lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <B8E316D2-0E06-48BC-AC7D-A73D40192FB3@yahoo.com>
Date: Wed, 19 Oct 2011 08:47:19 -0700
From: JW <mirage1228@...oo.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Full-Disclosure Digest, Vol 80, Issue 70

Unsubscribe

Sent from my iPhone.

On Oct 19, 2011, at 4:00 AM, full-disclosure-request@...ts.grok.org.uk wrote:

> Send Full-Disclosure mailing list submissions to
>    full-disclosure@...ts.grok.org.uk
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
>    full-disclosure-request@...ts.grok.org.uk
> 
> You can reach the person managing the list at
>    full-disclosure-owner@...ts.grok.org.uk
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Full-Disclosure digest..."
> 
> 
> Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you.
> 
> 
> Today's Topics:
> 
>   1. Re: eurotax.com XSS (doc mombasa)
>   2. [ MDVSA-2011:156 ] tomcat5 (security@...driva.com)
>   3. [ GLSA 201110-13 ] Tor: Multiple vulnerabilities (Tim Sammut)
>   4. Verizon Wireless to Sell Customers' Data to    Advertisers
>      (Jeffrey Walton)
>   5. HackInTheBox Quartal Magazine - eZine Issue #007
>      (research@...nerability-lab.com)
>   6. Re: Verizon Wireless to Sell Customers' Data to    Advertisers
>      (Jeffrey Walton)
>   7. Airvpn makes statement regarding hidemyass proxy (Laurelai)
>   8. DNS Poisoning via Port Exhaustion (Roee Hay)
>   9. ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector
>      Remote Code Execution Vulnerability (ZDI Disclosures)
>  10. Re: About reDuh (Bugtrace)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Tue, 18 Oct 2011 17:23:45 +0200
> From: doc mombasa <doc.mombasa@...il.com>
> Subject: Re: [Full-disclosure] eurotax.com XSS
> To: DasKommandoPetraWolf@....net
> Cc: full-disclosure@...ts.grok.org.uk
> Message-ID:
>    <CAFMAuHq=cKmCwtGcoUphMBpSDi-GKQQn1bU1n_TCs0Wtiz4upQ@...l.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> lol seriously?
> 
> 2011/10/17 <DasKommandoPetraWolf@....net>
> 
>> Rotfront Genossen!
>> 
>> Im revolutionaeren Kampf und auf der Suche nach Alternativen zu
>> kapitalistischer  Standardsoftware und Unternehmen hat
>> "Das Kommando Petra Wolf" sogenannte angebliche Sicherheitsluecken
>> in Form von XSS gefunden:
>> 
>> http://wli-de.eurotax.com/wli/dede/entry/welcome.php?koop_id="><iframe
>> src='' onload=alert('BorkBork')>
>> 
>> Wir entschuldigen uns bei der Security Szene, dass wir uns nur damit
>> ausweisen koennen. Es wird keine weiteren XSS Advisories geben.
>> Der Wolf ist schwarz.
>> 
>> gezeichnet
>> 
>> Das Kommando Petra Wolf
>> 
>> --
>> "Wir bringen Kommunismus nach Amerika"
>> 
>> 
>> --
>> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
>> belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
>> 
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20111018/c80de222/attachment-0001.html 
> 
> ------------------------------
> 
> Message: 2
> Date: Tue, 18 Oct 2011 18:04:00 +0200
> From: security@...driva.com
> Subject: [Full-disclosure] [ MDVSA-2011:156 ] tomcat5
> To: full-disclosure@...ts.grok.org.uk
> Message-ID: <E1RGC92-0004yV-Ml@...an.mandriva.com>
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> _______________________________________________________________________
> 
> Mandriva Linux Security Advisory                         MDVSA-2011:156
> http://www.mandriva.com/security/
> _______________________________________________________________________
> 
> Package : tomcat5
> Date    : October 18, 2011
> Affected: 2010.1, Enterprise Server 5.0
> _______________________________________________________________________
> 
> Problem Description:
> 
> Multiple vulnerabilities has been discovered and corrected in tomcat
> 5.5.x:
> 
> The implementation of HTTP DIGEST authentication in tomcat was
> discovered to have several weaknesses (CVE-2011-1184).
> 
> Apache Tomcat, when the MemoryUserDatabase is used, creates log entries
> containing passwords upon encountering errors in JMX user creation,
> which allows local users to obtain sensitive information by reading
> a log file (CVE-2011-2204).
