lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 25 Sep 2010 17:34:24 +0000 From: hmarti2@...c.edu To: full-disclosure@...ts.grok.org.uk Subject: Re: Full-Disclosure Digest, Vol 67, Issue 41 Good luck on that one.... Sent via BlackBerry by AT&T -----Original Message----- From: full-disclosure-request@...ts.grok.org.uk Sender: full-disclosure-bounces@...ts.grok.org.uk Date: Sat, 25 Sep 2010 12:00:01 To: <full-disclosure@...ts.grok.org.uk> Reply-To: full-disclosure@...ts.grok.org.uk Subject: Full-Disclosure Digest, Vol 67, Issue 41 Send Full-Disclosure mailing list submissions to full-disclosure@...ts.grok.org.uk To subscribe or unsubscribe via the World Wide Web, visit https://lists.grok.org.uk/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-request@...ts.grok.org.uk You can reach the person managing the list at full-disclosure-owner@...ts.grok.org.uk When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you. Today's Topics: 1. [ MDVSA-2010:189 ] pcsc-lite (security@...driva.com) 2. [ MDVSA-2010:189-1 ] pcsc-lite (security@...driva.com) 3. Re: the real stuxnet authors plz stand up (coderman) 4. Re: the real stuxnet authors plz stand up (coderman) 5. Re: the real stuxnet authors plz stand up (coderman) 6. Re: the real stuxnet authors plz stand up (coderman) 7. Re: the real stuxnet authors plz stand up (coderman) ---------------------------------------------------------------------- Message: 1 Date: Fri, 24 Sep 2010 14:43:01 +0200 From: security@...driva.com Subject: [Full-disclosure] [ MDVSA-2010:189 ] pcsc-lite To: full-disclosure@...ts.grok.org.uk Message-ID: <E1Oz7cD-0005XV-F0@...an.mandriva.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:189 http://www.mandriva.com/security/ _______________________________________________________________________ Package : pcsc-lite Date : September 24, 2010 Affected: 2008.0, 2009.0, 2009.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in pcsc-lite: The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407 (CVE-2009-4901). Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407 (CVE-2009-4902). Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled (CVE-2010-0407). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0407 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 8542435bcf848ec4a758f08abb440de6 2008.0/i586/libpcsclite1-1.4.4-1.1mdv2008.0.i586.rpm b2cba2d308ce62f0db856cbeb397e579 2008.0/i586/libpcsclite-devel-1.4.4-1.1mdv2008.0.i586.rpm 91aa91411c7755f9fef3bc9d2247ae8d 2008.0/i586/libpcsclite-static-devel-1.4.4-1.1mdv2008.0.i586.rpm a9b3733633dea019f2604a3edaee1108 2008.0/i586/pcsc-lite-1.4.4-1.1mdv2008.0.i586.rpm f08e053f4969deef763e11fd6d66b408 2008.0/SRPMS/pcsc-lite-1.4.4-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 6e0f7e5e8069e5aa694de0b51d51e7f7 2008.0/x86_64/lib64pcsclite1-1.4.4-1.1mdv2008.0.x86_64.rpm ecb3d147a0989e9f11b6c21a99d78b00 2008.0/x86_64/lib64pcsclite-devel-1.4.4-1.1mdv2008.0.x86_64.rpm 217d8be73202d169f0749b586d2fc78d 2008.0/x86_64/lib64pcsclite-static-devel-1.4.4-1.1mdv2008.0.x86_64.rpm 5124ffac456d3ddcbe83c2cc20b3e65b 2008.0/x86_64/pcsc-lite-1.4.4-1.1mdv2008.0.x86_64.rpm f08e053f4969deef763e11fd6d66b408 2008.0/SRPMS/pcsc-lite-1.4.4-1.1mdv2008.0.src.rpm Mandriva Linux 2009.0: 9e6699c3b26d60127e0caaa1aa2289d2 2009.0/i586/libpcsclite1-1.4.102-1.1mdv2009.0.i586.rpm 72a1a3d5e01ed8345f265a77f4ea05dd 2009.0/i586/libpcsclite-devel-1.4.102-1.1mdv2009.0.i586.rpm 349726056604450832d18ebef0b719c0 2009.0/i586/libpcsclite-static-devel-1.4.102-1.1mdv2009.0.i586.rpm e87e4987d3fbf641f645b2009471f387 2009.0/i586/pcsc-lite-1.4.102-1.1mdv2009.0.i586.rpm 76334baf4d0a4c7e7269be6855aee4c2 2009.0/SRPMS/pcsc-lite-1.4.102-1.