lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 25 Sep 2010 17:34:24 +0000
From: hmarti2@...c.edu
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Full-Disclosure Digest, Vol 67, Issue 41

Good luck on that one.... 
Sent via BlackBerry by AT&T

-----Original Message-----
From: full-disclosure-request@...ts.grok.org.uk
Sender: full-disclosure-bounces@...ts.grok.org.uk
Date: Sat, 25 Sep 2010 12:00:01 
To: <full-disclosure@...ts.grok.org.uk>
Reply-To: full-disclosure@...ts.grok.org.uk
Subject: Full-Disclosure Digest, Vol 67, Issue 41

Send Full-Disclosure mailing list submissions to
	full-disclosure@...ts.grok.org.uk

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
	full-disclosure-request@...ts.grok.org.uk

You can reach the person managing the list at
	full-disclosure-owner@...ts.grok.org.uk

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."


Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you.


Today's Topics:

   1. [ MDVSA-2010:189 ] pcsc-lite (security@...driva.com)
   2. [ MDVSA-2010:189-1 ] pcsc-lite (security@...driva.com)
   3. Re: the real stuxnet authors plz stand up (coderman)
   4. Re: the real stuxnet authors plz stand up (coderman)
   5. Re: the real stuxnet authors plz stand up (coderman)
   6. Re: the real stuxnet authors plz stand up (coderman)
   7. Re: the real stuxnet authors plz stand up (coderman)


----------------------------------------------------------------------

Message: 1
Date: Fri, 24 Sep 2010 14:43:01 +0200
From: security@...driva.com
Subject: [Full-disclosure] [ MDVSA-2010:189 ] pcsc-lite
To: full-disclosure@...ts.grok.org.uk
Message-ID: <E1Oz7cD-0005XV-F0@...an.mandriva.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:189
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pcsc-lite
 Date    : September 24, 2010
 Affected: 2008.0, 2009.0, 2009.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in pcsc-lite:
 
 The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart
 Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow
 local users to cause a denial of service (daemon crash) via crafted
 SCARD_SET_ATTRIB message data, which is improperly demarshalled
 and triggers a buffer over-read, a related issue to CVE-2010-0407
 (CVE-2009-4901).
 
 Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c
 in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4
 and earlier might allow local users to gain privileges via crafted
 SCARD_CONTROL message data, which is improperly demarshalled.  NOTE:
 this vulnerability exists because of an incorrect fix for CVE-2010-0407
 (CVE-2009-4902).
 
 Multiple buffer overflows in the MSGFunctionDemarshall function in
 winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE
 PCSC-Lite before 1.5.4 allow local users to gain privileges via
 crafted message data, which is improperly demarshalled (CVE-2010-0407).
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4901
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4902
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0407
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 8542435bcf848ec4a758f08abb440de6  2008.0/i586/libpcsclite1-1.4.4-1.1mdv2008.0.i586.rpm
 b2cba2d308ce62f0db856cbeb397e579  2008.0/i586/libpcsclite-devel-1.4.4-1.1mdv2008.0.i586.rpm
 91aa91411c7755f9fef3bc9d2247ae8d  2008.0/i586/libpcsclite-static-devel-1.4.4-1.1mdv2008.0.i586.rpm
 a9b3733633dea019f2604a3edaee1108  2008.0/i586/pcsc-lite-1.4.4-1.1mdv2008.0.i586.rpm 
 f08e053f4969deef763e11fd6d66b408  2008.0/SRPMS/pcsc-lite-1.4.4-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 6e0f7e5e8069e5aa694de0b51d51e7f7  2008.0/x86_64/lib64pcsclite1-1.4.4-1.1mdv2008.0.x86_64.rpm
 ecb3d147a0989e9f11b6c21a99d78b00  2008.0/x86_64/lib64pcsclite-devel-1.4.4-1.1mdv2008.0.x86_64.rpm
 217d8be73202d169f0749b586d2fc78d  2008.0/x86_64/lib64pcsclite-static-devel-1.4.4-1.1mdv2008.0.x86_64.rpm
 5124ffac456d3ddcbe83c2cc20b3e65b  2008.0/x86_64/pcsc-lite-1.4.4-1.1mdv2008.0.x86_64.rpm 
 f08e053f4969deef763e11fd6d66b408  2008.0/SRPMS/pcsc-lite-1.4.4-1.1mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 9e6699c3b26d60127e0caaa1aa2289d2  2009.0/i586/libpcsclite1-1.4.102-1.1mdv2009.0.i586.rpm
 72a1a3d5e01ed8345f265a77f4ea05dd  2009.0/i586/libpcsclite-devel-1.4.102-1.1mdv2009.0.i586.rpm
 349726056604450832d18ebef0b719c0  2009.0/i586/libpcsclite-static-devel-1.4.102-1.1mdv2009.0.i586.rpm
 e87e4987d3fbf641f645b2009471f387  2009.0/i586/pcsc-lite-1.4.102-1.1mdv2009.0.i586.rpm 
 76334baf4d0a4c7e7269be6855aee4c2  2009.0/SRPMS/pcsc-lite-1.4.102-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 0ecec7927fddbf1791384667d4c2cb0f  2009.0/x86_64/lib64pcsclite1-1.4.102-1.1mdv2009.0.x86_64.rpm
 628debd6fb07c332a72b836c165bcc8d  2009.0/x86_64/lib64pcsclite-devel-1.4.102-1.1mdv2009.0.x86_64.rpm
 ae015f03362f7399c9aba451f2f7fecd  2009.0/x86_64/lib64pcsclite-static-devel-1.4.102-1.1mdv2009.0.x86_64.rpm
 64fbc7257cbfc5a18c1d3f63ab8860e8  2009.0/x86_64/pcsc-lite-1.4.102-1.1mdv2009.0.x86_64.rpm 
 76334baf4d0a4c7e7269be6855aee4c2  2009.0/SRPMS/pcsc-lite-1.4.102-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 f6fbc67ddacadd6e421fd68d02e12633  2009.1/i586/libpcsclite1-1.5.2-1.1mdv2009.1.i586.rpm
 a1ba1511fd5dd26573527ef50ce81b5e  2009.1/i586/libpcsclite-devel-1.5.2-1.1mdv2009.1.i586.rpm
 4b9ba378d857ae48a846f00e286024e8  2009.1/i586/libpcsclite-static-devel-1.5.2-1.1mdv2009.1.i586.rpm
 6a704dd4e7d8423d35db366dbf689cb7  2009.1/i586/pcsc-lite-1.5.2-1.1mdv2009.1.i586.rpm 
 01a7091c9fcf2337578c9caeebc87833  2009.1/SRPMS/pcsc-lite-1.5.2-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 613b7a63921e05a482fb4aae6a36d5cf  2009.1/x86_64/lib64pcsclite1-1.5.2-1.1mdv2009.1.x86_64.rpm
 9dd66b08eb34e7fa8d00c569f0face33  2009.1/x86_64/lib64pcsclite-devel-1.5.2-1.1mdv2009.1.x86_64.rpm
 8b7f3042144456046ac6a550d49466f7  2009.1/x86_64/lib64pcsclite-static-devel-1.5.2-1.1mdv2009.1.x86_64.rpm
 8f4c9901adccf658a5edd7b88e735568  2009.1/x86_64/pcsc-lite-1.5.2-1.1mdv2009.1.x86_64.rpm 
 01a7091c9fcf2337578c9caeebc87833  2009.1/SRPMS/pcsc-lite-1.5.2-1.1mdv2009.1.src.rpm

