Next Page >>
Nov
On Mon, 30 Nov 2009 16:48:49 +0100
John Dos <dotdefeater@googlemail.com> wrote:
> Problem Description
> ===================
>
> A remote command execution vulnerability exists in the dotDefender
> (3.8-5) Site Management.
>
>
--------------------/Response/--------------------
[...]
<br>
uid=33(www-data) gid=33(www-data) groups=33(www-data)
total 12
drwxr-xr-x 3 root root 4096 Nov 23 02:37 .
drwxr-xr-x 9 root root 4096 Nov 23 02:37 ..
drwxr-xr-x 7 www-data 99 4096 Nov 23 07:11 admin
/usr/local/APPCure-full/lib/admin
uid=33(www-data) gid=33(www-data) groups=33(www-data)
total 12
The server encountered an internal error while processing this request."
Here is the access log fragment of this request (I tried it
multiple times):
192.168.1.5 hz.t-online.de - [22/Nov/2008:17:02:12 +0100] "GET /isapi/users.txt HTTP/1.1" 500 339
192.168.1.5 hz.t-online.de - [22/Nov/2008:17:02:13 +0100] "GET /favicon.ico HTTP/1.1" 200 973
192.168.1.5 hz.t-online.de - [22/Nov/2008:17:05:12 +0100] "GET /isapi/users.txt HTTP/1.1" 500 339
192.168.1.5 hz.t-online.de - [22/Nov/2008:17:05:14 +0100] "GET /isapi/users.txt HTTP/1.1" 500 339
192.168.1.5 hz.t-online.de - [22/Nov/2008:17:05:14 +0100] "GET /isapi/users.txt HTTP/1.1" 500 339
192.168.1.5 hz.t-online.de - [22/Nov/2008:17:05:14 +0100] "GET /isapi/users.txt HTTP/1.1" 500 339
Whats interesting is that the hexview patching the bug itself is trivial
from the assembly (not taking into account the work encountered from bin patching
itself) and I know many organizations attempted to put a lot of pressure
to get it patched and failed to do so
On Sun, 18 Nov 2007, Juha-Matti Laurio wrote:
> Date: Sun, 18 Nov 2007 01:58:02 +0200 (EET)
> From: Juha-Matti Laurio <juha-matti.laurio@netti.fi>
> To: CaseArmour.net Security Administrator <security@casearmour.net>,
> bugtraq@securityfocus.com, frankruder@hotmail.com,
was expecting that fixes would be available within several weeks (rather
than several months) of confirmation of the vulnerability.
2007-10-29: Email from Lotus Notes Security indicating that delaying
publication of Core’s advisory for 30 days would provide enough time to
release fixed. Coordinated release of fixes and information suggested for
Nov. 27th, 2007. Official statement provided for Core’s advisory. Response
from Core is expected by EOD.
2007-10-29: Email from Core’s advisory team indicating that now that a
specific date for availability of fixes was provided Core is willing to
reschedule publication of the advisory to November 27th, 2007. However, if
there are any indications of the bug being exploited “in the wild€?
PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method
Vulnerability found: 7 November 2007
Vendor contacted: 14 November 2007
Risk factor: N/A
The reason why we didn't consider this vulnerability a security risk is because the attacker needs to force the victim's browser to submit a malformed HTTP method.
** FreeBSD local r00t 0day
Discovered & Exploited by Nikolaos Rangos also known as Kingcope.
Nov 2009 "BiG TiME"
"Go fetch your FreeBSD r00tkitz" // http://www.youtube.com/watch?v=dDnhthI27Fg
There is an unbelievable simple local r00t bug in recent FreeBSD versions.
I audited FreeBSD for local r00t bugs a long time *sigh*. Now it pays out.
The bug resides in the Run-Time Link-Editor (rtld).
team to determine fix and release date. Earliest potential ship date for
a fix is February 2010".
. 2009-10-23:
Core sends email to MSRC indicating that publication of the advisory has
been re-scheduled to November 10 2009 and it is open to delaying it
further up to the second Tuesday of December 2009 if MSRC is willing to
provide: a)detailed technical explanations of the bugs, b)the full list
of vulnerable platforms and c)a firm commitment to a release date for
the fixes. Core also says that if Microsoft can not target the next IE
patch release cycle, Core would rather publish the advisory to let other
> Oct. 20. 2008: Vendor acknowledges receiving our email.
> Not commenting on the vulnerability itself.
> Oct. 27. 2008: Sent update to vendor, also requesting a status report.
> Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
> Oct. 30. 2008: Sent additional information.
> Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
> version.
> Nov. 20. 2008: Public disclosure.
> Jun. 18. 2009: Full-Disclosure.
>
>-----------------------------
Vendor fix this flaw in cvs on 10.10.2007.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/bgplg/bgplg.c
Updated version OpenBSD 4.2 which was released Nov 1, 2007 is NOT
vulnerable.
>> Oct. 20. 2008: Vendor acknowledges receiving our email.
>> Not commenting on the vulnerability itself.
>> Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>> Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>> Oct. 30. 2008: Sent additional information.
>> Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>> version.
>> Nov. 20. 2008: Public disclosure.
>> Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>> Oct. 20. 2008: Vendor acknowledges receiving our email.
>>> Not commenting on the vulnerability itself.
>>> Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>> Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>> Oct. 30. 2008: Sent additional information.
>>> Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>> version.
>>> Nov. 20. 2008: Public disclosure.
>>> Jun. 18. 2009: Full-Disclosure.
>>>
>>> -----------------------------
This vulnerability was reported to Samba developers by
Alin Rad Pop, Secunia Research.
The time line is as follows:
* Nov 22, 2007: Initial report to security@samba.org.
* Nov 22, 2007: First response from Samba developers confirming
the bug along with a proposed patch.
* Dec 10, 2007: Public security advisory made available.
Obviously some people are far more articulate than me.
---------- Forwarded message ----------
Date: Thu, 1 Nov 2007 16:47:17 -0400
From: PinkFreud <pf-botnets@mirkwood.net>
To: Gary Flynn <flynngn@jmu.edu>
Cc: botnets@whitestar.linuxbox.org
Subject: Re: [botnets] re MAC trojan
Hi Raju,
On Nov 14, 2007 3:20 AM, Raj Mathur <raju@linux-delhi.org> wrote:
> The mail addresses can only be stored if the server through which the
> mail is relayed (or on which it originates) falls under the law. I'd
> presume that's not a significant percentage of all mails sent out from
> any country.
>
Hello.
On Tue, Nov 13, 2007 at 04:38:39PM -0500, Valdis.Kletnieks@vt.edu wrote:
> On Tue, 13 Nov 2007 13:07:02 PST, johan beisser said:
> > The logs don't contain context, just who/where/when. While
> > encryption will prevent (one hopes) the capability of recovering
> > context, who you talked to is not kept private or otherwise secret.
>
> It's probably a good idea to deploy encryption *now*, and use it for
> *everything*, and be ready for when (not if) they decide to be more
On Mon, Nov 24, 2008 at 11:39 PM, Damien Miller <djm@mindrot.org> wrote:
> On Mon, 24 Nov 2008, Nick Boyce wrote:
>
>> Could someone please help the uncomprehending [i.e. me :-)] understand
>> why or whether this is anything to be worried about at all ?
>
> Yes, the attack is very unlikely to work against an interactive
> connection.
>
co-located with the
16th ACM Conference on Computer and Communications Security (CCS)
2009
Nov. 9, 2009 - Nov. 13, 2009 -- Chicago, IL, USA
http://www.sigsac.org/ccs/CCS2009/
=
=
=
On Mon, 24 Nov 2008, Nick Boyce wrote:
> [ahem] ... Sorry to be dumb, but ...
>
> On Fri, Nov 21, 2008 at 10:19 AM, Damien Miller <djm@cvs.openbsd.org> wrote:
>
> > Based on the description contained in the CPNI report and a slightly
> > more detailed description forwarded by CERT this issue appears to be
> > substantially similar to a known weakness in the SSH binary packet
> > protocol first described in 2002 by Bellare, Kohno and Namprempre[2].
Oct. 20. 2008: Vendor acknowledges receiving our email.
Not commenting on the vulnerability itself.
Oct. 27. 2008: Sent update to vendor, also requesting a status report.
Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
Oct. 30. 2008: Sent additional information.
Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
version.
Nov. 20. 2008: Public disclosure.
Jun. 18. 2009: Full-Disclosure.
-----------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
iDefense Security Advisory 11.10.09
http://labs.idefense.com/intelligence/vulnerabilities/
Nov 10, 2009
I. BACKGROUND
Microsoft Word is a word processing application that is part of the
Microsoft Office suite of products. For more information about
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
iDefense Security Advisory 11.10.09
http://labs.idefense.com/intelligence/vulnerabilities/
Nov 10, 2009
I. BACKGROUND
Excel is the spreadsheet application included with Microsoft Corp.'s
Office productivity software suite. More information is available at
6.4-RELEASE not vuln
On (11/30/09 22:51), Benji wrote:
> 7.0 not vuln.
>
> On Mon, Nov 30, 2009 at 10:49 PM, Ed Carp <erc@pobox.com> wrote:
>
> > On 11/30/09, Kingcope <kcope2@googlemail.com> wrote:
> >
> > > Systems tested/affected
> > > **********************************
----- Original Message -----
From: "Nam Nguyen" <namn@bluemoon.com.vn>
To: "svrt" <svrt@bkav.com.vn>
Cc: <bugtraq@securityfocus.com>; <full-disclosure@lists.grok.org.uk>
Sent: Tuesday, November 25, 2008 9:41 AM
Subject: Re: [SVRT-05-08] Critical BoF vulnerability found in ffdshow
affecting all internet browsers (SVRT-Bkis)
> The report is for ffdshow, but the referred URL is to ffdshow-tryout. I
XCon 2008 Call for Paper
Nov. 18th – 19th, 2008, Beijing, PRC (http://xcon.xfocus.net)
XCon is wholeheartedly expecting papers from those who are
passionate about information security technique and their
participation and sharing of the conference.
Attenders
Anyone who loves information security, including information
On 6-Dec-08, at 7:47 AM, Eygene Ryabinkin wrote:
> Maksymilian, Ilia, good day.
>
> Thu, Nov 27, 2008 at 11:54:44PM -0000, cxib@securityreason.com wrote:
>> [ SecurityReason.com PHP 5.2.6 dba_replace() destroying file ]
> [...]
>> - --- 1. dba_replace() destroying file ---
>>
>> Function dba_replace() are not filtring strings key and value. There
On Wed, Nov 04, 2009 at 09:15:31PM +1100, psz@maths.usyd.edu.au wrote:
> > Irrelevant. The statement was ...
>
> Sorry, you misunderstood, that was not the statement.
Here is the statement I replied to:
>> The link count of a files tells you the number of hard links that
>> are persisted within the same filesystem. It is _NOT_ a promise
>> that there are no other means to access the inode of the file.
Regards.
------Original Message------
From: MustLive
To: bugtraq@securityfocus.com
Sent: Nov 8, 2009 8:54 AM
Subject: DoS vulnerability in Internet Explorer
Hello Bugtraq!
I want to warn you about Denial of Service vulnerability in Internet
RIPE Handle PVE50-RIPE
a.k.a. c0d3r/c0d3rZ/corelanc0d3r on various forums
____________________________________________________
From: CAS CAS [mailto:cas-security@live.com]
Sent: donderdag 12 november 2009 21:42
To: Peter Van Eeckhoutte; bugtraq@securityfocus.com
Subject: RE: Exploit writing tutorials
Hey why are you publishing tutorials on port 8800?
======================================================================
Call for Papers:
16th ACM Conference on Computer and Communications Security (CCS) 2009
Nov 9 - 13, 2009: Hyatt Regency Chicago, IL, USA
http://sigsac.org/ccs/CCS2009
======================================================================
Important Dates:
Next Page>>
|