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 0ecec7927fddbf1791384667d4c2cb0f 2009.0/x86_64/lib64pcsclite1-1.4.102-1.1mdv2009.0.x86_64.rpm 628debd6fb07c332a72b836c165bcc8d 2009.0/x86_64/lib64pcsclite-devel-1.4.102-1.1mdv2009.0.x86_64.rpm ae015f03362f7399c9aba451f2f7fecd 2009.0/x86_64/lib64pcsclite-static-devel-1.4.102-1.1mdv2009.0.x86_64.rpm 64fbc7257cbfc5a18c1d3f63ab8860e8 2009.0/x86_64/pcsc-lite-1.4.102-1.1mdv2009.0.x86_64.rpm 76334baf4d0a4c7e7269be6855aee4c2 2009.0/SRPMS/pcsc-lite-1.4.102-1.1mdv2009.0.src.rpm Mandriva Linux 2009.1: f6fbc67ddacadd6e421fd68d02e12633 2009.1/i586/libpcsclite1-1.5.2-1.1mdv2009.1.i586.rpm a1ba1511fd5dd26573527ef50ce81b5e 2009.1/i586/libpcsclite-devel-1.5.2-1.1mdv2009.1.i586.rpm 4b9ba378d857ae48a846f00e286024e8 2009.1/i586/libpcsclite-static-devel-1.5.2-1.1mdv2009.1.i586.rpm 6a704dd4e7d8423d35db366dbf689cb7 2009.1/i586/pcsc-lite-1.5.2-1.1mdv2009.1.i586.rpm 01a7091c9fcf2337578c9caeebc87833 2009.1/SRPMS/pcsc-lite-1.5.2-1.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 613b7a63921e05a482fb4aae6a36d5cf 2009.1/x86_64/lib64pcsclite1-1.5.2-1.1mdv2009.1.x86_64.rpm 9dd66b08eb34e7fa8d00c569f0face33 2009.1/x86_64/lib64pcsclite-devel-1.5.2-1.1mdv2009.1.x86_64.rpm 8b7f3042144456046ac6a550d49466f7 2009.1/x86_64/lib64pcsclite-static-devel-1.5.2-1.1mdv2009.1.x86_64.rpm 8f4c9901adccf658a5edd7b88e735568 2009.1/x86_64/pcsc-lite-1.5.2-1.1mdv2009.1.x86_64.rpm 01a7091c9fcf2337578c9caeebc87833 2009.1/SRPMS/pcsc-lite-1.5.2-1.1mdv2009.1.src.rpm Mandriva Enterprise Server 5: 4194b2888cee96308009918fd78ec2e6 mes5/i586/libpcsclite1-1.4.102-1.1mdvmes5.1.i586.rpm 5fceb0986718f744abbd371129b38eba mes5/i586/libpcsclite-devel-1.4.102-1.1mdvmes5.1.i586.rpm f856c267204173af9fad236eac81c28f mes5/i586/libpcsclite-static-devel-1.4.102-1.1mdvmes5.1.i586.rpm 6d601e4b1d1168ebec78c5d945378e02 mes5/i586/pcsc-lite-1.4.102-1.1mdvmes5.1.i586.rpm 0b52ec2a75a79cdef80d31b6b55323d1 mes5/SRPMS/pcsc-lite-1.4.102-1.1mdv2009.0.src.rpm Mandriva Enterprise Server 5/X86_64: 245e8a6081254bacb173674d15594e98 mes5/x86_64/lib64pcsclite1-1.4.102-1.1mdvmes5.1.x86_64.rpm 315e276f89d1bd75105a2e40f2976b81 mes5/x86_64/lib64pcsclite-devel-1.4.102-1.1mdvmes5.1.x86_64.rpm 731b15c35ffe0872052578e9a25f3fa2 mes5/x86_64/lib64pcsclite-static-devel-1.4.102-1.1mdvmes5.1.x86_64.rpm ca6aa016db366b69b83ca08814a9636c mes5/x86_64/pcsc-lite-1.4.102-1.1mdvmes5.1.x86_64.rpm 0b52ec2a75a79cdef80d31b6b55323d1 mes5/SRPMS/pcsc-lite-1.4.102-1.1mdv2009.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMnGzomqjQ0CJFipgRAmXTAKDITs6XSqDRd8Bm+jEKeBBi8VCnmgCdG3k7 73gkpAFx7zZqY3bL0t73fqA= =qjIw -----END PGP SIGNATURE----- ------------------------------ Message: 2 Date: Fri, 24 Sep 2010 16:39:01 +0200 From: security@...driva.com Subject: [Full-disclosure] [ MDVSA-2010:189-1 ] pcsc-lite To: full-disclosure@...ts.grok.org.uk Message-ID: <E1Oz9QT-0000ce-Tg@...an.mandriva.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:189-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : pcsc-lite Date : September 24, 2010 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in pcsc-lite: The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407 (CVE-2009-4901). Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407 (CVE-2009-4902). Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled (CVE-2010-0407). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. Update: The previous MDVSA-2010:189 advisory was missing the packages for CS4, this advisory corrects the problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0407 _______________________________________________________________________ Updated Packages: Corporate 4.0: 0c66f40efecdc0c3ae8f27dbe1abc4c5 corporate/4.0/i586/libpcsclite1-1.3.0-2.1.20060mlcs4.i586.rpm 5623a50de3f9505c5a8b503a844d9ac5 corporate/4.0/i586/libpcsclite1-devel-1.3.0-2.1.20060mlcs4.i586.rpm ab1f8bec0cee4bd2e88e40b6c34d9160 corporate/4.0/i586/libpcsclite1-static-devel-1.3.0-2.1.20060mlcs4.i586.rpm 27431d0962492720c5b7cca1491ebade corporate/4.0/i586/pcsc-lite-1.3.0-2.1.20060mlcs4.i586.rpm 524c61d97f58343dee043627407f37ee corporate/4.0/SRPMS/pcsc-lite-1.3.0-2.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 679754ead473749cc755350951df0478 corporate/4.0/x86_64/lib64pcsclite1-1.3.0-2.1.20060mlcs4.x86_64.rpm 974188458cb887457a22cb4be169ba24 corporate/4.0/x86_64/lib64pcsclite1-devel-1.3.0-2.1.20060mlcs4.x86_64.rpm 300a3a9416d02cfd092bb5e3bc81302d corporate/4.0/x86_64/lib64pcsclite1-static-devel-1.3.0-2.1.20060mlcs4.x86_64.rpm 7e491ebb83c94c00b249db757c0e052b corporate/4.0/x86_64/pcsc-lite-1.3.0-2.1.20060mlcs4.x86_64.rpm 524c61d97f58343dee043627407f37ee corporate/4.0/SRPMS/pcsc-lite-1.3.0-2.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMnI0kmqjQ0CJFipgRAkbCAJ9WgEQY8sy1UUqXjCgQFMy9SfTa4QCgqgbV daNX/N1UA/Xi7dcWucABNSU= =Z3Xz -----END PGP SIGNATURE----- ------------------------------ Message: 3 Date: Fri, 24 Sep 2010 20:35:44 -0700 From: coderman <coderman@...il.com> Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up To: Full Disclosure <full-disclosure@...ts.grok.org.uk> Message-ID: <AANLkTinhORpn2N0jTxDMofCRw994V-B4XypJ1vmkeGAk@...l.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 On Thu, Jul 29, 2010 at 10:49 AM, coderman <coderman@...il.com> wrote: > stuxnet is strategic, and misleading. ... red team off roading? > ... > one of you two of eight snitches knows the details, full-disclosure! [0] h0 h0 h0! this gift keeps on giving... no more for me thanks. e4ffa4d8cb70e97af381aea2232d1064b51ecf9bdcd70824fe4675679d9fbf93 ------------------------------ Message: 4 Date: Fri, 24 Sep 2010 21:00:08 -0700 From: coderman <coderman@...il.com> Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up To: Full Disclosure <full-disclosure@...ts.grok.org.uk> Message-ID: <AANLkTinJ8vWfSPqb+qUMY+3W2gA-4GkdC5JR5YjPutWQ@...l.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 natanz focus, not bushehr. costs and delays to both sites a bonus... (everyone else, well, you're collateral damage that learned a valuable lesson, right? :) ------------------------------ Message: 5 Date: Fri, 24 Sep 2010 22:57:35 -0700 From: coderman <coderman@...il.com> Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up To: Full Disclosure <full-disclosure@...ts.grok.org.uk> Message-ID: <AANLkTinTO=TzvQHq_ZJViFgq0cxToVsQFVBz3Q_2+m-7@...l.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 On Thu, Jul 29, 2010 at 10:49 AM, coderman <coderman@...il.com> wrote: > stuxnet is strategic, and misleading... misleading because the failures induced in target present as inefficiencies and mechanical fatigue in centrifuge process; intent is to cast suspicion and resources on manufacturing and/or assembly of centrifuge hardware as cursory checks of digital systems (data presumably acquired from floor) return normative. good game, sirs! target spends dollars and weeks/months pursuing errors in physical supply and installation paths en-route to / on site, all the while the wear is digitally done; out of sight, out of mind... this game (offensive, methodical, precision targeted high-assurance malware) is an odd sort of global-actor assasination politik. like china blasting sats in space, it was bound to happen sooner or later :P ------------------------------ Message: 6 Date: Fri, 24 Sep 2010 23:30:06 -0700 From: coderman <coderman@...il.com> Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up To: Full Disclosure <full-disclosure@...ts.grok.org.uk> Message-ID: <AANLkTinqZ6JwEvaUFtSycN3Y3MHN4Ct3-aaaYQo+_jLR@...l.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 On Fri, Sep 24, 2010 at 10:57 PM, coderman <coderman@...il.com> wrote: > On Thu, Jul 29, 2010 at 10:49 AM, coderman <coderman@...il.com> wrote: >> stuxnet is strategic, and misleading... > > misleading because the failures induced in target present as > inefficiencies and mechanical fatigue in centrifuge process... Qom also hit - the fingerprinting mechanism is essentially mapped to form and function, rather than specific instance. That is to say, the Qom centrifuge enrichment deployment is sufficiently similar in devices and software applied (WinCC, 6ES7-417, 6ES7-315-2, etc.) as to also fall under precision targeting. yay full disclosure. 0x04 ------------------------------ Message: 7 Date: Sat, 25 Sep 2010 00:54:23 -0700 From: coderman <coderman@...il.com> Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up To: kenneth@...rt.ca Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk> Message-ID: <AANLkTim_NWMnoefXHxDY1HsHm-AcWXKZ_VU-Px-LyH2v@...l.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 On Fri, Sep 24, 2010 at 11:48 PM, Kenneth Voort <kenneth@...rt.ca> wrote: > Get real... i did not say bushehr was not impacted; a side effect of the re-use of same real-time PLC workflow controller there resulted in cluster fuck and non-operation. however, the target was centrifuges and in this regard, it worked perfectly: the only outward signs of interest at natanz and qom while affected was then un-explained 2x to 4x under-yield from the cascades... the running total spinning looked nice though - steady progress! heh in any case, you confuse me with someone who has something to say. really EOT this time... ------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ End of Full-Disclosure Digest, Vol 67, Issue 41 *********************************************** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists