| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Jun 14 23:45:27 2005
From: cstejere at cti.depaul.edu (Stejerean, Cosmin)
Subject: RE: Web application Security Scanner (Cosmin
Stejerean)
SQL-Injection detection,
Buffer Overflow detection,
Format string detection,
File-Retrieval detection,
Cross site scripting detection.
and more...
http://wpoison.sourceforge.net/
Regards,
Cosmin Stejerean
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of full-disclosure-request@...ts.grok.org.uk
Sent: Tuesday, June 14, 2005 6:00 AM
To: full-disclosure@...ts.grok.org.uk
Subject: Full-Disclosure Digest, Vol 4, Issue 17
Send Full-Disclosure mailing list submissions to
full-disclosure@...ts.grok.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
full-disclosure-request@...ts.grok.org.uk
You can reach the person managing the list at
full-disclosure-owner@...ts.grok.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."
Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you.
Today's Topics:
1. Web application Security Scanner (tgoogle)
2. RE: Web application Security Scanner (alex)
3. Re: Web application Security Scanner (tgoogle)
4. Re: Web application Security Scanner (Valdis.Kletnieks@...edu)
5. RE: Web application Security Scanner (tgoogle)
6. RE: Web application Security Scanner (Todd Towles)
7. Re: Web application Security Scanner (deepquest)
8. RE: Web application Security Scanner (alex)
9. alya.cgi (Nobody Special)
10. Re: Web application Security Scanner (Valdis.Kletnieks@...edu)
11. RE: alya.cgi (Todd Towles)
12. UPDATE: [ GLSA 200505-06 ] TCPDump: Decoding routines Denial
of Service vulnerability (Thierry Carrez)
13. [ GLSA 200506-12 ] MediaWiki: Cross-site scripting
vulnerability (Sune Kloppenborg Jeppesen)
14. NDSS '06 -- Call for Papers (Karen Seo)
15. Re: RE: End users as security devices (Ron DuFresne)
16. Re: RE: End users as security devices (Valdis.Kletnieks@...edu)
17. Re: Web application Security Scanner (Frederic Charpentier)
----------------------------------------------------------------------
Message: 1
Date: Mon, 13 Jun 2005 19:47:01 +0400 (MSD)
From: "tgoogle" <tgoogle@...dex.ru>
Subject: [Full-disclosure] Web application Security Scanner
To: full-disclosure@...ts.grok.org.uk
Message-ID: <42ADAA75.000006.20707@...e.yandex.ru>
Content-Type: text/plain; charset="US-ASCII"
Did you know the best Web app security scanner?
I need scanner, which would find SQL injections, XSS, php include and other bug in unknown Web application.
Thanks
------------------------------
Message: 2
Date: Mon, 13 Jun 2005 19:54:33 +0400
From: "alex" <pigrelax@...dex.ru>
Subject: RE: [Full-disclosure] Web application Security Scanner
To: <full-disclosure@...ts.grok.org.uk>
Message-ID: <S3375614AbVFMPya/20050613155441Z+741@...l.yandex.ru>
Content-Type: text/plain; charset="us-ascii"
Maxpatol - www.maxpatrol.com
"Maxpatrol inspects all scripts installed on server for vulnerabilities
allowing unauthorized file access, data access or manipulation or possible
termination of service using intelligent algorithms."
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of tgoogle
Sent: Monday, June 13, 2005 7:47 PM
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] Web application Security Scanner
Did you know the best Web app security scanner?
I need scanner, which would find SQL injections, XSS, php include and other
bug in unknown Web application.
Thanks
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
------------------------------
Message: 3
Date: Mon, 13 Jun 2005 21:10:19 +0400 (MSD)
From: "tgoogle" <tgoogle@...dex.ru>
Subject: Re: [Full-disclosure] Web application Security Scanner
To: full-disclosure@...ts.grok.org.uk
Cc: deepquest@....com
Message-ID: <42ADBDFB.000006.05325@...ay.yandex.ru>
Content-Type: text/plain; charset="KOI8-R"
Thanks,
I shall test all these programs, tomorrow I send my results. For example, i try to find vulnerabilities in www.yandex.ru and www.google.ru sites :).