 Mandriva Enterprise Server 5:
 4194b2888cee96308009918fd78ec2e6  mes5/i586/libpcsclite1-1.4.102-1.1mdvmes5.1.i586.rpm
 5fceb0986718f744abbd371129b38eba  mes5/i586/libpcsclite-devel-1.4.102-1.1mdvmes5.1.i586.rpm
 f856c267204173af9fad236eac81c28f  mes5/i586/libpcsclite-static-devel-1.4.102-1.1mdvmes5.1.i586.rpm
 6d601e4b1d1168ebec78c5d945378e02  mes5/i586/pcsc-lite-1.4.102-1.1mdvmes5.1.i586.rpm 
 0b52ec2a75a79cdef80d31b6b55323d1  mes5/SRPMS/pcsc-lite-1.4.102-1.1mdv2009.0.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 245e8a6081254bacb173674d15594e98  mes5/x86_64/lib64pcsclite1-1.4.102-1.1mdvmes5.1.x86_64.rpm
 315e276f89d1bd75105a2e40f2976b81  mes5/x86_64/lib64pcsclite-devel-1.4.102-1.1mdvmes5.1.x86_64.rpm
 731b15c35ffe0872052578e9a25f3fa2  mes5/x86_64/lib64pcsclite-static-devel-1.4.102-1.1mdvmes5.1.x86_64.rpm
 ca6aa016db366b69b83ca08814a9636c  mes5/x86_64/pcsc-lite-1.4.102-1.1mdvmes5.1.x86_64.rpm 
 0b52ec2a75a79cdef80d31b6b55323d1  mes5/SRPMS/pcsc-lite-1.4.102-1.1mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMnGzomqjQ0CJFipgRAmXTAKDITs6XSqDRd8Bm+jEKeBBi8VCnmgCdG3k7
73gkpAFx7zZqY3bL0t73fqA=
=qjIw
-----END PGP SIGNATURE-----



------------------------------

Message: 2
Date: Fri, 24 Sep 2010 16:39:01 +0200
From: security@...driva.com
Subject: [Full-disclosure] [ MDVSA-2010:189-1 ] pcsc-lite
To: full-disclosure@...ts.grok.org.uk
Message-ID: <E1Oz9QT-0000ce-Tg@...an.mandriva.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2010:189-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pcsc-lite
 Date    : September 24, 2010
 Affected: Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in pcsc-lite:
 
 The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart
 Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow
 local users to cause a denial of service (daemon crash) via crafted
 SCARD_SET_ATTRIB message data, which is improperly demarshalled
 and triggers a buffer over-read, a related issue to CVE-2010-0407
 (CVE-2009-4901).
 
 Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c
 in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4
 and earlier might allow local users to gain privileges via crafted
 SCARD_CONTROL message data, which is improperly demarshalled.  NOTE:
 this vulnerability exists because of an incorrect fix for CVE-2010-0407
 (CVE-2009-4902).
 
 Multiple buffer overflows in the MSGFunctionDemarshall function in
 winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE
 PCSC-Lite before 1.5.4 allow local users to gain privileges via
 crafted message data, which is improperly demarshalled (CVE-2010-0407).
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct these issues.

 Update:

 The previous MDVSA-2010:189 advisory was missing the packages for CS4,
 this advisory corrects the problem.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4901
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4902
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0407
 _______________________________________________________________________

 Updated Packages:

 Corporate 4.0:
 0c66f40efecdc0c3ae8f27dbe1abc4c5  corporate/4.0/i586/libpcsclite1-1.3.0-2.1.20060mlcs4.i586.rpm
 5623a50de3f9505c5a8b503a844d9ac5  corporate/4.0/i586/libpcsclite1-devel-1.3.0-2.1.20060mlcs4.i586.rpm
 ab1f8bec0cee4bd2e88e40b6c34d9160  corporate/4.0/i586/libpcsclite1-static-devel-1.3.0-2.1.20060mlcs4.i586.rpm
 27431d0962492720c5b7cca1491ebade  corporate/4.0/i586/pcsc-lite-1.3.0-2.1.20060mlcs4.i586.rpm 
 524c61d97f58343dee043627407f37ee  corporate/4.0/SRPMS/pcsc-lite-1.3.0-2.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 679754ead473749cc755350951df0478  corporate/4.0/x86_64/lib64pcsclite1-1.3.0-2.1.20060mlcs4.x86_64.rpm
 974188458cb887457a22cb4be169ba24  corporate/4.0/x86_64/lib64pcsclite1-devel-1.3.0-2.1.20060mlcs4.x86_64.rpm
 300a3a9416d02cfd092bb5e3bc81302d  corporate/4.0/x86_64/lib64pcsclite1-static-devel-1.3.0-2.1.20060mlcs4.x86_64.rpm
 7e491ebb83c94c00b249db757c0e052b  corporate/4.0/x86_64/pcsc-lite-1.3.0-2.1.20060mlcs4.x86_64.rpm 
 524c61d97f58343dee043627407f37ee  corporate/4.0/SRPMS/pcsc-lite-1.3.0-2.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMnI0kmqjQ0CJFipgRAkbCAJ9WgEQY8sy1UUqXjCgQFMy9SfTa4QCgqgbV
daNX/N1UA/Xi7dcWucABNSU=
=Z3Xz
-----END PGP SIGNATURE-----



