lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20070508151635.C516FDA82B@mailserver7.hushmail.com>
Date: Tue, 08 May 2007 11:16:34 -0400
From: <gobbles_fo_evar@...hmail.com>
To: <bugtraq@...urityfocus.com>
Cc: 
Subject: AP Newspower software <=4.0.1 allows remote data manipulation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AP Newspower is commercial software available from the AP that
allows media outlets to obtain text news feeds from the Associated
Press.  It's like RSS, but you pay for it. And it's slower. And
fatter.

The default install of this software includes a MySQL instance
which stores the feeds as well as copy created by the local media
outlet.  This MySQL database is configured to allow remote access
as root with a blank password.  A person so inclined upon finding
such a box could, say, insert an article of their own into
shows.tblscript and make their own news.  Or remotely censor the
news, or, ...  Oh noes!

The AP has been alerted of this issue, and has said they are not
interested in fixing it.

- -----

I wonder if they bought a MySQL license, or if they are using it
under the GPL license.  Their web page
(http://www.apbroadcast.com/AP+Broadcast/Radio/Prep+Services/AP+News
Power.htm) certainly makes no mention of where to obtain the
source.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkZAk5YACgkQXsHJpAi2fRe4yQQAi6fDHuQRX0K8IW3Q4Th02D+EBxRM
JFGigWB7d6YsOkrwb2zCqpRwDKImoh/Y8OMZGVIoH4uwCAAYJzrRTPZh2I4xnrRFjtip
2kudDllCrlKor4XYuk9WOtJEOcHojZaczwOuNkLL2RsFE7uyTL8kAD3PiTsbxaPCVdZL
k3DZEb4=
=dVFH
-----END PGP SIGNATURE-----

--
Click here to refinance your mortgage.  Low rates, approval in minutes.
http://tagline.hushmail.com/fc/CAaCXv1QYGKA65kmHH2830bl8uE0ZUIN/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