You really consider that all these programs are capable found vulnerability in UNKNOWN scripts?
I need BEST program, which can found Maximum bugs in any custom Web application.
>http://www.0x90.org/releases/absinthe/
>http://www.nessus.org/download/ with some plugins
>http://www.cirt.net/code/nikto.shtml
>
>The "best" depends of your target, the OS you use, if you looking for
>opensource products or commercial ones.
>Just google there many of them.
>
>
>Deepquest
>"Justification of windows usage is a combinaison of Stockholm
>Syndrome and cognitive dissonance."
>--------------------------------------------------------------
>Propaganda http://deepquest.code511.com/blog
>FIB http://www.futureisbeta.com
>PGP DH/DSS http://www.futureisbeta.com/pgp
>--------------------------------------------------------------
>
>> Did you know the best Web app security scanner?
>>
>> I need scanner, which would find SQL injections, XSS, php include
>> and other bug in unknown Web application.
>>
>> Thanks
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>
--
??????.?????: ????? ????????? ????? ?? ?????????! http://mail.yandex.ru/monitoring/
------------------------------
Message: 4
Date: Mon, 13 Jun 2005 13:26:14 -0400
From: Valdis.Kletnieks@...edu
Subject: Re: [Full-disclosure] Web application Security Scanner
To: tgoogle@...dex.ru
Cc: full-disclosure@...ts.grok.org.uk, deepquest@....com
Message-ID: <200506131726.j5DHQEMq011629@...ing-police.cc.vt.edu>
Content-Type: text/plain; charset="iso-8859-1"
On Mon, 13 Jun 2005 21:10:19 +0400, tgoogle said:
> I need BEST program, which can found Maximum bugs in any custom Web application.
I doubt you'll fine one "best" program, as there's too much diversity.
There's probably someplace running CGI written in COBOL.
And somebody probably has a scanner for COBOL CGIs.
But you'll never find that scanner in one of the "big name" packages, because
trying to scan for *everything* is just too difficult - it's a lot easier to
create a package that does one class of things well (find 90% of injections,
80% of buffer overflows, etc).
If you're lucky, you'll find a set of 3 or 4 tools, which when used together, will
do 95% of the heavy lifting for you.
And remember that although programmatic scanners may be able to do a reasonable
job against certain classes of well-understood bugs (integer overflow, buffer
overflow, SQL injection, etc), they can't find errors caused by a programmer
being creatively stupid (as opposed to just not thinking).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050613/79c0566f/attachment-0001.bin
------------------------------
Message: 5
Date: Mon, 13 Jun 2005 21:45:27 +0400 (MSD)
From: "tgoogle" <tgoogle@...dex.ru>
Subject: RE: [Full-disclosure] Web application Security Scanner
To: full-disclosure@...ts.grok.org.uk
Cc: deepquest@....com
Message-ID: <42ADC637.000008.22764@...tene.yandex.ru>
Content-Type: text/plain; charset="KOI8-R"
Ok
I define concretely my task.
I wish to find quickly potential holes (XSS, SQL injection and e.t.c.) in the any Web sites, for example www.yandex.ru. I do not know, what OS or database using on server.
Many program can find only known CGI bugs or need some interactive with database or environment.
>I do not actually think that any of the tools listed below are what you are
>looking for.
>
>* Nikto is a web vulnerability scanner that can identify KNOWN
>vulnerabilities, as well as some variations on them. It is unable to
>understand application logic or identify any custom security
>vulnerabilities.
>* Nessus is much like Nikto - only it's not limited to web.
>* Absinthe is the only tool that can help with custom application
>vulnerabilities, but it's not really an automated scanner such as the one
>you are looking, but rather an assisting the exploitation of SQL Injection.