------------------------------

Message: 3
Date: Fri, 24 Sep 2010 20:35:44 -0700
From: coderman <coderman@...il.com>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Message-ID:
	<AANLkTinhORpn2N0jTxDMofCRw994V-B4XypJ1vmkeGAk@...l.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On Thu, Jul 29, 2010 at 10:49 AM, coderman <coderman@...il.com> wrote:
> stuxnet is strategic, and misleading. ... red team off roading?
> ...
> one of you two of eight snitches knows the details, full-disclosure! [0]

h0 h0 h0!

this gift keeps on giving...

no more for me thanks.


e4ffa4d8cb70e97af381aea2232d1064b51ecf9bdcd70824fe4675679d9fbf93



------------------------------

Message: 4
Date: Fri, 24 Sep 2010 21:00:08 -0700
From: coderman <coderman@...il.com>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Message-ID:
	<AANLkTinJ8vWfSPqb+qUMY+3W2gA-4GkdC5JR5YjPutWQ@...l.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

natanz focus, not bushehr.

costs and delays to both sites a bonus...

(everyone else, well, you're collateral damage that learned a valuable
lesson, right? :)



------------------------------

Message: 5
Date: Fri, 24 Sep 2010 22:57:35 -0700
From: coderman <coderman@...il.com>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Message-ID:
	<AANLkTinTO=TzvQHq_ZJViFgq0cxToVsQFVBz3Q_2+m-7@...l.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On Thu, Jul 29, 2010 at 10:49 AM, coderman <coderman@...il.com> wrote:
> stuxnet is strategic, and misleading...

misleading because the failures induced in target present as
inefficiencies and mechanical fatigue in centrifuge process; intent is
to cast suspicion and resources on manufacturing and/or assembly of
centrifuge hardware as cursory checks of digital systems (data
presumably acquired from floor) return normative.

good game, sirs!
 target spends dollars and weeks/months pursuing errors in physical
supply and installation paths en-route to / on site, all the while the
wear is digitally done; out of sight, out of mind...

this game (offensive, methodical, precision targeted high-assurance
malware) is an odd sort of global-actor assasination politik. like
china blasting sats in space, it was bound to happen sooner or later
:P



------------------------------

Message: 6
Date: Fri, 24 Sep 2010 23:30:06 -0700
From: coderman <coderman@...il.com>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Message-ID:
	<AANLkTinqZ6JwEvaUFtSycN3Y3MHN4Ct3-aaaYQo+_jLR@...l.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On Fri, Sep 24, 2010 at 10:57 PM, coderman <coderman@...il.com> wrote:
> On Thu, Jul 29, 2010 at 10:49 AM, coderman <coderman@...il.com> wrote:
>> stuxnet is strategic, and misleading...
>
> misleading because the failures induced in target present as
> inefficiencies and mechanical fatigue in centrifuge process...

Qom also hit - the fingerprinting mechanism is essentially mapped to
form and function, rather than specific instance. That is to say, the
Qom centrifuge enrichment deployment is sufficiently similar in
devices and software applied (WinCC, 6ES7-417, 6ES7-315-2, etc.) as to
also fall under precision targeting.

yay full disclosure.

0x04



------------------------------

Message: 7
Date: Sat, 25 Sep 2010 00:54:23 -0700
From: coderman <coderman@...il.com>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up
To: kenneth@...rt.ca
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Message-ID:
	<AANLkTim_NWMnoefXHxDY1HsHm-AcWXKZ_VU-Px-LyH2v@...l.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On Fri, Sep 24, 2010 at 11:48 PM, Kenneth Voort <kenneth@...rt.ca> wrote:
> Get real...

i did not say bushehr was not impacted; a side effect of the re-use of
same real-time PLC workflow controller there resulted in cluster fuck
and non-operation.

however, the target was centrifuges and in this regard, it worked
perfectly: the only outward signs of interest at natanz and qom while
affected was then un-explained 2x to 4x under-yield from the
cascades...  the running total spinning looked nice though - steady
progress! heh

in any case, you confuse me with someone who has something to say.
really EOT this time...



------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

End of Full-Disclosure Digest, Vol 67, Issue 41
***********************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists