gmane.comp.security.bugtraq

CFP: Hacktivity 2012, October 12-13, Budapest, Hungary

Attila Bartfai — 2012-05-24T13:57:50

Hi,

Hacktivity is the largest IT Security Festival in CEE region which
will be held between October 12-13 2012 in Budapest, Hungary.

Hacktivity festival traditionally brings together the official and
alternative representatives of information security profession with
all those interested in the area, in an informal, yet educational, and
usually deep into the technical form.

We are seeking submissions for both two days conference track & 40
minutes "Hello workshops" in the following areas:

mobile device vulnerabilities, hardware hacking,  attack vectors of
telecommunication networks, network security, security of operating
systems, browser based attacks, misuse of popular applications,
database security,  information gathering from business applications,
malicious and mobile codes, hacking tools, information warfare,
cyber-crime, hacker subculture, social engineering, digital forensics
etc.

We had a privilege to welcome as a speaker in the pas years for
example: Bruce Schneier, Peter Szor, Joe McCray,

GreHack 2012 - Call For Papers (Grenoble, France)

Fabien DUCHENE — 2012-05-25T11:11:55

*GreHack 2012* 2nd Call For Papers
http://ensiwiki.ensimag.fr/index.php/GreHack-2012-english
GreHack 2012 conference will be held in Grenoble (French Alps), France
and brings together students, academia, industry and gov in order to
exchange knowledge around emerging issues in the security + hacking
world.
During the night, a Capture The Flag will take place.


*Suggested Topics (not limited to)*
http://ensiwiki.ensimag.fr/index.php/GreHack_2012-Call_For_Presentation-english
- Track: ethical and legal
 -- greyhat hacking: a consumer advance, or a risque for worlwide security?
 -- current state of laws relative to cyber-security and hacking +
justified suggestions of modifications

- Track: technical
 -- Hadopi: why is it a technical and legal failure? how to exploit
in memory vulnerabilities of Hadopi approved software?

 -- In Memory Vulnerabilities
   --- Windows 8: heap analysis, kernel structures and new memory protections
   --- Exploit Corner: come present us your last sploit!

 -- Hardcore Pe

Multiple vulnerabilities in LogAnalyzer

Filippo Cavallarin — 2012-05-23T12:10:25

Advisory ID:CSA-12005
Title:Multiple vulnerabilities in LogAnalyzer
Product:LogAnalyzer
Version:3.4.2 and probably prior
Vendor:adiscon.com
Vulnerability type:SQL injection, XSS, Arbitrary File Read
Risk level:2 / 3
Credit:www.codseq.it
CVE:
Vendor notification:2012-05-21
Public disclosure:2012-05-23


Details

LogAnalyzer version 3.4.2 and probably below suffers from multiple vulnerabilities:

- SQL Injection

1) The script admin/views.php contains a SQL-Injection vulnerability when used to create a new view. It can be exploited by a non-admin user (with write access) to insert arbitrary data into logcon_views table.
The vulnerability exists due to the failure in the script to sanytize the POST variable "Columns" before use it to build a SQL query.

This PoC creates an arbitrary record into logcon_views table.


<form method=post action="http://127.0.0.1/loganalyzer-3.4.2/admin/views.php">
<input name="DisplayName" value="dontcare">
<input name="isuseronly" value="2">
<input name="Columns[]" valu

Multiple vulnerabilities in Pligg CMS

2012-05-23T10:07:42

Advisory ID: HTB23089
Product: Pligg CMS 
Vendor: Pligg, LLC.
Vulnerable Version(s): 1.2.1 and probably prior
Tested Version: 1.2.1
Vendor Notification: 25 April 2012 
Vendor Patch: 18 May 2012 
Public Disclosure: 23 May 2012 
Vulnerability Type: Local File Inclusion, Cross-Site Scripting (XSS) 
CVE References: CVE-2012-2435, CVE-2012-2436
Solution Status: Fixed by Vendor
Risk Level: Medium 
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.com/advisory/ ) 

-----------------------------------------------------------------------------------------------

Advisory Details:

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Pligg CMS , which can be exploited to perform Cross-Site Scripting (XSS) and Local File Inclusion attacks.


1) Multiple Cross-Site Scripting (XSS) in Pligg CMS: CVE-2012-2436

1.1 Input passed via the arbitrary (any) GET parameter to /admin/admin_index.php is not properly sanitised before being returned to the user.
This can be explo

Multiple XSS in pragmaMx

2012-05-23T10:07:34

Advisory ID: HTB23090
Product: pragmaMx
Vendor: pragmaMx Team
Vulnerable Version(s): 1.12.1 and probably prior
Tested Version: 1.12.1
Vendor Notification: 2 May 2012 
Vendor Patch: 4 May 2012 
Public Disclosure: 23 May 2012 
Vulnerability Type: Cross-Site Scripting (XSS)
CVE Reference: CVE-2012-2452
Solution Status: Fixed by Vendor
Risk Level: Medium 
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.com/advisory/ ) 

-----------------------------------------------------------------------------------------------

Advisory Details:

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in pragmaMx, which can be exploited to perform Cross-Site Scripting (XSS) attacks.


1) Multiple Cross-Site Scripting (XSS) in pragmaMx: CVE-2012-2452

1.1 Input passed via a name of a GET parameter to modules.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in administrator's browser session in con

[SECURITY] [DSA 2480-1] request-tracker3.8 security update

Moritz Muehlenhoff — 2012-05-24T17:37:03

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2480-1                   security< at >debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
May 24, 2012                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : request-tracker3.8
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-2082 CVE-2011-2083 CVE-2011-2084 CVE-2011-2085 
                 CVE-2011-4458 CVE-2011-4459 CVE-2011-4460

Several vulnerabilities were discovered in Request Tracker, an issue
tracking system:

CVE-2011-2082

   The vulnerable-passwords scripts introduced for CVE-2011-0009
   failed to correct the password hashes of disabled users.

CVE-2011-2083

   Several cross-site scripting issues have been discovered.

CVE-2011-2084

   Password hashes could be disclosed by p

[ MDVSA-2012:081 ] firefox

2012-05-24T14:48:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:081
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : firefox
 Date    : May 24, 2012
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Security issues were identified and fixed in mozilla firefox:
 
 Mozilla developers identified and fixed several memory safety
 bugs in the browser engine used in Firefox and other Mozilla-based
 products. Some of these bugs showed evidence of memory corruption
 under certain circumstances, and we presume that with enough effort
 at least some of these could be exploited to run arbitrary code
 (CVE-2012-0468, CVE-2012-0467).
 
 Using the Address Sanitizer tool, security researcher Aki Helin from
 OUSPG found that IDBKeyRange of indexedDB re

[SECURITY] [DSA 2479-1] libxml2 security update

Moritz Muehlenhoff — 2012-05-23T19:39:41

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2479-1                   security< at >debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
May 23, 2012                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libxml2
Vulnerability  : off-by-one
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3102

Jueri Aedla discovered an off-by-one in libxml2, which could result in
the execution of arbitrary code.

For the stable distribution (squeeze), this problem has been fixed in
version 2.7.8.dfsg-2+squeeze4.

For the unstable distribution (sid), this problem has been fixed in
version 2.7.8.dfsg-9.1.

We recommend that you upgrade your libxml2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked q

[SECURITY] [DSA 2478-1] sudo security update

Moritz Muehlenhoff — 2012-05-23T19:30:06

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2478-1                   security< at >debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
May 23, 2012                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : sudo
Vulnerability  : parsing error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2012-2337

It was discovered that sudo misparsed network masks used in Host and
Host_List stanzas. This allowed the execution of commands on hosts,
where the user would not be allowed to run the specified command.

For the stable distribution (squeeze), this problem has been fixed in
version 1.7.4p4-2.squeeze.3.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your sudo packages.

Further information about Debian Security Advi

[ MDVSA-2012:080 ] wireshark

2012-05-23T14:54:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:080
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : May 23, 2012
 Affected: 2011.
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities was found and corrected in Wireshark:
 
 It may be possible to make Wireshark hang for long or indefinite
 periods by injecting a malformed packet onto the wire or by convincing
 someone to read a malformed packet trace file.
 
 It may be possible to make Wireshark crash by injecting a malformed
 packet onto the wire or by convincing someone to read a malformed
 packet trace file.
 
 This advisory provides the latest version of Wireshark (1.6.8) which
 is not vulnerable to these issues.
 __________________________________________

ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities

2012-05-22T18:55:33

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities. 

EMC Identifier: ESA-2012-020 
CVE Identifier: CVE-2012-0409 

Severity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 

Affected products:
EMC AutoStart 5.3.x 
EMC AutoStart 5.4.x 

Summary: 

EMC AutoStart contains multiple buffer overflow vulnerabilities which can be exploited to potentially cause a denial of service, or possibly, execute arbitrary code within the context of the affected application.
 
Details:
 
Security flaws were detected in AutoStart where malicious packets could be sent to agents to cause buffer overflow. Message could be modified to send values, which could then be used in performing arithmetic operations which in turn is used to allocate memory. Memory corruption resulting from such allocations can be exploited to gain remote code execution, cause crashes or repeated restarting of AutoStart agents affecting availability of agents.

Tftpd32 DHCP Server Denial Of Service Vulnerability

2012-05-21T14:05:37

Title: Tftpd32 DHCP Server Denial Of Service Vulnerability
Software : Tftpd32

Software Version : v4.00

Vendor: http://tftpd32.jounin.net/ 

Vulnerability Published : 2012-05-21

Vulnerability Update Time :

Status : 

Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P)

Bug Description :
Tftpd32 is a free tftp and dhcp server for windows, freeware tftp server.
The tftpd32's dhcp server does not identify whether the real source mac address of dhcp discover packet is the same as client hardware address in payload of 

dhcp discover packet, so that attacker can makes evil dhcp discover packets to cram dhcp client list of the dhcp server, and then no one can gain ip address 

from the dhcp server.

Solution :
Like the other dhcp server, the tftpd32's dhcp server can drop the dhcp discover packet when it was detected the different between source mac address of dhcp 

discover packet and client hardware address in payload of dhcp discover packet.

Proof Of Concept :
------------------------------------

[Announcement] CHMag's Issue 28, May 2012 Released

2012-05-21T05:57:04

Dear All,

Here we are with our 28th issue of ClubHack Magazine.

This issue covers following articles:-

0x00 Tech Gyan - Steganography over converted channels
0x01 Tool Gyan - Kautilya
0x02 Mom's Guide - HTTPS (Hyper Text Transfer Protocol Secure)
0x03 Legal Gyan - Section 66C - Punishment for identity theft
0x04 Code Gyan - Dont Get Injected  Fix Your Code
0x05 Poster - "Look both side before crossing one way track"

Check http://chmag.in/ for articles.
PDF version can be download from:- http://chmag.in/issue/may2012.pdf

Send us your feedback, articles at info< at >chmag.in

Regards,
Team CHMag
http://chmag.in

[SECURITY] [DSA 2477-1] sympa security update

Florian Weimer — 2012-05-20T18:54:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2477-1                   security< at >debian.org
http://www.debian.org/security/                            Florian Weimer
May 20, 2012                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : sympa
Vulnerability  : authorization bypass
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2012-2352
Debian Bug     : 

Several vulnerabilities have been discovered in Sympa, a mailing list
manager, that allow to skip the scenario-based authorization
mechanisms. This vulnerability allows to display the archives
management page, and download and delete the list archives by
unauthorized users.

For the stable distribution (squeeze), this problem has been fixed in
version 6.0.1+dfsg-4+squeeze1.

For the testing distribution (wheezy), this problem will be fixed
so

PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version

2012-05-20T09:56:26

<?php

######################################### www.bugreport.ir  
########################################
#
# Title:                  PHP CGI Argument Injection Remote Exploit  
V0.3 - PHP Version
# Vendor:                 http://www.php.net
# Vulnerable Version:     PHP up to version 5.3.12 and 5.4.2
# Exploitation:           Remote
# Original Advisory:       
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
# Original Exploit URL:   http://www.bugreport.ir/79/exploit.htm
# CVE:                    CVE-2012-1823
# Coded By:               Mostafa Azizi (admin[< at >]0-Day[dot]net)
###################################################################################################

/* This tool may be used for legal purposes only.  Users take full  
responsibility for any actions performed using this tool.
The author accepts no liability for damage caused by this tool.  If  
these terms are not acceptable to you, then do not use this tool.*/

error_reporting(0);
ini_set("max_execution_time",0);
ini_se

[SECURITY] [DSA 2476-1] pidgin-otr security update

Jonathan Wiltshire — 2012-05-19T19:30:04

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2476-1                   security< at >debian.org
http://www.debian.org/security/                        Jonathan Wiltshire
May 19, 2012                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pidgin-otr
Vulnerability  : format string vulnerability
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2012-2369
Debian Bug     : 673154

intrigeri discovered a format string error in pidgin-otr, an off-the-record
messaging plugin for Pidgin.