> 
> Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP
> NIO connector, does not validate certain request attributes, which
> allows local users to bypass intended file access restrictions or
> cause a denial of service (infinite loop or JVM crash) by leveraging
> an untrusted web application (CVE-2011-2526).
> 
> Certain AJP protocol connector implementations in Apache Tomcat allow
> remote attackers to spoof AJP requests, bypass authentication, and
> obtain sensitive information by causing the connector to interpret
> a request body as a new request (CVE-2011-3190).
> 
> The updated packages have been patched to correct these issues.
> _______________________________________________________________________
> 
> References:
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190
> http://tomcat.apache.org/security-5.html
> _______________________________________________________________________
> 
> Updated Packages:
> 
> Mandriva Linux 2010.1:
> 773a5fc229b75a431546c24f560e8913  2010.1/i586/tomcat5-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 6164f8836446357d0c524706e74cfaac  2010.1/i586/tomcat5-admin-webapps-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 608020232619e313b1e5b78c925e3ec9  2010.1/i586/tomcat5-common-lib-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> a014466c79378815eea53bf71058a811  2010.1/i586/tomcat5-jasper-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> fc23df07e993d5563ba5ea6cc19c7faf  2010.1/i586/tomcat5-jasper-eclipse-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 1e293502cc60a9543a83241165668df1  2010.1/i586/tomcat5-jasper-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 8bf104f92c4c365beea776a3e335dd74  2010.1/i586/tomcat5-jsp-2.0-api-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 34d375a720129c779a8396df0fea4332  2010.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> f266c74edee028677a2b2ce0d907f194  2010.1/i586/tomcat5-server-lib-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> f290cdda12fe10cbd2131f769ac001c0  2010.1/i586/tomcat5-servlet-2.4-api-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 86065d9a174943936047a07e6ee44de8  2010.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> eae685ce8ecee314b6d2221198eacc90  2010.1/i586/tomcat5-webapps-5.5.28-0.5.0.3mdv2010.2.noarch.rpm 
> c5363a8910ef6f6ba395dc9222f66e42 2010.1/SRPMS/tomcat5-5.5.28-0.5.0.3mdv2010.2.src.rpm
> 
> Mandriva Linux 2010.1/X86_64:
> 05f89a0bd05436ab648a2b6e7921cd7c  2010.1/x86_64/tomcat5-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> beb3f7bee12e2c3d27d2da45cd4d5cbf  2010.1/x86_64/tomcat5-admin-webapps-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 94f8860fdcc706d20e32f519a5f44e62  2010.1/x86_64/tomcat5-common-lib-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 1ae847ee8fccc93b0fbcd3caa20e3f4c  2010.1/x86_64/tomcat5-jasper-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 593df02d912d630bb580156d1352cee4  2010.1/x86_64/tomcat5-jasper-eclipse-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 00933232ea5411c8194b94caa2576365  2010.1/x86_64/tomcat5-jasper-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 2bad11a52672af123cb464fbd5195650  2010.1/x86_64/tomcat5-jsp-2.0-api-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 3b31cfb99a68d45022fe09a34623b78d  2010.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 8bfdc07d6a914edf7dac32e0641cbc0c 2010.1/x86_64/tomcat5-server-lib-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> c7667a661a3654750fc0069a1fa10289  2010.1/x86_64/tomcat5-servlet-2.4-api-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 51fb24de9c2cbbbbc10bad1a29d85709  2010.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 011186ea5ab76f3b4eac56e0ada5e080  2010.1/x86_64/tomcat5-webapps-5.5.28-0.5.0.3mdv2010.2.noarch.rpm 
> c5363a8910ef6f6ba395dc9222f66e42 2010.1/SRPMS/tomcat5-5.5.28-0.5.0.3mdv2010.2.src.rpm
> 
> Mandriva Enterprise Server 5:
> 125a7eb9dcc1683f8ac07af85ca76ec0 mes5/i586/tomcat5-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 24c7aa0d7ea2ca4d9e4e1d9544ea16f8  mes5/i586/tomcat5-admin-webapps-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 568879dcf8335d6bf98076170f052072 mes5/i586/tomcat5-common-lib-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 84e69e48ecd35f246d4fa6ed926efad9 mes5/i586/tomcat5-jasper-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 540440225e1f3ce5de895c8ed46f2443  mes5/i586/tomcat5-jasper-eclipse-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> a9ff3a61cd9708fb2ad6ba6fd9112aff  mes5/i586/tomcat5-jasper-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 1939ea1c2e62dc94a7835a6ac6dbf6e3  mes5/i586/tomcat5-jsp-2.0-api-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> d17ced8fe80f33f3007bc9dd8f7c446e  mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 21ffcde63e835e3532d3383f9607c8b7 mes5/i586/tomcat5-server-lib-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 38f82d3d0cb274d8e3a8781f4087eff4  mes5/i586/tomcat5-servlet-2.4-api-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> f6d5fc18de6eb4eb64a4410514df3544 mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 57026e2da95e91b2a4140caa443afd1e  mes5/i586/tomcat5-webapps-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm 
> dc2118f7227a36e842cefaf417338a36 mes5/SRPMS/tomcat5-5.5.28-0.5.0.3mdvmes5.2.src.rpm
> 
> Mandriva Enterprise Server 5/X86_64:
> 74e8a69d9970bd3fe07aa5014deed2d4  mes5/x86_64/tomcat5-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> febe57b644b0341a2abe88bc412d83d8  mes5/x86_64/tomcat5-admin-webapps-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 3045ba1b90c28c481b562946651dc0d2  mes5/x86_64/tomcat5-common-lib-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 3329413dde2923f317feacaac38ce303  mes5/x86_64/tomcat5-jasper-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> c689ea5d6a2305e98f17d2e62af54a65  mes5/x86_64/tomcat5-jasper-eclipse-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 4f9f1bdcdc48b702fcfbb72f5a0b0654  mes5/x86_64/tomcat5-jasper-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> b054e07dda62cd976d426a787cc2cf8e  mes5/x86_64/tomcat5-jsp-2.0-api-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 9c7a9d767e8f843413b749194f5edd33  mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 1acee64bbbc9e257badcbf4a3dbbd8e5  mes5/x86_64/tomcat5-server-lib-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> a39d5bef79a400f012e41ffe7d1b17c8  mes5/x86_64/tomcat5-servlet-2.4-api-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 6464fd323297c3d6619131c7b432c580  mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> fffd75e85b90aba4b6a3a5c73cabb944 mes5/x86_64/tomcat5-webapps-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm 
> dc2118f7227a36e842cefaf417338a36 mes5/SRPMS/tomcat5-5.5.28-0.5.0.3mdvmes5.2.src.rpm
> _______________________________________________________________________
> 
> To upgrade automatically use MandrivaUpdate or urpmi.  The verification
> of md5 checksums and GPG signatures is performed automatically for you.
> 
> All packages are signed by Mandriva for security.  You can obtain the
> GPG public key of the Mandriva Security Team by executing:
> 
>  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
> 
> You can view other update advisories for Mandriva Linux at:
> 
>  http://www.mandriva.com/security/advisories
> 
> If you want to report vulnerabilities, please contact
> 
>  security_(at)_mandriva.com
> _______________________________________________________________________
> 
> Type Bits/KeyID     Date       User ID
> pub  1024D/22458A98 2000-07-10 Mandriva Security Team
>  <security*mandriva.com>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> 
> iD8DBQFOnXa8mqjQ0CJFipgRAjmhAKDAS/US19egFVhiWmlS0O4FvKdFYACgiZbR
> bUKgLw+nMniLQoAxCSXVRac=
> =dh2c
> -----END PGP SIGNATURE-----
> 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Tue, 18 Oct 2011 11:38:11 -0700
> From: Tim Sammut <underling@...too.org>
> Subject: [Full-disclosure] [ GLSA 201110-13 ] Tor: Multiple
>    vulnerabilities
> To: gentoo-announce@...too.org
> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
>    security-alerts@...uxsecurity.com
> Message-ID: <4E9DC793.9080107@...too.org>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Gentoo Linux Security Advisory                           GLSA 201110-13
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>                                            http://security.gentoo.org/
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> Severity: High
>    Title: Tor: Multiple vulnerabilities
>     Date: October 18, 2011
>     Bugs: #351920, #359789
>       ID: 201110-13
> 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> Synopsis
> ========
> 
> Multiple vulnerabilities were found in Tor, the most severe of which
> may allow a remote attacker to execute arbitrary code.
> 
> Background
> ==========
> 
> Tor is an implementation of second generation Onion Routing, a
> connection-oriented anonymizing communication service.
> 
> Affected packages
> =================
> 
>    -------------------------------------------------------------------
>     Package              /     Vulnerable     /            Unaffected
>    -------------------------------------------------------------------
>  1  net-misc/tor                < 0.2.1.30               >= 0.2.1.30
> 
> Description
> ===========
> 
> Multiple vulnerabilities have been discovered in Tor. Please review the
> CVE identifiers referenced below for details.