>It still requires a certain level of expertese to succesfully operate.
>
>I think what you are looking at is rather one of the commercial tools, such
>as SPI Dynamics WebInspect, Watchfire's AppScan or KaVaDo's ScanDo.
>
>Ofer Maor
>CTO
>Hacktics (http://www.hacktics.com/)
>
>
>-----Original Message-----
>From: full-disclosure-bounces@...ts.grok.org.uk
>[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of tgoogle
>Sent: Monday, June 13, 2005 19:10
>To: full-disclosure@...ts.grok.org.uk
>Cc: deepquest@....com
>Subject: Re: [Full-disclosure] Web application Security Scanner
>
>
>Thanks,
>
>I shall test all these programs, tomorrow I send my results. For example, i
>try to find vulnerabilities in www.yandex.ru and www.google.ru sites :).
>
>You really consider that all these programs are capable found vulnerability
>in UNKNOWN scripts?
>
>I need BEST program, which can found Maximum bugs in any custom Web
>application.
>
>
>>http://www.0x90.org/releases/absinthe/
>>http://www.nessus.org/download/ with some plugins
>>http://www.cirt.net/code/nikto.shtml
>>
>>The "best" depends of your target, the OS you use, if you looking for
>>opensource products or commercial ones.
>>Just google there many of them.
>>
>>
>>Deepquest
>>"Justification of windows usage is a combinaison of Stockholm
>>Syndrome and cognitive dissonance."
>>--------------------------------------------------------------
>>Propaganda http://deepquest.code511.com/blog
>>FIB http://www.futureisbeta.com
>>PGP DH/DSS http://www.futureisbeta.com/pgp
>>--------------------------------------------------------------
>>
>>> Did you know the best Web app security scanner?
>>>
>>> I need scanner, which would find SQL injections, XSS, php include
>>> and other bug in unknown Web application.
>>>
>>> Thanks
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>>
>>
>
>
>--
>??????.?????: ????? ????????? ????? ?? ?????????!
>http://mail.yandex.ru/monitoring/
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
--
"????????????" - ????? ??? ????? ? ????? ?????! http://so.yandex.ru/
------------------------------
Message: 6
Date: Mon, 13 Jun 2005 13:21:42 -0500
From: "Todd Towles" <toddtowles@...okshires.com>
Subject: RE: [Full-disclosure] Web application Security Scanner
To: <tgoogle@...dex.ru>, <full-disclosure@...ts.grok.org.uk>
Cc: deepquest@....com
Message-ID:
<9E97F0997FB84D42B221B9FB203EFA27F941C1@...ms2.msad.brookshires.net>
Content-Type: text/plain; charset="KOI8-R"
The list is right, pen-testing isn't as easy as running one tool. If there was a "best" tool that found everything, then why would people use any other tool?
Going to attack Russian Google, well glad you said it on here...that will make it hard for them to trace you down..lol
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf
> Of tgoogle
> Sent: Monday, June 13, 2005 12:10 PM
> To: full-disclosure@...ts.grok.org.uk
> Cc: deepquest@....com
> Subject: Re: [Full-disclosure] Web application Security Scanner
>
> Thanks,
>
> I shall test all these programs, tomorrow I send my results.
> For example, i try to find vulnerabilities in www.yandex.ru
> and www.google.ru sites :).
>
> You really consider that all these programs are capable found
> vulnerability in UNKNOWN scripts?
>
> I need BEST program, which can found Maximum bugs in any
> custom Web application.
>
>
> >http://www.0x90.org/releases/absinthe/
> >http://www.nessus.org/download/ with some plugins
> >http://www.cirt.net/code/nikto.shtml
> >
> >The "best" depends of your target, the OS you use, if you
> looking for
> >opensource products or commercial ones.
> >Just google there many of them.
> >
> >
> >Deepquest
> >"Justification of windows usage is a combinaison of
> Stockholm Syndrome
> >and cognitive dissonance."