This could be exploited by a remote attacker to cause arbitrary code to
be executed on the user's machine.

The problem is only in pidgin-otr. Other applications which use libotr are
not affected.

For the stable distribution (squeeze), this problem has been fixed in
version 3.2.0-5+squeeze1.

For the testing distributio

Call for Papers: The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012)

Call for papers — 2012-05-19T08:21:20

Call for Papers: The 7th International Conference for Internet 
Technology and Secured Transactions (ICITST-2012)

Apologies for cross-postings.

Kindly email this call for papers to your colleagues,
faculty members and postgraduate students.


CALL FOR PAPERS

*********************************************************
Papers: The 7th International Conference for Internet Technology and 
Secured Transactions (ICITST-2012)
Technical Co-Sponsored by IEEE UK/RI Computer Chapter
December 10-12, 2012, London, United Kingdom
www.icitst.org
*********************************************************

The 7th International Conference for Internet Technology and Secured
Transactions (ICITST-2012) is Technical Co-Sponsored by IEEE UK/RI 
Computer Chapter.
The ICITST is an international refereed conference dedicated to the 
advancement of the
theory and practical implementation of secured Internet transactions and 
to fostering
discussions on information technology evolution. The ICITST aims to 
provide a highly
professio

[ MDVSA-2012:079 ] sudo

2012-05-21T16:05:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:079
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : sudo
 Date    : May 21, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in sudo:
 
 A flaw exists in the IP network matching code in sudo versions 1.6.9p3
 through 1.8.4p4 that may result in the local host being matched
 even though it is not actually part of the network described by the
 IP address and associated netmask listed in the sudoers file or in
 LDAP. As a result, users authorized to run commands on certain IP
 networks may be able to run commands on hosts that belong to other
 networks not explicitly listed in sudoers (CVE-2012-2337
 
 The upda

New Open Source Web Application Vulnerability Scanner Available

2012-05-16T23:30:29

Hi All,

There is a new web application vulnerability scanner available. It is called WebVulScan and it is open source. Here is the link for it if you want to check it out: http://code.google.com/p/webvulscan/

Regards,

Dermot Blair

[SECURITY] [DSA 2475-1] openssl security update

Raphael Geissert — 2012-05-17T23:14:31

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2475-1                   security< at >debian.org
http://www.debian.org/security/                          Raphael Geissert
May 17, 2012                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssl
Vulnerability  : integer underflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2012-2333

It was discovered that openssl did not correctly handle explicit
Initialization Vectors for CBC encryption modes, as used in TLS 1.1,
1.2, and DTLS. An incorrect calculation would lead to an integer
underflow and incorrect memory access, causing denial of service
(application crash.)

For the stable distribution (squeeze), this problem has been fixed in
version 0.9.8o-4squeeze13.

For the testing distribution (wheezy), and the unstable distribution
(sid), this

[security bulletin] HPSBOV02780 SSRT100766 rev.1 - HP OpenVMS ACMELOGIN, Local Unauthorized

2012-05-17T22:16:06

Access and Increased Privileges

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03333494

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03333494
Version: 1

HPSBOV02780 SSRT100766 rev.1 - HP OpenVMS ACMELOGIN, Local Unauthorized
Access and Increased Privileges

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2012-05-17
Last Updated: 2012-05-17

Potential Security Impact: Local unauthorized access and increased
priviileges

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with OpenVMS ACMELOGIN
when SYS$ACM system service for authentication is enabled. The vulnerability
could be locally exploited to allow unauthorized access and increased
privileges.

References: CVE-2012-2010

SUPPORTED SOFTWARE