Next Page >>
Hi there
Application: yaSSL
http://www.yassl.com
Versions: <= 1.7.5
Platforms: Windows and *nix
Bugs: A] buffer-overflow in ProcessOldClientHello
B] buffer-overflow in "input_buffer& operator>>"
C] invalid memory access in HASHwithTransform::Update
Exploitation: remote
Date: 04 Jan 2008
Author: Luigi Auriemma
Hello Sebastien!
You can confirm it by yourself. Just find a site on XAMPP (Google can help
you with it) and check the holes using PoCs which I provided.
> and what target of xampp is it ? win32 ? linux ?
As far as I remember last year when I found all these vulnerabilities in
XAMPP, it was XAMPP on Windows servers on all those sites where I found
these holes.
Hello MaXe!
> However, I just tested the vulnerability in chrome and the incidents were
> different.
As I said on my system it's solely Chrome DoS vulnerability. On my system
with Firefox 3.0.13 (and previous versions, when I tested them before) there
is not such issue, when Firefox was DoSed via Chrome, i.e. Cross-Application
DoS. Taking into account that you have this issue with Firefox 3.5.2, than
it can be problem with FF 3.5.x versions, which have tight integration with
Hello MustLive,
Thanks for your immediate reply.
I have now tested what you said, cause I suspected that it was only happening because Google Chrome was installed, due to FireFox isn't able to know what ``chromehtml:´´ is on its own. (it has to be associated with an application in this case).
The following would open a lot of windows, consuming most likely all ressources:
http://websecurity.com.ua/uploads/2009/Google%20Chrome%20DoS%20Exploit2.html
Hello,
the reported vulnerability allows logins to mail and probably other
services protected by plesk authentication modules on at least the
current Plesk 8.6.0 Unix/Linux and could eg. be used for relaying spam
through gained smtp auth priviledges.
Only systems which allow short mail login names (SHORTNAMES=1) are
affected, which is not the default but is eg. effective after migrating
from Confixx control panel or by administrators manual choice.
===========
Ossi Herrala and Jukka Taimisto of Codenomicon reported three
vulnerabilities in libgnutls of GnuTLS:
* "Client Hello" messages containing an invalid server name can lead
to a buffer overflow when evaluating "Security Parameters"
(CVE-2008-1948).
* Multiple "Client Hello" messages can lead to a NULL pointer
dereference (CVE-2008-1949).
Hello Susan and other readers, who replied to my previous advisory.
Earlier I've already answered Vladimir, now I'd answer Susan and soon I'd
answer John. But now one important note to every reader of the list,
including John Smith. Which I already wrote about 1,5 week ago (after
posting of a first advisory about DoS in browsers) to one reader of
Full-disclosure who inattentively read that advisory (he missed message
about attacking without JS) and also to Mozilla (who became discussing this
issue and only drew attention to attacking with JS vector). That, as I wrote
in both advisories, this attack via iframes can also be conducted without
Hello Susan!
> Pardon me, but you disclosed it at your site before you informed the
> developers?
Yes, and there is a reason for it. In 99% I use advanced responsible
disclosure approach for informing admins and web developers about
vulnerabilities. But in this time I used responsible full disclosure. I
wrote in details about all disclosure policies (including these ones) in my
article "Hacking of web sites, security researches, disclosure and
MustLive wrote:
> Hello Susan!
>
>> Pardon me, but you disclosed it at your site before you informed the
>> developers?
>
> Yes, and there is a reason for it. In 99% I use advanced responsible
Hello MaXe!
> Have you checked the newest aka (also known as) latest version which is
> actually: 1.7.3 ?
No, I didn't and there was a reason for it. All these 7 advisories were made
in 2009 (as it clear from Timeline which I made for all advisories). Only
now I sent them to Bugtraq. And that time XAMPP 1.7.1 was the latest
version.
Hello JoomlaJabber!
> I believe this is now resolved.....
You confused it with Joomla module 3D Cloud (mod_3dcloud). Which I wrote
about at my site and reported to Bugtraq at January.
3D Cloud developers didn't answer me, so I don't know fixed it or not, but
in this advisory I talked about another Joomla module. I wrote about module
3D user cloud for Joomla (mod_democbusr3dcloud, mod_cbusr3dcloud and
To: "Susan Bradley" <sbradcpa@pacbell.net>
Cc: <bugtraq@securityfocus.com>
Subject: Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
> Hello Susan and other readers, who replied to my previous advisory.
>
> Earlier I've already answered Vladimir, now I'd answer Susan and soon I'd
> answer John. But now one important note to every reader of the list,
> including John Smith. Which I already wrote about 1,5 week ago (after
> posting of a first advisory about DoS in browsers) to one reader of
Hello Matteo Valenza!
> how can i solve this issue quickly ?
There are the next solutions for you:
1. Wait until developers of CB Captcha released new fixed version of the
plugin. They are examining this vulnerability for some time already (at
least Beat, developer of CB Captcha 2.x, because from two authors only he
answered me). But Beat told me, that they will be releasing the new fixed
Hello Nick aka Nant and Bugtraq!
This Nant's letter I found some time ago (and now found time to write answer
on it) and I found it accidentally, because I'm not subscribed to Bugtraq
mailing list. So Nant and every reader of the list must take it into
account (and send letters to my email, if they want to contact me).
And this is that example of letter from developer, which I mentioned last
week at the list. Which clearly shows, that web developers ignore advisory
about holes in CaptchaSecurityImages.php itself, and only draw attention on
Hello Salvatore!
In my letter to Bugtraq (http://www.securityfocus.com/archive/1/511023),
which was mentioned in my advisory (you can read that letter, if you didn't
read it yet), I wrote about importance of making separate advisories of
vulnerabilities in software which are using CaptchaSecurityImages.php. And
reading of it is very recommending before writing me anything about issues
related to CaptchaSecurityImages.
> Still the same "bugs"?!
Hello Susan!
> Granted I can denial of service a browser just by loading up a horrible
> add in or just using a browser
DoS of the browser is already bad thing. And there are many risks for users
from DoS holes in browsers, which I wrote about in 2008 in my articles
Dangers of DoS attacks on browsers and Dangers of resources consumption DoS
attacks. But mostly browser developers ignore to fix these issues.
not find that 99% of them don't, rather I find that they do. Should you
have issues, would you consider emailing me first so I can introduce you
to contacts?
MustLive wrote:
> Hello Susan!
>
>> Granted I can denial of service a browser just by loading up a horrible
>> add in or just using a browser
>
> DoS of the browser is already bad thing. And there are many risks for
Hello Susan!
As I already wrote you and Adam earlier, every type of disclosure (including
full disclosure and responsible full disclosure) can be good in appropriate
situation. And I use that type of disclosure which is suitable for every
particular case.
Taking into account that 3 from 4 vendors answered me (except Microsoft) and
Google had already non affected Chrome 4, and Mozilla and Opera promised to
fix it (we'll see when and how they do it), then you can see that my
To: "Susan Bradley" <sbradcpa@pacbell.net>
Cc: <bugtraq@securityfocus.com>
Subject: Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome,
Opera and other browsers
> Hello Susan!
>
> As I already wrote you and Adam earlier, every type of disclosure
> (including
> full disclosure and responsible full disclosure) can be good in
> appropriate
Hello MaXe!
Thanks for information.
It's interesting why your Firefox 3.5.2 is vulnerable, because on my
computer only Chrome was vulnerable, and not Firefox 3.0.13 and other
browsers (Mozilla, IE6 and Opera). Yes, I have Chrome installed on the same
system and it does not affect other browsers (not in case of this DoS hole,
not in case of other holes which I found).
Hello Jeremiah!
It's possible that Microsoft made IE8 more stable then IE6, so you have such
result with this exploit.
Also take into account the hardware of your computer. If your computer is
powerful enough, then this attack on IE8 and even on IE6 and IE7 can be not
so effective (because it's resource consumption in case of IE as I wrote),
as it can be at not powerful computers. And many people in the world have
not so powerful computers.
Hello Bugtraq!
As I checked this DoS vulnerability today, it also works in IE7, besides
IE6.
Vulnerable version is Internet Explorer 7 (7.0.6000.16473) and previous
versions (and potentially next versions).
P.S.
Hello Susan!
If Microsoft did it, than it's good. But better for my opinion to do such as
in Windows XP Professional - not to disable admin account by default, but to
make password of default admin account similar to password of first admin
(during installation process). Because if default admin account will be
enabled later (with empty password) and will forget to set new password,
than it'll be much worse.
I'm not using Vista, so I can't check this issue on any of my computers. And
Configuring Windows 7 for a Limited User Account:
http://unixwiz.net/techtips/win7-limited-user.html
MustLive wrote:
> Hello Susan!
>
> If Microsoft did it, than it's good. But better for my opinion to do
> such as
> in Windows XP Professional - not to disable admin account by default,
> but to
factory nearby!
For if the public space is shrinking to oblivion, where any side-step
becomes suspect, and that, from an early age (deviant behavior
detection in nursery school), where moving without a mobile phone
becomes suspect (hello you Julien Coupat[7], a French political
prisoner in France!), there's a domain that the Leviathan would have a
lot of trouble to contain, and for a reason: that of sensitivity. Even
the desperate attempts of the State to block the free and premonitory
expression of sense (hello you Demeure du Chaos![8]) cannot do anything
against a loud laughter or a knowing glance, a sensual kiss or an
Date: Tue, Sep 2, 2008 at 1:14 PM
Subject: Re: Security flaw in airtel provided DSL modems
To: care.karnataka@airtel.in
Hello,
Following up on our conversations, I am sharing with you further details of this vulnerability. These problems have been confirmed in 220 bx series of DSL modems and are also present in a number of other modems.
1. The modems have accounts besides "admin" which have super-user [root, uid=guid=0] access. There accounts are "nobody", "user", "support". At the time of modem installation, Airtel staff usually
asks the subscriber to change his/her "admin" password on the modem - but people rarely do [can be verified by logging in using default admin password on random airtel modem IPs]. The passwords for (and even the existance of) the other accounts are not revealed.
There is a quite big problem with sleep() function in php,
The max_execution_time set to 60sec. in safe mode can be easy passed by using sleep() funcion, for example this script:
<?php
sleep(9999999);
echo 'Hello World';
?>
Will print hello world after 9999999 seconds... so max_execution_time simply dosnt work :P Why? we can find in manual:
"max_execution_time only affect the execution time of the script itself. Any time spent on activity that happens outside the execution of the script such as system calls using system(), stream operations, database queries, etc. is not included when determining the maximum time that the script has been running."
including sleep() :P
We can use this vuln to run out memory on web/php hosting:
gogulas@wp.pl wrote:
> There is a quite big problem with sleep() function in php,
> The max_execution_time set to 60sec. in safe mode can be easy passed by using sleep() funcion, for example this script:
> <?php
> sleep(9999999);
> echo 'Hello World';
> ?>
> Will print hello world after 9999999 seconds... so max_execution_time simply dosnt work :P Why? we can find in manual:
> "max_execution_time only affect the execution time of the script itself. Any time spent on activity that happens outside the execution of the script such as system calls using system(), stream operations, database queries, etc. is not included when determining the maximum time that the script has been running."
> including sleep() :P
> We can use this vuln to run out memory on web/php hosting:
>> There is a quite big problem with sleep() function in php, The
>> max_execution_time set to 60sec. in safe mode can be easy passed by using
>> sleep() funcion, for example this script:
>> <?php
>> sleep(9999999);
>> echo 'Hello World';
>> ?>
>> Will print hello world after 9999999 seconds... so max_execution_time
>> simply dosnt work :P Why? we can find in manual:
>> "max_execution_time only affect the execution time of the script itself.
>> Any time spent on activity that happens outside the execution of the script
|> >> There is a quite big problem with sleep() function in php, The
|> >> max_execution_time set to 60sec. in safe mode can be easy passed by using
|> >> sleep() funcion, for example this script:
|> >> <?php
|> >> sleep(9999999);
|> >> echo 'Hello World';
|> >> ?>
|> >> Will print hello world after 9999999 seconds... so max_execution_time
|> >> simply dosnt work :P Why? we can find in manual:
|> >> "max_execution_time only affect the execution time of the script itself.
|> >> Any time spent on activity that happens outside the execution of the script
Next Page>>
|