> >--------------------------------------------------------------
> >Propaganda http://deepquest.code511.com/blog
> >FIB http://www.futureisbeta.com
> >PGP DH/DSS http://www.futureisbeta.com/pgp
> >--------------------------------------------------------------
> >
> >> Did you know the best Web app security scanner?
> >>
> >> I need scanner, which would find SQL injections, XSS, php
> include and
> >> other bug in unknown Web application.
> >>
> >> Thanks
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >>
> >
>
>
> --
> ??????.?????: ????? ????????? ????? ?? ?????????!
> http://mail.yandex.ru/monitoring/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
------------------------------
Message: 7
Date: Mon, 13 Jun 2005 18:22:26 +0200
From: deepquest <deepquest@....com>
Subject: Re: [Full-disclosure] Web application Security Scanner
To: tgoogle@...dex.ru
Cc: full-disclosure@...ts.grok.org.uk
Message-ID: <F225B0C6-F360-408F-BD35-3704F95CFCFC@....com>
Content-Type: text/plain; charset="us-ascii"
http://www.0x90.org/releases/absinthe/
http://www.nessus.org/download/ with some plugins
http://www.cirt.net/code/nikto.shtml
The "best" depends of your target, the OS you use, if you looking for
opensource products or commercial ones.
Just google there many of them.
Deepquest
"Justification of windows usage is a combinaison of Stockholm
Syndrome and cognitive dissonance."
--------------------------------------------------------------
Propaganda http://deepquest.code511.com/blog
FIB http://www.futureisbeta.com
PGP DH/DSS http://www.futureisbeta.com/pgp
--------------------------------------------------------------
> Did you know the best Web app security scanner?
>
> I need scanner, which would find SQL injections, XSS, php include
> and other bug in unknown Web application.
>
> Thanks
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050613/c76552a5/attachment-0001.html
------------------------------
Message: 8
Date: Mon, 13 Jun 2005 22:49:28 +0400
From: "alex" <pigrelax@...dex.ru>
Subject: RE: [Full-disclosure] Web application Security Scanner
To: <full-disclosure@...ts.grok.org.uk>
Cc: deepquest@....com
Message-ID: <S3375708AbVFMStY/20050613184935Z+1379@...l.yandex.ru>
Content-Type: text/plain; charset="koi8-r"
Try to use freeware service (owned by Cisco System and Positive
technologies) - www.freescan.ru. This service can help found many unknown
bug in custom Web application.
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Todd Towles
Sent: Monday, June 13, 2005 10:22 PM
To: tgoogle@...dex.ru; full-disclosure@...ts.grok.org.uk
Cc: deepquest@....com
Subject: RE: [Full-disclosure] Web application Security Scanner
The list is right, pen-testing isn't as easy as running one tool. If there
was a "best" tool that found everything, then why would people use any other
tool?
Going to attack Russian Google, well glad you said it on here...that will
make it hard for them to trace you down..lol
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf
> Of tgoogle
> Sent: Monday, June 13, 2005 12:10 PM
> To: full-disclosure@...ts.grok.org.uk
> Cc: deepquest@....com
> Subject: Re: [Full-disclosure] Web application Security Scanner
>
> Thanks,
>
> I shall test all these programs, tomorrow I send my results.
> For example, i try to find vulnerabilities in www.yandex.ru
> and www.google.ru sites :).
>
> You really consider that all these programs are capable found
> vulnerability in UNKNOWN scripts?
>
> I need BEST program, which can found Maximum bugs in any
> custom Web application.
>
>
> >http://www.0x90.org/releases/absinthe/
> >http://www.nessus.org/download/ with some plugins
> >http://www.cirt.net/code/nikto.shtml
> >
> >The "best" depends of your target, the OS you use, if you
> looking for
> >opensource products or commercial ones.
> >Just google there many of them.
> >
> >
> >Deepquest
> >"Justification of windows usage is a combinaison of
> Stockholm Syndrome
> >and cognitive dissonance."
> >--------------------------------------------------------------
> >Propaganda http://deepquest.code511.com/blog
> >FIB http://www.futureisbeta.com
> >PGP DH/DSS http://www.futureisbeta.com/pgp
> >--------------------------------------------------------------
> >
> >> Did you know the best Web app security scanner?
> >>
> >> I need scanner, which would find SQL injections, XSS, php
> include and
> >> other bug in unknown Web application.
> >>
> >> Thanks
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >>
> >
>
>
> --
> ??????.?????: ????? ????????? ????? ?? ?????????!
> http://mail.yandex.ru/monitoring/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
------------------------------
Message: 9
Date: Mon, 13 Jun 2005 12:17:17 -0700 (PDT)
From: Nobody Special <ktjan@...oo.com>
Subject: [Full-disclosure] alya.cgi
To: full-disclosure@...ts.grok.org.uk
Message-ID: <20050613191717.67017.qmail@...40507.mail.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1
I ran a nessus scan on my neighbor's Soniwall firewall
appliance's ip address and found out there is an
alya.cgi file, which is ranked as HIGH risk. However,
no one knows what it does beside that "alya.cgi is a
cgi backdoor distributed with multiple rootkits."
Does anyone on list know what this cgi can do?
cokster
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail
------------------------------
Message: 10
Date: Mon, 13 Jun 2005 15:26:03 -0400
From: Valdis.Kletnieks@...edu
Subject: Re: [Full-disclosure] Web application Security Scanner
To: alex <pigrelax@...dex.ru>
Cc: full-disclosure@...ts.grok.org.uk, deepquest@....com
Message-ID: <200506131926.j5DJQ3WU018561@...ing-police.cc.vt.edu>
Content-Type: text/plain; charset="iso-8859-1"
On Mon, 13 Jun 2005 22:49:28 +0400, alex said:
> Try to use freeware service (owned by Cisco System and Positive
> technologies) - www.freescan.ru. This service can help found many unknown
> bug in custom Web application.
> > I shall test all these programs, tomorrow I send my results.
> > For example, i try to find vulnerabilities in www.yandex.ru
Somehow, I get the feeling that when alex recommended freescan, he already
knew *exactly* what the results of scanning yandex.ru would be - and how
helpful it would be to the original poster. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050613/09e4a6c1/attachment-0001.bin
------------------------------
Message: 11
Date: Mon, 13 Jun 2005 14:34:36 -0500
From: "Todd Towles" <toddtowles@...okshires.com>
Subject: RE: [Full-disclosure] alya.cgi
To: "Nobody Special" <ktjan@...oo.com>,
<full-disclosure@...ts.grok.org.uk>
Message-ID:
<9E97F0997FB84D42B221B9FB203EFA27F94249@...ms2.msad.brookshires.net>
Content-Type: text/plain; charset="us-ascii"
It appears to be a CGI dropped by a hacker tool. It may execute shell
commands from several different directories. Doesn't anyone use Google
anymore....
Just because Nessus says alya.cgi could be a backdoor doesn't mean it
is..Nessus is a very good VA scanning but it does produce a fair amount
of false positives.
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf
> Of Nobody Special
> Sent: Monday, June 13, 2005 2:17 PM
> To: full-disclosure@...ts.grok.org.uk
> Subject: [Full-disclosure] alya.cgi
>
> I ran a nessus scan on my neighbor's Soniwall firewall
> appliance's ip address and found out there is an alya.cgi
> file, which is ranked as HIGH risk. However, no one knows
> what it does beside that "alya.cgi is a cgi backdoor
> distributed with multiple rootkits."
> Does anyone on list know what this cgi can do?
>
> cokster
>
>
>
> __________________________________
> Do you Yahoo!?
> Read only the mail you want - Yahoo! Mail SpamGuard.
