| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 May 2007 15:35:25 +0300 From: "badr muhyeddin" <gigiyousef@...mail.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Full-Disclosure Digest, Vol 27, Issue 16 Please, I beg you dont ever sent me any other email >From: full-disclosure-request@...ts.grok.org.uk >Reply-To: full-disclosure@...ts.grok.org.uk >To: full-disclosure@...ts.grok.org.uk >Subject: Full-Disclosure Digest, Vol 27, Issue 16 >Date: Thu, 10 May 2007 12:00:02 +0100 > >Send Full-Disclosure mailing list submissions to > full-disclosure@...ts.grok.org.uk > >To subscribe or unsubscribe via the World Wide Web, visit > https://lists.grok.org.uk/mailman/listinfo/full-disclosure >or, via email, send a message with subject or body 'help' to > full-disclosure-request@...ts.grok.org.uk > >You can reach the person managing the list at > full-disclosure-owner@...ts.grok.org.uk > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Full-Disclosure digest..." > > >Note to digest recipients - when replying to digest posts, please trim your >post appropriately. Thank you. > > >Today's Topics: > > 1. [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability > (security@...driva.com) > 2. Re: [ MDKSA-2007:101 ] - Updated bind packages fix > vulnerability (Jeroen Massar) > 3. Re: [ MDKSA-2007:101 ] - Updated bind packages fix > vulnerability (Jeroen Massar) > 4. Secunia Research: BearShare NCTAudioFile2 ActiveX Control > Buffer Overflow (Secunia Research) > 5. Secunia Research: Internet Explorer HTML Objects Memory > Corruption Vulnerability (Secunia Research) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Wed, 09 May 2007 18:22:52 -0600 >From: security@...driva.com >Subject: [Full-disclosure] [ MDKSA-2007:101 ] - Updated bind packages > fix vulnerability >To: full-disclosure@...ts.grok.org.uk >Message-ID: <E1HlwQm-0006AI-4a@...emis.annvix.ca> > > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > _______________________________________________________________________ > > Mandriva Linux Security Advisory MDKSA-2007:101 > http://www.mandriva.com/security/ > _______________________________________________________________________ > > Package : vim > Date : May 9, 2007 > Affected: 2007.0, 2007.1 > _______________________________________________________________________ > > Problem Description: > > A vulnerability in vim 7.0's modeline processing capabilities was > discovered where a user with modelines enabled could open a text file > containing a carefully crafted modeline, executing arbitrary commands > as the user running vim. > > Updated packages have been patched to prevent this issue. > _______________________________________________________________________ > > References: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2438 > _______________________________________________________________________ > > Updated Packages: > > Mandriva Linux 2007.0: > 193c5e6f9c4b7fbd883e756fd68e9d9c >2007.0/i586/vim-X11-7.0-16.1mdv2007.0.i586.rpm > 22c359a9bb903b4971c26ef8d820dd8b >2007.0/i586/vim-common-7.0-16.1mdv2007.0.i586.rpm > 78b297d07af026ba2ca661af576753dd >2007.0/i586/vim-enhanced-7.0-16.1mdv2007.0.i586.rpm > a308c0c95a8feeb08db2e3cd4655360c >2007.0/i586/vim-minimal-7.0-16.1mdv2007.0.i586.rpm > f18e2a622218e087cdd0a91d9ae0d53e >2007.0/SRPMS/vim-7.0-16.1mdv2007.0.src.rpm > > Mandriva Linux 2007.0/X86_64: > f059a28a227db17faffd2f363b42117a >2007.0/x86_64/vim-X11-7.0-16.1mdv2007.0.x86_64.rpm > 64d32a388460072e1508be8c945d8409 >2007.0/x86_64/vim-common-7.0-16.1mdv2007.0.x86_64.rpm > aa8ce225cc3811dcb76047b65e3dd1c4 >2007.0/x86_64/vim-enhanced-7.0-16.1mdv2007.0.x86_64.rpm > dedd42ccd0b0a1934991d911eab9cb0a >2007.0/x86_64/vim-minimal-7.0-16.1mdv2007.0.x86_64.rpm > f18e2a622218e087cdd0a91d9ae0d53e >2007.0/SRPMS/vim-7.0-16.1mdv2007.0.src.rpm > > Mandriva Linux 2007.1: > ee17731cce031b58b290cf9a61c982c0 >2007.1/i586/vim-X11-7.0-16.1mdv2007.1.i586.rpm > c3d2fd233ac1984af174fdad6c2b4be2 >2007.1/i586/vim-common-7.0-16.1mdv2007.1.i586.rpm > 5bf3f905abee7a585d5b11fb2c98b2e8 >2007.1/i586/vim-enhanced-7.0-16.1mdv2007.1.i586.rpm > 5138b4b2c511f7608f9db5503f14c6d1 >2007.1/i586/vim-minimal-7.0-16.1mdv2007.1.i586.rpm > 0f068f60ab76873471ebe0992ccc5ccd >2007.1/SRPMS/vim-7.0-16.1mdv2007.1.src.rpm > > Mandriva Linux 2007.1/X86_64: > 890a4acc16d4b59e59b721f65686b4ef >2007.1/x86_64/vim-X11-7.0-16.1mdv2007.1.x86_64.rpm > e6498971d58c5fc3fbe6aac03f0ae0fe >2007.1/x86_64/vim-common-7.0-16.1mdv2007.1.x86_64.rpm > 0b4f61e8c8848a10d67a822b04bea7bd >2007.1/x86_64/vim-enhanced-7.0-16.1mdv2007.1.x86_64.rpm > 0776ae51087370ec5ebce9c0996ed5e8 >2007.1/x86_64/vim-minimal-7.0-16.1mdv2007.1.x86_64.rpm > 0f068f60ab76873471ebe0992ccc5ccd >2007.1/SRPMS/vim-7.0-16.1mdv2007.1.src.rpm > _______________________________________________________________________ > > To upgrade automatically use MandrivaUpdate or urpmi. The verification > of md5 checksums and GPG signatures is performed automatically for you. > > All packages are signed by Mandriva for security. You can obtain the > GPG public key of the Mandriva Security Team by executing: > > gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 > > You can view other update advisories for Mandriva Linux at: > > http://www.mandriva.com/security/advisories > > If you want to report vulnerabilities, please contact > > security_(at)_mandriva.com > _______________________________________________________________________ > > Type Bits/KeyID Date User ID > pub 1024D/22458A98 2000-07-10 Mandriva Security Team > <security*mandriva.com> >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.7 (GNU/Linux) > >iD8DBQFGQjuFmqjQ0CJFipgRAgaPAKDq9k/P25VQ4erXuk8cznuJrsSbTACg8kLE >6u+Od503dEYQxrf63PILWMc= >=jk4Z >-----END PGP SIGNATURE----- > > > >------------------------------ > >Message: 2 >Date: Thu, 10 May 2007 01:52:19 +0100 >From: Jeroen Massar <jeroen@...ix.org> >Subject: Re: [Full-disclosure] [ MDKSA-2007:101 ] - Updated bind > packages fix vulnerability >To: xsecurity@...driva.com >Cc: full-disclosure@...ts.grok.org.uk >Message-ID: <46426CC3.4070405@...ghetti.zurich.ibm.com> >Content-Type: text/plain; charset="iso-8859-1" > >security@...driva.com wrote: > > _______________________________________________________________________ > > > > Mandriva Linux Security Advisory MDKSA-2007:101 > > http://www.mandriva.com/security/ > > _______________________________________________________________________ > > > > Package : vim > > Date : May 9, 2007 > > Affected: 2007.0, 2007.1 > >But the subject line reads: > >[ MDKSA-2007:101 ] - Updated bind packages fix vulnerability > >So is this a spoof or is this a spoof? >Or did somebody make a booboo at Mandriva. The PGP key seems to at least >check out for the fact that the signature on the part of the message >that is signed is correct. As the PGP key is not in the strong set it >can't be really trusted of course. > >Greets, > Jeroen > >-------------- next part -------------- >A non-text attachment was scrubbed... >Name: signature.asc >Type: application/pgp-signature >Size: 311 bytes >Desc: OpenPGP digital signature >Url : >http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070510/5d4e910c/attachment-0001.bin > >------------------------------ > >Message: 3 >Date: Thu, 10 May 2007 01:54:20 +0100 >From: Jeroen Massar <jeroen@...ix.org> >Subject: Re: [Full-disclosure] [ MDKSA-2007:101 ] - Updated bind > packages fix vulnerability >To: security@...driva.com >Cc: full-disclosure@...ts.grok.org.uk >Message-ID: <46426D3C.6060900@...ghetti.zurich.ibm.com> >Content-Type: text/plain; charset="iso-8859-1" > >Jeroen Massar wrote: > > security@...driva.com wrote: > >> >_______________________________________________________________________ > >> > >> Mandriva Linux Security Advisory >MDKSA-2007:101 > >> http://www.mandriva.com/security/ > >> >_______________________________________________________________________ > >> > >> Package : vim > >> Date : May 9, 2007 > >> Affected: 2007.0, 2007.1 > > > > But the subject line reads: > > > > [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability > > > > So is this a spoof or is this a spoof? > > Or did somebody make a booboo at Mandriva. The PGP key seems to at least > > check out for the fact that the signature on the part of the message > > that is signed is correct. As the PGP key is not in the strong set it > > can't be really trusted of course. > >Also setting a Reply-To: to a broken xsecurity@...driva.com absolutely >doesn't make any sense (unless you want to partially overcome the >problem of vacation messages getting bounced back, but hey those people >will nicely ignore your Reply-To anyway....) > >-- > >This is the Postfix program at host imap.mandriva.com. > >I'm sorry to have to inform you that your message could not be >be delivered to one or more recipients. It's attached below. > >For further assistance, please send mail to <postmaster> > >If you do so, please include this problem report. You can >delete your own text from the attached returned message. > > The Postfix program > ><xsecurity@...driva.com>: host > /var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp] said: 550-Mailbox > unknown. Either there is no mailbox associated with this 550-name >or you > do not have authorization to see it. 550 5.1.1 User unknown (in reply >to > RCPT TO command) > >-------------- next part -------------- >A non-text attachment was scrubbed... >Name: signature.asc >Type: application/pgp-signature >Size: 311 bytes >Desc: OpenPGP digital signature >Url : >http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070510/b3c3d277/attachment-0001.bin > >------------------------------ > >Message: 4 >Date: Thu, 10 May 2007 07:12:09 +0200 >From: Secunia Research <remove-vuln@...unia.com> >Subject: [Full-disclosure] Secunia Research: BearShare NCTAudioFile2 > ActiveX Control Buffer Overflow >To: full-disclosure@...ts.grok.org.uk >Message-ID: <1178773929.16120.437.camel@....intnet> >Content-Type: text/plain > >====================================================================== > > Secunia Research 09/05/2007 > > - BearShare NCTAudioFile2 ActiveX Control Buffer Overflow - > >====================================================================== >Table of Contents > >Affected Software....................................................1 >Severity.............................................................2 >Vendor's Description of Software.....................................3 >Description of Vulnerability.........................................4 >Solution.............................................................5 >Time Table...........................................................6 >Credits..............................................................7 >References...........................................................8 >About Secunia........................................................9 >Verification........................................................10 > >====================================================================== >1) Affected Software > >BearShare 6.0.2.26789 > >NOTE: Other versions may also be affected. > >====================================================================== >2) Severity > >Rating: Highly critical >Impact: System compromise >Where: Remote > >====================================================================== >3) Vendor's Description of Software > >"Share, Discover and Download music and videos." > >Product Link: >http://www.bearshare.com/ > >====================================================================== >4) Description of Vulnerability > >Secunia Research has discovered a vulnerability in BearShare, which >can be exploited by malicious people to compromise a user's system. > >The vulnerability is caused due to a boundary error in the >NCTAudioFile2.AudioFile ActiveX control when handling the >"SetFormatLikeSample()" method. This can be exploited to cause a >stack-based buffer overflow by passing an overly long string (about >4124 bytes) as argument to the affected method. > >Successful exploitation allows execution of arbitrary code when a user >e.g. visits a malicious website. > >====================================================================== >5) Solution > >Set the kill-bit for the affected ActiveX control. > >====================================================================== >6) Time Table > >30/04/2007 - Vendor notified. >09/05/2007 - Public disclosure. > >====================================================================== >7) Credits > >Discovered by Carsten Eiram, Secunia Research. > >====================================================================== >8) References > >The Common Vulnerabilities and Exposures (CVE) project has assigned >CVE-2007-0018 for the vulnerability. > >====================================================================== >9) About Secunia > >Secunia offers vulnerability management solutions to corporate >customers with verified and reliable vulnerability intelligence >relevant to their specific system configuration: > >http://corporate.secunia.com/ > >Secunia also provides a publicly accessible and comprehensive advisory >database as a service to the security community and private >individuals, who are interested in or concerned about IT-security. > >http://secunia.com/ > >Secunia believes that it is important to support the community and to >do active vulnerability research in order to aid improving the >security and reliability of software in general: > >http://corporate.secunia.com/secunia_research/33/ > >Secunia regularly hires new skilled team members. Check the URL below >to see currently vacant positions: > >http://secunia.com/secunia_vacancies/ > >Secunia offers a FREE mailing list called Secunia Security Advisories: > >http://secunia.com/secunia_security_advisories/ > >====================================================================== >10) Verification > >Please verify this advisory by visiting the Secunia website: >http://secunia.com/secunia_research/2007-50/ > >Complete list of vulnerability reports published by Secunia Research: >http://secunia.com/secunia_research/ > >====================================================================== > > > > > >------------------------------ > >Message: 5 >Date: Thu, 10 May 2007 07:13:49 +0200 >From: Secunia Research <remove-vuln@...unia.com> >Subject: [Full-disclosure] Secunia Research: Internet Explorer HTML > Objects Memory Corruption Vulnerability >To: full-disclosure@...ts.grok.org.uk >Message-ID: <1178774029.16120.441.camel@....intnet> >Content-Type: text/plain > >====================================================================== > > Secunia Research 09/05/2007 > > - Internet Explorer HTML Objects Memory Corruption Vulnerability - > >====================================================================== >Table of Contents > >Affected Software....................................................1 >Severity.............................................................2 >Vendor's Description of Software.....................................3 >Description of Vulnerability.........................................4 >Solution.............................................................5 >Time Table...........................................................6 >Credits..............................................................7 >References...........................................................8 >About Secunia........................................................9 >Verification........................................................10 > >====================================================================== >1) Affected Software > >* Microsoft Internet Explorer 7 > >====================================================================== >2) Severity > >Rating: Moderately Critical >Impact: System Access >Where: Remote > >====================================================================== >3) Vendor's Description of Software > >Internet Explorer 7 provides improved navigation through tabbed >browsing, web search right from the toolbar, advanced printing, easy >discovery, reading and subscription to RSS feeds, and much more. > >http://www.microsoft.com/windows/products/winfamily/ie/default.mspx > >====================================================================== >4) Description of Vulnerability > >Secunia Research has discovered a vulnerability in Internet Explorer, >which can be exploited by malicious people to compromise a vulnerable >system. > >The vulnerability is caused due to an error in the handling of HTML >objects as a CMarkup object is used in certain cases after it has been >freed. This can be exploited to corrupt memory via a specially crafted >web page. > >Successful exploitation allows execution of arbitrary code. > >====================================================================== >5) Solution > >Apply patches (see the Microsoft security bulletin for details). > >====================================================================== >6) Time Table > >18/01/2007 - Vendor notified. >19/01/2007 - Vendor response. >09/05/2007 - Public disclosure. > >====================================================================== >7) Credits > >Discovered by JJ Reyes, Secunia Research. > >====================================================================== >8) References > >MS07-027 (KB931768): >http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx > >The Common Vulnerabilities and Exposures (CVE) project has assigned >CVE-2007-0947 for the vulnerability. > >====================================================================== >9) About Secunia > >Secunia offers vulnerability management solutions to corporate >customers with verified and reliable vulnerability intelligence >relevant to their specific system configuration: > >http://corporate.secunia.com/ > >Secunia also provides a publicly accessible and comprehensive advisory >database as a service to the security community and private >individuals, who are interested in or concerned about IT-security. > >http://secunia.com/ > >Secunia believes that it is important to support the community and to >do active vulnerability research in order to aid improving the >security and reliability of software in general: > >http://corporate.secunia.com/secunia_research/33/ > >Secunia regularly hires new skilled team members. Check the URL below >to see currently vacant positions: > >http://secunia.com/secunia_vacancies/ > >Secunia offers a FREE mailing list called Secunia Security Advisories: > >http://secunia.com/secunia_security_advisories/ > >====================================================================== >10) Verification > >Please verify this advisory by visiting the Secunia website: >http://secunia.com/secunia_research/2007-36/ > >Complete list of vulnerability reports published by Secunia Research: >http://secunia.com/secunia_research/ > >====================================================================== > > > > > >------------------------------ > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > >End of Full-Disclosure Digest, Vol 27, Issue 16 >*********************************************** _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists