Next Page >>
disk
EMC Corporation distributes EMC Security Advisories in order to bring
to the attention of users of the affected EMC products important
security information. EMC recommends all users determine the
applicability of this information to their individual situations and
take appropriate action. The information set forth herein is provided
"as is" without warranty of any kind. EMC disclaims all warranties,
either express or implied, including the warranties of
merchantability, fitness for a particular purpose, title and non-
infringement. In no event shall EMC or its suppliers be liable for any
damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages, even if
Time line:
Found: 09. March 2008
Reported: 09. March 2008
Disclosed: 16. March 2008
Summary:
The NAS-4220-B offers disk encryption through it's web interface. The
key used for encrypting the disk(s) is stored on a unencrypted
implemented in libVTE. The new way creates a file in the /tmp filesystem
and immediately unlinks it. This is not an uncommon way of handling tmp
files, however there are probably many people who would not expect
data from within the terminal window to be written to disk. There is
a sense of trust that the data in the terminal is only stored in memory
and is cleared when the computer is shut off. In a sense, this bug
is allowing the data to "break the forth wall".
I discovered this issue in November of 2011 while talking about uses for
the lsof command on the @climagic Twitter account. I immediately found
which software was the culprit and submitted a bug reports to Gnome's
Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/
Web commands injection through FTP Login in Synology Disk Station
CVE-2010-2453
INTRODUCTION
Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network Attached Storage (NAS) products. Synology's goal
http://www.baseline-security.de
________________________________________________________________________
The information provided is released "as is" without warranty of
any kind. The publisher disclaims all warranties, either express or
implied, including all warranties of merchantability.
No responsibility is taken for the correctness of this information.
In no event shall the publisher be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of
business profits or special damages, even if the publisher has been
-----Original Message-----
From: Inferno [mailto:inferno@securethoughts.com]
Sent: Monday, November 23, 2009 7:46 AM
To: bugtraq@securityfocus.com
Subject: Millions of PDF invisibly embedded with your internal disk paths
Millions of PDF invisibly embedded with your internal disk paths
----------------------------------------------------------------
I found an interesting privacy issue while analyzing PDF files. This bug
directory tree ("legacy Filevault").
The log in question is kept by default for several weeks...
Thus anyone who can read files accessible to group admin can
discover the login passwords of any users of legacy (pre LION) Filevault
home directories who have logged in since the upgrade to 10.7.3 in early
February 2012.
This is worse than it seems, since the log in question can also
be read by booting the machine into firewire disk mode and reading it by
For more information, see man 1 virt-install.
Original advisory details:
It was discovered that libvirt would probe disk backing stores without
consulting the defined format for the disk. A privileged attacker in the
guest could exploit this to read arbitrary files on the host. This issue
only affected Ubuntu 10.04 LTS. By default, guests are confined by an
AppArmor profile which provided partial protection against this flaw.
(CVE-2010-2237, CVE-2010-2238)
Users who require the old behavior can adjust the 'allow_disk_format_probing'
option in /etc/libvirt/qemu.conf.
Details follow:
It was discovered that libvirt would probe disk backing stores without
consulting the defined format for the disk. A privileged attacker in the
guest could exploit this to read arbitrary files on the host. This issue
only affected Ubuntu 10.04 LTS. By default, guests are confined by an
AppArmor profile which provided partial protection against this flaw.
(CVE-2010-2237, CVE-2010-2238)
Millions of PDF invisibly embedded with your internal disk paths
----------------------------------------------------------------
I found an interesting privacy issue while analyzing PDF files. This bug
occurs when you are using Internet Explorer to print locally saved web pages
as PDF and affects all IE versions including IE8. It does not matter which
PDF generation software you are using like Adobe Acrobat Professional,
CutePDF, PrimoPDF, etc as long as you are invoking it from inside the IE
print function. In Windows, even when your default browser is not IE and if
you right click a file to select the PRINT from the context menu, then by
========================================================================
Description
FireGPG does its encrypt/decrypt/sign/verify operations by shelling out
to a locally installed GPG executable. The problem is that instead of
using stdin/stdout to pass information, it writes everything to disk
and passes the files as arguments.
When a user receives an encrypted email and asks FireGPG to decrypt it,
FireGPG prompts the user for her passphrase and then creates three
temporary files. One for the ciphertext, one for the resulting
Version 1.0: Initial Release
If additional information is required, please contact CA Support at
http://support.ca.com/
If you discover a vulnerability in CA products, please report your
findings to the CA Product Vulnerability Response Team.
(line may wrap)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17
7782
An attacker could use usb-creator to unmount arbitrary disks or perform
other unauthorized disk operations.
Software Description:
- usb-creator: create a startup disk using a CD or disc image (common files)
Details:
Evan Broder discovered that usb-creator did not properly enforce
restrictions when performing privileged disk operations. A local attacker
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
the application to crash or, possibly, execute arbitrary code.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has
assigned the name CVE-2008-4226 to this issue.
A denial of service flaw was discovered in the libxml2 XML parser.
If an application linked against libxml2 processed untrusted,
malformed XML content, it could cause the application to enter
an infinite loop.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
control of eip through you're bad read.
> 3. Corrupted Microsoft Exchange database crashes EnCase during multi-threaded search/analysis concurrent to acquisition
>
> Response: The report discloses that this particular anomaly occurred only when every single check box was selected in the search dialogue box, including the search, hash value calculation and verify file signatures features. This means that EnCase was directed to acquire an Exchange database and perform a detailed multi-threaded search and analysis of the data at the same time. This procedure is extremely inconsistent with best practices and akin to opening several hundred files in a word processing program, which of course would cause a memory overload.
So, you have options that you don't expect customers to select? If this is
such a problem, why do you allow all of the options to be selected at the
same time?
>>> here, and no OS needs to be involved.
>>>3. The computer is up (and running; see above), no hibernate or sleep
>>> is involved here.
>
> So on a freshly-booted system with drive encryption you can read
> whatever you want on the disk?
No. As another poster already wrote: there's no(t yet a) disk involved.
The attacker just reads the memory and can then try to find cached
credentials or cryptographic keys (as described in the paper by Ed Felten
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT4077
-- Disclosure Timeline:
2009-08-10 - Vulnerability reported to vendor
2010-04-02 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
> IMO, a "real" solution would be to be able to deploy/install Pidgin in a fashion so that:
>
> a) the accounts.xml file's location can be overriden (so that I can re-direct to a network shared TrueCrypt drive over an IPSEC protected pipe in a VLAN'd network :p)
This can already be done--on a Windows system, which this so-called
"vulnerability disclosure" obviously focused solely on, forcing the PURPLEHOME
environment variable to be set by a user's logon script will use the specified
path for not just accounts.xml but all configuration and data files for Pidgin.
The pidgin.exe binary can also be renamed and replaced with a script (or
executable stub) that calls the renamed binary with the -c option to specify a
different location for the configuration directory. We have no intention of
Hi,
some further research on the firewall of Mac OS X Leopard proved, that the
firewall is altering binaries on the disc -- in some cases they refuse to
work after that.
In contrast to Tiger, the firewall in Leopard no longer operates at the
packet level but rather it works with applications, to which it permits
or denies specific network activities.
In order to unambiguously identify applications, Apple uses code
http://vexillium.org/
Name : WinImage 8.10 Multiple Vulnerabilities
Class : Denial of Service and Directory Traversal
Threat level : LOW (DoS), MED (Dir. traversal vuln)
Discovered : 2007-08-31
Published : 2007-09-15
Credit : j00ru//vx
Vulnerable : WinImage 8.10,
WinImage 8.0,
prior versions may also be affected
From vendor's website:
"The ASG-Sentry family of products is a suite of tools strategically
engineered to control, monitor, manage, and enhance your network.
Sentry's tools provide you with full visibility to your network from
any Web browser. Sentry also allows you to fully instrument your
company's applications, CPUs, disk space, memory, files, Windows and
UNIX platforms, and more."
#######################################################################
3. CA eTrust ITM r8.1 Web Console Script Redirection
Vulnerability
4. VMware Virtual Disk Mount Service Local Denial of
Service Vulnerability
5. CA eTrust ITM r8.1 iTechnology SPIN Web Interface
Sensitive Information Disclosure Vulnerability
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
©Copyright 2008 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Credits:
////////
Issue discovery and research: porkythepig
Contact: porkythepig@anspi.pl
>>> here, and no OS needs to be involved.
>>>3. The computer is up (and running; see above), no hibernate or sleep
>>> is involved here.
>
> So on a freshly-booted system with drive encryption you can read
> whatever you want on the disk?
No. As another poster already wrote: there's no(t yet a) disk involved.
The attacker just reads the memory and can then try to find cached
credentials or cryptographic keys (as described in the paper by Ed Felten
>>No, the iPod device signature makes Windows drivers think it should
allow DMA access for that device because it detect it as a disk device.
>>Other disk device signatures would likely work the same way, that's
just the one he happened to emulate.
Is it not possible for Windows (or any OS) to open up DMA for a device
only to a certain range?
If not, what options are available?
buffer in spite of the full disk encryption.
--[ Impact:
1) Plain text password disclosure.
Required privileges to perform this operation are OS dependant,
from unprivileged users under Windows (any), to root under most
Unix.
2) A privileged attacker able to write to the MBR and knowing the
Name : 2K7SEPT6 Total Commander 7.01 Remote FTP Client
Directory Traversal
Class : Remote Directory Traversal
Threat level : HIGH
Discovered : 2007-08-25
Published : 2007-09-06
Credit : Gynvael Coldwind
Vulnerable : 7.01 and prior
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-2157 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
04/16/2008 Initial vendor response
04/16/2008 Initial vendor notification
05/27/2008 Coordinated public disclosure
Next Page>>
|
