: http://drupal.org/node/1585544
* Advisory ID: DRUPAL-SA-CONTRIB-2012-077
* Project: Advertisement [1] (third-party module)
* Version: 6.x
* Date: 2012-May-16
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting,
View online: http://drupal.org/node/1585564
* Advisory ID: DRUPAL-SA-CONTRIB-2012-078
* Project: Smart Breadcrumb [1] (third-party module)
* Version: 6.x
* Date: 2012-May-16
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1585648
* Advisory ID: DRUPAL-SA-CONTRIB-2012-079
* Project: Post Affiliate Pro [1] (third-party module)
* Version: 6.x
* Date: 2012-May-16
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting, Access
View online: http://drupal.org/node/1585678
* Advisory ID: DRUPAL-SA-CONTRIB-2012-080
* Project: Hostmaster (Aegir) [1] (third-party module)
* Version: 6.x
* Date: 2012-May-16
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Multiple vulnerabilities
Adam Zabrocki p...@pi3.com.pl wrote:
Hi Tavis,
Don't know why you don't believe me :) Anyway:
I don't believe any distribution stock kernel enabled it, because this is
just too simple to get wrong. But if they have, we need to find out who
enabled it so you can file bugs in the appropriate
On Wed, May 16, 2012 at 07:54:13PM +0200, Nicolas Surribas wrote:
I can't reproduce with current openSUSE 12.1...
sh-4.2$ uname -rop
3.1.10-1.9-desktop x86_64 GNU/Linux
sh-4.2$ lsb-release -ri
Distributor ID: SUSE LINUX
Release:12.1
sh-4.2$ cat /proc/self/maps | grep vdso
Tavis Ormandy tav...@cmpxchg8b.com wrote:
Adam Zabrocki p...@pi3.com.pl wrote:
Hi Tavis,
Don't know why you don't believe me :) Anyway:
I don't believe any distribution stock kernel enabled it, because this is
just too simple to get wrong. But if they have, we need to find out who
On Wed, May 16, 2012 at 10:23:19PM +0200, Tavis Ormandy wrote:
Tavis Ormandy tav...@cmpxchg8b.com wrote:
Adam Zabrocki p...@pi3.com.pl wrote:
Hi Tavis,
Don't know why you don't believe me :) Anyway:
I don't believe any distribution stock kernel enabled it, because this is
View online: http://drupal.org/node/1585890
* Advisory ID: DRUPAL-SA-CONTRIB-2012-081
* Project: Aberdeen [1] (third-party theme)
* Version: 6.x
* Date: 2012-May-16
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: http://drupal.org/node/1585960
* Advisory ID: DRUPAL-SA-CONTRIB-2012-082
* Project: Zen [1] (third-party theme)
* Version: 6.x
* Date: 2012-May-16
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
On Wed, May 16, 2012 at 11:49:40PM +0200, Adam Zabrocki wrote:
Hi Tavis,
Yes this is stock kernels and yes you must believe it is so simple mistake ;)
All systems was installed as VM in default installation using official ISOs.
And of course this is configuration mistake not kernel
But we're making progress, we now know that opensuse on x86 is broken.
Is VSYSCALL at a fixed address a similar problem? My Ubuntu boxes indeed
have this mapped at the fixed location mentioned.
--Dan
___
Full-Disclosure - We believe in it.
Charter:
On Wed, May 16, 2012 at 02:39:44PM -0700, Dan Kaminsky wrote:
But we're making progress, we now know that opensuse on x86 is broken.
Is VSYSCALL at a fixed address a similar problem? My Ubuntu boxes indeed
have this mapped at the fixed location mentioned.
--Dan
Not unless you can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2473-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
May 16, 2012
On Wed, 16 May 2012, Tavis Ormandy wrote:
Apparently so. Originally you said Gentoo, Fedora 16 and Ubuntu. Can
you confirm that you were wrong and it is just a SuSE ia32 problem?
[root@ boot]# lsb_release -a
LSB Version::core-4.0-amd64:core-4.0-noarch
Distributor ID: Fedora
46 matches
Mail list logo