Next Page >>
openings
X) References
I) Introduction
On Apr 07, 2008 I spoke with Kuza55 and Wisec about an attack I found some
time before that was a new attack vector for filesystem functions (fopen,
(include|require)[_once]?, file_(put|get)_contents, etc) for the PHP
language. It was a path normalization issue and I asked them to keep it
"secret" [4], this was a good idea cause my analisys was mostly
incomplete and erroneous but the idea was good and the bug was real and
disposable.
MorningStar Security - Advisory
http://www.morningstarsecurity.com/
Multiple security issues in Open Auto Classifieds
1. Advisory Information
----------------------------------------------------------------------------------------------
Title: Multiple security issues in Open Auto Classifieds
Starting Nmap 4.20 ( http://insecure.org ) at 2007-07-09 14:54 CEST
Interesting ports on xxx.xxx.xxx.xxx:
Not shown: 1693 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh Mocanada embedded SSH (protocol 2.0)
80/tcp open http Dell Embedded Remote Access card webserver 1.0
443/tcp open ssl/http Dell Remote Access Controller http interface 2.0
5900/tcp open vnc?
Service Info: Devices: terminal server, remote management
Starting Nmap 4.20 ( http://insecure.org ) at 2007-07-09 14:54 CEST
Interesting ports on xxx.xxx.xxx.xxx:
Not shown: 1693 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh Mocanada embedded SSH (protocol 2.0)
80/tcp open http Dell Embedded Remote Access card webserver 1.0
443/tcp open ssl/http Dell Remote Access Controller http interface 2.0
5900/tcp open vnc?
Service Info: Devices: terminal server, remote management
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.2.x | All versions prior to 1.2.35 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.4.x | All versions prior to 1.4.26.3 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.6.0.x | All versions prior to 1.6.0.17 |
|----------------------------+---------+---------------------------------|
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------+------------+------------------------------|
| Asterisk Open Source | 1.2.x | All versions prior to 1.2.34 |
|----------------------------+------------+------------------------------|
| Asterisk Open Source | 1.4.x | All versions prior to |
| | | 1.4.26.1 |
|----------------------------+------------+------------------------------|
| Asterisk Open Source | 1.6.0.x | All versions prior to |
Summary
=======
Cisco Security Manager contains a vulnerability when it is used with
Cisco IPS Event Viewer (IEV) that results in open TCP ports on both
the Cisco Security Manager server and IEV client. An unauthenticated,
remote attacker could leverage this vulnerability to access the MySQL
databases or IEV server.
Cisco has released free software updates that address this
CVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269
*Vulnerability Description*
Android is project promoted primarily by Google through the Open Handset
Alliance aimed at providing a complete set of software for mobile
devices: an operating system, middleware and key mobile applications
[1]. Although the project is currently in a development phase and has
not made an official release yet, several vendors of mobile chips have
unveiled prototype phones built using development releases of the
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|----------------------------------+----------------+--------------------|
| Asterisk Open Source | 1.2.x | All versions |
|----------------------------------+----------------+--------------------|
| Asterisk Open Source | 1.4.x | All versions |
|----------------------------------+----------------+--------------------|
| Asterisk Open Source | 1.6.x | All versions |
|----------------------------------+----------------+--------------------|
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.2.x | Unaffected |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.4.x | All versions prior to 1.4.26.3 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.6.0.x | All versions prior to 1.6.0.17 |
|----------------------------+---------+---------------------------------|
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|----------------------------------+----------------+--------------------|
| Asterisk Open Source | 1.2.x | All versions |
|----------------------------------+----------------+--------------------|
| Asterisk Open Source | 1.4.x | All versions |
|----------------------------------+----------------+--------------------|
| Asterisk Open Source | 1.6.x | All versions |
|----------------------------------+----------------+--------------------|
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.2.x | Not affected |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.4.x | Versions 1.4.22, 1.4.23, |
| | | 1.4.23.1 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.6.0.x | All versions prior to 1.6.0.6 |
[ Our anticipate apologies if you receive this call for paper more than
once! ]
CALL FOR PAPERS:
1st Workshop on Open Source Software for Computer and Network Forensics
(OSSCoNF)
We are currently inviting the submission of full papers to the 1st Workshop
on Open Source Software for Computer and Network Forensics (OSSCoNF),
which will be held in conjunction with OSS2008, the Fourth International
[ Our anticipate apologies if you receive this call for paper more than
once! ]
CALL FOR PAPERS:
1st Workshop on Open Source Software for Computer and Network Forensics
(OSSCoNF)
We are currently inviting the submission of full papers to the 1st Workshop
on Open Source Software for Computer and Network Forensics (OSSCoNF),
which will be held in conjunction with OSS2008, the Fourth International
[ Our anticipate apologies if you receive this call for paper more than
once! ]
CALL FOR PAPERS:
1st Workshop on Open Source Software for Computer and Network Forensics
(OSSCoNF)
We are currently inviting the submission of full papers to the 1st Workshop
on Open Source Software for Computer and Network Forensics (OSSCoNF),
which will be held in conjunction with OSS2008, the Fourth International
- $username = $_POST['reset_username'];
- $userrows = select_bhdb("users", array("username"=>$username), "");
+ $xgqd_username = $_POST['reset_username'];
+ $userrows = select_bhdb("users", array("username"=>$xgqd_username), "");
if (empty($userrows)) {
# Open layout object
$layoutobj = new bhlayout("generic");
@@ -31,16 +31,16 @@
} else {
# Insert a password reset request row for that username
$resetid = md5(time().rand(1, 99999).rand(54, time()));
The CoreTex Team from Core Security is happy to announce the *1st Open
Backdoor Hiding & Finding Contest* to be held at DEFCON 0x12 this year!
Hiding a backdoor in open source code that will be subjected to the
scrutiny of security auditors by the hundredths may not be an easy task.
Positively and unequivocally identifying a cleverly hidden backdoor may
be extremely difficult as well.
But doing both things at DEFCON 0x12 could be a lot of fun!
Hi Pete,
if this becomes an ISO standard will it still be available for free, or
will you need to pay to get copies of it like you do for other ISO
standards? Also, once the ISO standard is defined, how will new open
source contributions be incorporated?
Pete Herzog wrote:
> The security community may be interested in this:
Autodesk Maya offers so called "Script Nodes" as a way to program
animation behavior using MEL (Maya Embedded Language) and the Python
programming language. The Autodesk Maya file formats support embedding
of scripting code as part of a scene package. Programs embeded in Maya
files using scripting code are automatically executed upon opening of
the file. An attacker can take control of a system where Maya is
installed by sending a specially crafted scene package and enticing
the user to open it. The scripting code will run with the privileges
of the user running the Maya application.
corrected. Unlikely, I know... but possible.
There's a nearly identical case that works in all Unixen, AFAIK: You
have /a/b/file1, which is writable to user1. The user has permission
to descend /a and /a/b. At some point user1 does a cd to /a/b. Then
at some later point, while the user still has that shell open, the
sysadmin closes off permission to /a, and user1 no longer can descend
it. But it doesn't matter... user1 has already got a shell open in
/a/b, and therefore full access to all the files there which are not
otherwise protected against that user's access. user1 can copy them,
mail them to friends, make hard links to them, etc.... Anything
> > IMHO; no bug or security issue, just a misunderstanding of the
> > mechanism...
Correct. It is a completely flawed assumption.
In Unix, an open() of a file checks access permissions as
specified in the files inode. If someone wants access control
applied to a file, then he MUST do so using the permission in
the file inode.
Making assumptions about directory search and acces permissions
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------+------------+------------------------------|
| Asterisk Open Source | 1.2.x | All versions prior to 1.2.32 |
|----------------------------+------------+------------------------------|
| Asterisk Open Source | 1.4.x | All versions prior to |
| | | 1.4.24.1 |
|----------------------------+------------+------------------------------|
| Asterisk Open Source | 1.6.0.x | All versions prior to |
The 2008 edition generated a strong emulation in France, from its
historical role as the first official hack meeting there, and in Europe
with the subsequent creation of the Hacker Space Brussels[2], the
rapprochement with The Fiber in Amsterdam and the hackerspaces.org[3]
network. Initiatives of hackerspace openings in Grenoble or Lille, or
the upcoming FrHack[4] conference show an actual enthusiasm in the
French hackers community that was doomed to the "underground" not so
long ago. We salute these initiatives and their diversity!
Soon enough, we wanted to reiterate the HSF experience : however, it
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.2.x | All version prior to 1.2.31 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.4.x | All versions prior to |
| | | 1.4.23-rc4 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.6.x | All versions prior to |
Today we are excited to announce another community initiative--the Open
Source Software Security community (oss-security). This project is an
ongoing effort to manage security information in Open Source software by
building on the collaborative foundation of the open source model.
The purpose of oss-security is to encourage public discussion of security
flaws, concepts, and practices in the open source community. We don't want
to simply be an information clearinghouse, or to replace any of the current
security lists and groups. The goal is to fill an existing vacuum by
encouraging active participation of those interested in the ideas and
*name = cli_gentemp(dir);
if(!*name)
return CL_EMEM;
*fd = open(*name, O_RDWR|O_CREAT|O_TRUNC|O_BINARY, S_IRWXU);
if(*fd == -1) {
cli_errmsg("cli_gentempfd: Can't create temporary file %s:
%s\n", *name, strerror(errno));
free(*name);
return CL_EIO;
The New ISO Hacking Standard
New York, May 17, 2010 -- The world’s national standards bodies met
again during April, this time in Malaka, Malaysia and they extended
talks about the Open Source Security Testing Methodology Manual. This
ultimate security guide, better known to security experts and hackers
alike as the OSSTMM (spoken like “awesome” but with a “t”), is a
formal methodology for breaking any security and attacking anything
the most thorough way possible. So why is the International Standards
Organization talking about it?
psz@maths.usyd.edu.au wrote:
> > According to POSIX, if you open the directory with O_SEARCH then openat()
> > does not re-check search (+x) permissions.
>
> My 2.6.26 kernel (or Debian lenny) does not seem to know about O_SEARCH.
> But anyway... even if openat() does not re-check permissions, it should
> surely fail when in fact it does not have permissions? Surely, directory
> contents are not cached? Or, do you have an example (of a running OS)
Date 20090725
I) Introduction
II) PHP arbitrary Local File Inclusion testing
III) PHP arbitrary Local File Inclusion results
IV) PHP arbitrary File Open testing
V) PHP arbitrary File Open results
VI) PHP arbitrary Remote File Upload testing
VII) PHP arbitrary Remote File Upload results
VIII) Conclusions
IX) References
#!/usr/bin/perl
#
#------------------------------------------------------------------------
#(Post Form login var 'username') BLIND SQLi exploit--Open Biller 0.1-->
#------------------------------------------------------------------------
#
#CMS INFORMATION:
#
#-->WEB: http://sourceforge.net/projects/geekbill/
#-->DOWNLOAD: http://sourceforge.net/projects/geekbill/
Next Page>>
|