> http://promotions.yahoo.com/new_mail
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
------------------------------
Message: 12
Date: Mon, 13 Jun 2005 22:49:58 +0200
From: Thierry Carrez <koon@...too.org>
Subject: [Full-disclosure] UPDATE: [ GLSA 200505-06 ] TCPDump:
Decoding routines Denial of Service vulnerability
To: gentoo-announce@...ts.gentoo.org
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
security-alerts@...uxsecurity.com
Message-ID: <42ADF176.3030507@...too.org>
Content-Type: text/plain; charset="iso-8859-1"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200505-06:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: TCPDump: Decoding routines Denial of Service vulnerability
Date: May 09, 2005
Updated: June 12, 2005
Bugs: #90541, #95349
ID: 200505-06:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Update
======
While working on the tcpdump issues solved in the original version of
this GLSA, Simon L. Nielsen from FreeBSD Security Team discovered a
similar infinite loop DoS vulnerability in the BGP handling code
(CAN-2005-1267). New packages have been released to address this new
issue.
The updated sections appear below.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/tcpdump < 3.8.3-r3 >= 3.8.3-r3
Description
===========
TCPDump improperly handles and decodes ISIS (CAN-2005-1278), BGP
(CAN-2005-1267, CAN-2005-1279), LDP (CAN-2005-1279) and RSVP
(CAN-2005-1280) packets. TCPDump might loop endlessly after receiving
malformed packets.
Resolution
==========
All TCPDump users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-3.8.3-r3"
References
==========
[ 1 ] CAN-2005-1267
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1267
[ 2 ] CAN-2005-1278
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1278
[ 3 ] CAN-2005-1279
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1279
[ 4 ] CAN-2005-1280
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1280
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200505-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@...too.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050613/7de07a90/signature-0001.bin
------------------------------
Message: 13
Date: Mon, 13 Jun 2005 22:57:15 +0200
From: Sune Kloppenborg Jeppesen <jaervosz@...too.org>
Subject: [Full-disclosure] [ GLSA 200506-12 ] MediaWiki: Cross-site
scripting vulnerability
To: gentoo-announce@...too.org
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
security-alerts@...uxsecurity.com
Message-ID: <200506132257.20275.jaervosz@...too.org>
Content-Type: text/plain; charset="us-ascii"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: MediaWiki: Cross-site scripting vulnerability
Date: June 13, 2005
Bugs: #95255
ID: 200506-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
MediaWiki is vulnerable to a cross-site scripting attack that could
allow arbitrary scripting code execution.
Background
==========
MediaWiki is a collaborative editing software, used by big projects
like Wikipedia.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-apps/mediawiki < 1.4.5 >= 1.4.5
*>= 1.3.13
Description
===========
MediaWiki incorrectly handles page template inclusions, rendering it
vulnerable to cross-site scripting attacks.
Impact
======
A remote attacker could exploit this vulnerability to inject malicious
script code that will be executed in a user's browser session in the
context of the vulnerable site.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All MediaWiki users should upgrade to the latest available versions:
# emerge --sync
# emerge --ask --oneshot --verbose www-apps/mediawiki
References
==========
[ 1 ] MediaWiki 1.4.5 Release Notes
http://sourceforge.net/project/shownotes.php?release_id=332231
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200506-12.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@...too.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050613/4c007c0b/attachment-0001.bin
------------------------------
Message: 14
Date: Mon, 13 Jun 2005 16:17:19 -0400
From: Karen Seo <kseo@....com>
Subject: [Full-disclosure] NDSS '06 -- Call for Papers
To: full-disclosure@...ts.grok.org.uk
Cc: kseo@....com
Message-ID: <p06210202bed3907db2ca@[128.89.89.67]>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
** My apologies if you receive multiple copies of this message. **
CALL FOR PAPERS
for the
13TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS'06)
February 1st, 2006 - Pre-Conference Workshop
February 2-3, 2006 - Symposium
Catamaran Resort Hotel, San Diego, California
IMPORTANT DATES
* Paper and panel submissions due: 11:59pm PDT, Monday, August 22,
2005. (This deadline is firm--no extensions will be granted except
in the most extreme circumstances.)
* Author notification: Friday, October 7th, 2005.
* Final version of papers and panels due: Sunday, November 6, 2005.
GOAL:
The symposium fosters information exchange among research scientists
and practitioners of network and distributed system security
services. The target audience includes those interested in practical
aspects of network and distributed system security, with a focus on
actual system design and implementation (rather than theory). A
major goal is to encourage and enable the Internet community to
apply, deploy, and advance the state of available security
technology. The proceedings are published by the Internet Society.
HOW TO SUBMIT:
Submission instructions will be available at
http://www.cs.umd.edu/NDSS-06 .
SUBMISSIONS:
Both technical papers and panel proposals are solicited. Technical
papers must not substantially overlap with papers that have been
published or that are simultaneously submitted to a journal or a
conference with proceedings. All papers from authors perpetrating
such "double submissions" will be immediately rejected from the
conference. The Program Committee reserves the right to share
information with other conference chairs and journal editors so as
to detect such cases.
Technical papers should be at most 12 pages excluding the
bibliography and well-marked appendices (using 11-point font,
single column format, and reasonable margins on 8.5"x11" or A4
paper), and at most 20 pages total. Committee members are not
required to read the appendices, so the paper should be
intelligible without them. Technical papers will appear in the
proceedings. Panel proposals should be one page and must describe
the topic, identify the panel chair, explain the panel format, and
list three to four potential panelists. A description of each
panel will appear in the proceedings, and may, at the discretion
of the panel chair, include written position statements from the
panelists.
Submissions are solicited in, but not limited to, the following
areas:
* Integrating security in Internet protocols: routing, naming,
TCP/IP, multicast, network management, and the Web.
* Intrusion prevention, detection, and response: systems,
experiences and architectures.
* Privacy and anonymity technologies.
* Network perimeter controls: firewalls, packet filters, application
gateways.
* Virtual private networks.
* Security for emerging technologies: sensor networks, specialized
testbeds, wireless/mobile (and ad hoc) networks, personal
communication systems, RFID systems, peer-to-peer and overlay
network systems.
* Secure electronic commerce: e.g., payment, barter, EDI,
notarization, timestamping, endorsement, and licensing.
* Supporting security mechanisms and APIs; audit trails;
accountability.
* Implementation, deployment and management of network security
policies.
* Intellectual property protection: protocols, implementations,
metering, watermarking, digital rights management.
* Fundamental services on network and distributed systems:
authentication, data integrity, confidentiality, authorization,
non-repudiation, and availability.
* Integrating security services with system and application security
facilities and protocols: e.g., message handling, file
transport/access, directories, time synchronization, data base
management, boot services, mobile computing.
* Public key infrastructure, key management, certification, and
revocation.
* Special problems and case studies: e.g., tradeoffs between
security and efficiency, usability, reliability and cost.
* Security for collaborative applications: teleconferencing and
video-conferencing, electronic voting, groupwork, etc.
* Software hardening: e.g., detecting and defending against
software bugs (overflows, etc.)
* Security for large-scale systems and critical infrastructures.
Each submission must be accompanied by a separate, electronically
submitted Submission Overview specifying the submission type (paper
or panel), the title or topic, author names with organizational
affiliations, and must specify a contact author along with
corresponding phone number, FAX number, postal address and email
address.
Submissions must be received by 11:59pm PDT, August 22rd, 2005, and
must be made electronically in PDF format (for example, by using
pdflatex). Each submission will be acknowledged by e-mail; if
acknowledgment is not received within seven days, contact a program
co-chair (see below). Authors and panelists will be notified of
acceptance by October 7th, 2005, and given instructions for
preparing the camera-ready copy. The camera-ready copy must be
received by November 5th, 2005.
