gmane.comp.security.full-disclosure

Mrfetch Paul Carnes YouTube

Sock Puppet — 2008-07-05T23:19:30

_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[SECURITY] [DSA 1601-1] New wordpress packagesfix several vulnerabilities

Thijs Kinkhorst — 2008-07-04T07:16:56

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1601-1 security< at >debian.org http://www.debian.org/security/ Thijs Kinkhorst July 04, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : wordpress Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-1599 CVE-2008-0664 Debian Bug : 437085 464170 Several remote vulnerabilities have been discovered in Wordpress, the weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1599 WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information. CVE-2008-0664 The XML-RPC implementation, when registration is enabled, allows remote attackers to

[SECURITY] [DSA 1602-1] New pcre3 packages fixarbitrary code execution

Florian Weimer — 2008-07-05T12:37:12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1602-1 security< at >debian.org http://www.debian.org/security/ Florian Weimer July 05, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : pcre3 Vulnerability : buffer overflow Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2008-2371 Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution. For the stable distribution (etch), this problem has been fixed in version 6.7+7.4-4. For the unstable distribution (sid), this problem has been fixed soon. We recommend that you upgrade your pcre3 packa

[ MDVSA-2008:135 ] - Updated gnome-screensaverpackages fix authentication vulnerability

2008-07-05T03:17:00

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:135 http://www.mandriva.com/security/ _______________________________________________________________________ Package : gnome-screensaver Date : July 4, 2008 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability was found in gnome-screensaver 2.20.0 that could possibly allow a local user to read the clipboard contents and X selection data for a locked session by using CTRL-V (CVE-2007-6389). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6389 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 5d98cc0c0

[ MDVSA-2008:134 ] - Updated squid packages fixDoS vulnerability

2008-07-05T00:27:00

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:134 http://www.mandriva.com/security/ _______________________________________________________________________ Package : squid Date : July 4, 2008 Affected: 2007.1, 2008.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: An incorrect fix for CVE-2007-6239 resulted in Squid not performing proper bounds checking when processing cache update replies. Because of this, a remote authenticated user might have been able to trigger an assertion error and cause a denial of service (CVE-2008-1612). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-

[ MDVSA-2008:133 ] - Updated sympa packages fixDoS vulnerability

2008-07-04T22:46:00

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:133 http://www.mandriva.com/security/ _______________________________________________________________________ Package : sympa Date : July 4, 2008 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: A denial of service condition was discovered in Sympa versions prior to 5.4 that allowed remote attackers to crash the Sympa daemon via a malformed email message (CVE-2008-1648). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1648 _______________________________________________________________________ Updated Packages: Corporate 4.0: 655a68493320ad7bb781763f2e772a8f corporat

[ MDVSA-2008:132 ] - Updated gnome-screensaverpackages fix authentication vulnerability

2008-07-04T22:26:00

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:132 http://www.mandriva.com/security/ _______________________________________________________________________ Package : gnome-screensaver Date : July 4, 2008 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability was found in gnome-screensaver prior to 2.22.1 when a remote authentication server was enabled. During a network outage, gnome-screensaver would crash upon an unlock attempt, allowing physically local users to gain access to locked sessions (CVE-2008-0887). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0887 ___________________________________________________

Re: Panda ActiveScan 2.0 remote code execution

Elazar Broad — 2008-07-04T21:39:35

"We are an impatient lot in this community." - well said... On Fri, 04 Jul 2008 08:59:40 -0400 "Randal T. Rioux" procyonlabs.com> wrote: -- Compete with the big boys. Click here to find products to benefit your business. http://tagline.hushmail.com/fc/Ioyw6h4eDJdoYMf9jwXhRS1vcQ5SY7Clj2fZDwCxnPavpwEfO6QAkA/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: Panda ActiveScan 2.0 remote code execution

Panda Security Response — 2008-07-04T21:08:13

The fixed version is now in production. Regards, ---------------------------------------------- Pedro Bustamante Senior Research Advisor Panda Security email: pedro.bustamante< at >pandasecurity.com <0xC684A6F9> vulns: secure< at >pandasecurity.com <0x70F3FEA0> phone: (+34) 91-8063700 blog: http://research.pandasoftware.com ---------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[ MDVSA-2008:131 ] - Updated phpMyAdmin packages fix multiple vulnerabilities

2008-07-04T20:58:00

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:131 http://www.mandriva.com/security/ _______________________________________________________________________ Package : phpMyAdmin Date : July 4, 2008 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: A few vulnerabilities and security-related issues have been fixed in phpMyAdmin since the 2.11.2.2 release. This update provides version 2.11.7 which is the latest stable release of phpMyAdmin and fixes CVE-2008-1149, CVE-2008-1567, CVE-2008-1924, and CVE-2008-2960. No configuration changes should be required since the previous update (version 2.11.2.2). If upgrading from older versions, it may be necessary to reconfigure phpMyAdmin. The configuration file is located in /etc/phpMyAdmin/. In most cases, it should be sufficient

Re: Panda ActiveScan 2.0 remote code execution

Robert Holgstad — 2008-07-04T14:25:29

zonedit.com e dns zone transfer

NetExpress — 2008-07-04T12:51:55

For it domain, nic.it do not act as default secondary dns, so anyone have a .it domain have to buy a secondary dns service if hasn't one. zoneedit.com sell this kind of service By default if you leave blank on permit zone forward box anyone on internet could make a zonetransfer. So You con have set an acl on your primary dns server, but thi is bypassed if you use secondary dns server it it is on zonedit.com with defalut configuration parameter. NetExpress _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: Panda ActiveScan 2.0 remote code execution

Randal T. Rioux — 2008-07-04T12:59:40

It takes a week to hit the "respond" button? At least be polite and read your mail, perhaps with a quick "stand by, we're looking into it" response so folks think you care. We are an impatient lot in this community. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: Panda ActiveScan 2.0 remote code execution

Charles Majola — 2008-07-04T11:41:54

Embarassing init? Panda Security Response wrote: _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: Panda ActiveScan 2.0 remote code execution

Panda Security Response — 2008-07-04T11:02:13

Please allow at least one week for us to respond before public disclousure. We only received this information a few days ago. Regards, ---------------------------------------------- Pedro Bustamante Senior Research Advisor Panda Security email: pedro.bustamante< at >pandasecurity.com <0xC684A6F9> vulns: secure< at >pandasecurity.com <0x70F3FEA0> phone: (+34) 91-8063700 blog: http://research.pandasoftware.com ---------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Panda ActiveScan 2.0 remote code execution

Karol Więsek — 2008-07-05T09:59:02

http://karol.wiesek.pl/files/panda.tgz K. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: Facebook script injection vulnerabilities

Jouko Pynnonen — 2008-07-04T09:46:05

The two remaining vulnerabilities seem to have been fixed today. Updated information: 7) Escaping JS sandbox with literal String reference Impact: execution of unrestricted JS on canvas pages or profiles (mouseclick required on profile pages) Browsers: FF Description: __parent__ property of a String object can be referenced using a literal expression and the "bracket syntax" to get a Window reference. Reported: June 21, 2008 Fixed: yes Example: "a"["__parent__"].eval("alert('any javascript here');"); 8) Escaping JS sandbox with literal RegExp reference Impact: execution of unrestricted JS on canvas pages or profiles (mouseclick required on profile pages) Browsers: FF Description: __parent__ property of a RegExp object can be referenced using a literal expression and the "bracket syntax" to get a Window reference. Reported: June 21, 2008 Fixed: yes Example: /a/["__parent__"].eval("alert('any javascript here');"); On Thu, Jul 3, 2008 at 2:01 AM, Jouko Pynnonen iki.fi> wrote:

[ MDVSA-2008:130 ] - Updated PHP packages fixmultiple vulnerabilities

2008-07-04T03:20:00

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:130 http://www.mandriva.com/security/ _______________________________________________________________________ Package : php4 Date : July 3, 2008 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: An integer overflow in the zip_read_entry() function in PHP prior to 4.4.5 allowed remote attackers to execute arbitrary code via a ZIP archive containing a certain type of entry that triggered a heap overflow (CVE-2007-1777). Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems (CVE-2008-2107, CVE-2008-2108). The updated packages

Re: n3td3v podcast

Ureleet — 2008-07-04T03:18:48

you figured me out! On Thu, Jul 3, 2008 at 5:09 PM, Arturo 'Buanzo' Busleiman buanzo.com.ar> wrote: _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[ MDVSA-2008:129 ] - Updated PHP packages fixmultiple vulnerabilities

2008-07-04T03:16:00

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:129 http://www.mandriva.com/security/ _______________________________________________________________________ Package : php4 Date : July 3, 2008 Affected: Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems (CVE-2008-2107, CVE-2008-2108). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107 http://cve

[ MDVSA-2008:126 ] - Updated PHP packages fixmultiple vulnerabilities

2008-07-03T23:55:00

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:126 http://www.mandriva.com/security/ _______________________________________________________________________ Package : php Date : July 3, 2008 Affected: 2007.1 _______________________________________________________________________ Problem Description: A number of vulnerabilities have been found and corrected in PHP: PHP 5.2.1 would allow context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with 'S:', which did not properly track the number of input bytes being processed (CVE-2007-1649). A vulnerability in the chunk_split() function in PHP prior to 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation (CVE-2007-4660). The htmlentities() and htmlspecialchars() functions in PHP