PROGRAM COMMITTEE
* William Arbaugh, University of Maryland (Program co-chair)
* Hao Chen, University of California, Davis
* Crispin Cowan, Novell
* Glenn Durfee, Palo Alto Research Center
* Kevin Fu, University of Massachussetts, Amherst
* Steve Gribble, University of Washington
* Yih-Chun Hu, University of Illinois, Urbana-Champaign
* Steve Kent, BBN
* Angelos D. Keromytis, Columbia University
* Tadayoshi Kohno, University of California, San Diego
* Wenke Lee, Georgia Institute of Technology
* Fabian Monrose, Johns Hopkins University
* Niels Provos, Google
* Michael Roe, Microsoft Research, Cambridge
* Dan Simon, Microsoft Research (Program co-chair)
* Sean Smith, Dartmouth College
* Dawn Song, CMU
* Adam Stubblefield, Independent Security Evaluators
* Jonathan Trostle, ASK Consulting & Research, Inc.
* Dan S. Wallach, Rice University
* Nicholas Weaver, International Computer Science Institute
* Dongyan Xu, Purdue University
------------------------------
Message: 15
Date: Mon, 13 Jun 2005 21:42:09 -0500 (CDT)
From: Ron DuFresne <dufresne@...ternet.com>
Subject: Re: [Full-disclosure] RE: End users as security devices
To: Daniel Sichel <daniels@...derosatel.com>
Cc: full-disclosure@...ts.grok.org.uk
Message-ID:
<Pine.GSO.4.43.0506132140450.25620-100000@...dra.winternet.com>
Content-Type: TEXT/PLAIN; charset=US-ASCII
>
> Don't lose faith, don't give up, keep explaining, and training. You CAN
> make end users proactive participants in enterprise security. Just
> remember, there will always be a few intellectually challenged folks who
> need a bit of extra mentoring. Try to be patient, and NO, you can't put
> handicap placards on computers used by those with IQs below 90, sorry.
>
if this was true, then educating would not be a full time thing making
some companies tons of cash as they come into an org and do it over and
over and over....
Thanks,
Ron DuFresne
<still believes in larts>
--
"Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back." --B.B. King
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
------------------------------
Message: 16
Date: Tue, 14 Jun 2005 00:15:03 -0400
From: Valdis.Kletnieks@...edu
Subject: Re: [Full-disclosure] RE: End users as security devices
To: Ron DuFresne <dufresne@...ternet.com>
Cc: full-disclosure@...ts.grok.org.uk, Daniel Sichel
<daniels@...derosatel.com>
Message-ID: <200506140415.j5E4F4TT016077@...ing-police.cc.vt.edu>
Content-Type: text/plain; charset="us-ascii"
On Mon, 13 Jun 2005 21:42:09 CDT, Ron DuFresne said:
> Ron DuFresne
> <still believes in larts>
http://ars.userfriendly.org/cartoons/?id=20030210&mode=classic
Unfortunately, there's one at every site:
http://ars.userfriendly.org/cartoons/?id=20030211&mode=classic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050614/980bbcfd/attachment-0001.bin
------------------------------
Message: 17
Date: Tue, 14 Jun 2005 11:08:31 +0200
From: Frederic Charpentier <fcharpen@...opartners.com>
Subject: Re: [Full-disclosure] Web application Security Scanner
To: full-disclosure@...ts.grok.org.uk
Message-ID: <42AE9E8F.8010406@...opartners.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi.
An efficient program, capable of finding unknown vulnerabilities in web
application, does not exist.
Nikto, Ns-stealth are usefull, but they will never do a proper audit.
Paros, Sleuth and Spike are really usefull to find unknown
vulnerabilites, but they are not automatic. Someone needs to be in front
of the screen to interpret the behaviour of the application.
Fred
tgoogle wrote:
> Did you know the best Web app security scanner?
>
> I need scanner, which would find SQL injections, XSS, php include and other bug in unknown Web application.
>
> Thanks
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web : http://www.xmcopartners.com
------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
End of Full-Disclosure Digest, Vol 4, Issue 17
**********************************************
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 6/8/2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 6/8/2005
Powered by blists - more mailing lists