> 
> Impact
> ======
> 
> A remote unauthenticated attacker may be able to execute arbitrary code
> with the privileges of the Tor process or create a Denial of Service.
> 
> Workaround
> ==========
> 
> There is no known workaround at this time.
> 
> Resolution
> ==========
> 
> All Tor users should upgrade to the latest version:
> 
>  # emerge --sync
>  # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.30"
> 
> NOTE: This is a legacy GLSA. Updates for all affected architectures are
> available since April 2, 2011. It is likely that your system is already
> no longer affected by this issue.
> 
> References
> ==========
> 
> [ 1 ] CVE-2011-0015
>      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0015
> [ 2 ] CVE-2011-0016
>      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0016
> [ 3 ] CVE-2011-0427
>      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0427
> [ 4 ] CVE-2011-0490
>      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0490
> [ 5 ] CVE-2011-0491
>      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0491
> [ 6 ] CVE-2011-0492
>      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0492
> [ 7 ] CVE-2011-0493
>      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0493
> [ 8 ] CVE-2011-1924
>      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1924
> 
> Availability
> ============
> 
> This GLSA and any updates to it are available for viewing at
> the Gentoo Security Website:
> 
> http://security.gentoo.org/glsa/glsa-201110-13.xml
> 
> Concerns?
> =========
> 
> Security is a primary focus of Gentoo Linux and ensuring the
> confidentiality and security of our users' machines is of utmost
> importance to us. Any security concerns should be addressed to
> security@...too.org or alternatively, you may file a bug at
> https://bugs.gentoo.org.
> 
> License
> =======
> 
> Copyright 2011 Gentoo Foundation, Inc; referenced text
> belongs to its owner(s).
> 
> The contents of this document are licensed under the
> Creative Commons - Attribution / Share Alike license.
> 
> http://creativecommons.org/licenses/by-sa/2.5
> 
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 230 bytes
> Desc: OpenPGP digital signature
> Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20111018/3ec29475/attachment-0001.bin 
> 
> ------------------------------
> 
> Message: 4
> Date: Tue, 18 Oct 2011 15:00:38 -0400
> From: Jeffrey Walton <noloader@...il.com>
> Subject: [Full-disclosure] Verizon Wireless to Sell Customers' Data to
>    Advertisers
> To: FunSec List <funsec@...uxbox.org>,    Full Disclosure
>    <full-disclosure@...ts.grok.org.uk>
> Message-ID:
>    <CAH8yC8m+q=rKUFNMPFyn1EoVb0Dug+wZaQymR_E8XOyi3R4aDA@...l.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> http://www.securitynewsdaily.com/verizon-wireless-sell-customers-data-to-advertisers-1249
> 
> Verizon Wireless will now collect phone users' information, including
> their GPS location and Web browsing history, and sell the data to
> third parties unless customers opt out of the tracking service.
> 
> Verizon Wireless' (VZW) updated privacy policy permits the mobile
> giant to also track customers' app usage, device type, calling
> features and amount of phone use, as well as any search terms they
> type when browsing the Web on a VZW mobile device, and demographic
> information provided by other companies, such as gender and age.
> 
> ...
> 
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Tue, 18 Oct 2011 21:29:12 +0200
> From: "research@...nerability-lab.com"
>    <research@...nerability-lab.com>
> Subject: [Full-disclosure] HackInTheBox Quartal Magazine - eZine Issue
>    #007
> To: full-disclosure@...ts.grok.org.uk,
>    submissions@...ketstormsecurity.org
> Message-ID: <4E9DD388.6020802@...nerability-lab.com>
> Content-Type: text/plain; charset=ISO-8859-15
> 
> ;)
> 
> 
> Title:
> ======
> HITB Quartal Magazine - eZine Issue 007
> 
> 
> Date:
> =====
> 2011-10-18
> 
> 
> References:
> ===========
> Original: http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-007.pdf
> Article: http://magazine.hitb.org/
> 
> Mirror: http://www.vulnerability-lab.com/resources/documents/297.pdf
> Article: http://www.vulnerability-lab.com/get_content.php?id=297
> 
> VL-ID:
> =====
> 297
> 
> 
> Status:
> ========
> Published
> 
> 
> Exploitation-Technique:
> =======================
> Magazin
> 
> 
> Severity:
> =========
> Critical
> 
> 
> Details:
> ========
> Hello readers and welcome to issue #7.
> It has been a long journey since the first release of the magazine and we have seen a lot of changes and 
> improvements overtime and still trying our best to do more.
> 
> But as we grow, the amount of work and the time we need to spend working on the magazine have also increased, 
> thus requiring us to recruit more people to join our small editorial team. So, if you think you would like to 
> do something for the community and believe that we can have a great use of your talent - Feel free to drop 
> us an email!
> 
> As for issue #7, Jonathan Kent wrote a great piece of article about the current global crisis in the cyberspace 
> while Aditya K. Sood and his team on the other hand wrote about extending SQL injection attacks through buffer 
> overflow exploitation. We are also very happy to have Jonathan Brossard contributing an article introducing the 
> readers to his newly released exploitation framework. We will leave you to explore the rest of the articles and 
> we hope you enjoy them. Have fun reading this issue and more to come in issue #8!!
> 
> Zarul Shahrin Suhaimi
> Editor-in-Chief,
> Hack in The Box Magazine
> 
> 
> Credits:
> ========
> HackintheBox Team (HITB) - magazine.hitb.org
> 
> 
> Disclaimer:
> ===========
> The information provided in this document is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, 
> either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
> Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business 
> profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some 
> states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation 
> may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability-
> Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of 
> other media, are reserved by Vulnerability-Lab or its suppliers.
> 
>                            Copyright ? 2011|Vulnerability-Lab
> 
> 
> 
> 
> -- 
> Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
> Contact: admin@...nerability-lab.com or support@...nerability-lab.com
> 
> 
> 
> 
> ------------------------------
> 
> Message: 6
> Date: Tue, 18 Oct 2011 15:49:05 -0400
> From: Jeffrey Walton <noloader@...il.com>
> Subject: Re: [Full-disclosure] Verizon Wireless to Sell Customers'
>    Data to    Advertisers
> To: FunSec List <funsec@...uxbox.org>,    Full Disclosure
>    <full-disclosure@...ts.grok.org.uk>
> Message-ID:
>    <CAH8yC8=iHKN1OXn6maLdmtgGR2vxcWGHO_DW+VpEwJo8h0sWSQ@...l.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> On Tue, Oct 18, 2011 at 3:00 PM, Jeffrey Walton <noloader@...il.com> wrote:
>> http://www.securitynewsdaily.com/verizon-wireless-sell-customers-data-to-advertisers-1249
>> 
>> Verizon Wireless will now collect phone users' information, including
>> their GPS location and Web browsing history, and sell the data to
>> third parties unless customers opt out of the tracking service.
>> 
>> Verizon Wireless' (VZW) updated privacy policy permits the mobile
>> giant to also track customers' app usage, device type, calling
>> features and amount of phone use, as well as any search terms they
>> type when browsing the Web on a VZW mobile device, and demographic
>> information provided by other companies, such as gender and age.
> FTC Complaint 33055545, https://www.ftccomplaintassistant.gov/.
> FCC Complaint 11-C00340020, http://esupport.fcc.gov/complaints.htm.
> 
> 
> 
> ------------------------------
> 
> Message: 7
> Date: Tue, 18 Oct 2011 15:13:35 -0500
> From: Laurelai <laurelai@...echan.org>
> Subject: [Full-disclosure] Airvpn makes statement regarding hidemyass
>    proxy
> To: "full-disclosure@...ts.grok.org.uk"
>    <full-disclosure@...ts.grok.org.uk>
> Message-ID: <4E9DDDEF.2080206@...echan.org>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> https://airvpn.org/index.php?option=com_kunena&Itemid=55&func=view&catid=2&id=891#891 
> <https://airvpn.org/index.php?option=com_kunena&Itemid=55&func=view&catid=2&id=891#891> 
> 
> 
> 
> ------------------------------
> 
> Message: 8
> Date: Tue, 18 Oct 2011 22:39:25 +0200
> From: Roee Hay <roeeh@...ibm.com>
> Subject: [Full-disclosure] DNS Poisoning via Port Exhaustion
> To: bugtraq <bugtraq@...urityfocus.com>,
>    full-disclosure@...ts.grok.org.uk,    dailydave@...ts.immunityinc.com
> Message-ID:
>    <CAA4i3gYFah=XN7=VgHDybKOYE35FeSVkRf8cZEKVjRaX9EDnUA@...l.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> Hey,
> 
> Today we are releasing a very interesting whitepaper which describes a DNS
> poisoning attack against stub resolvers.
> 
> It discloses two vulnerabilities:
> 
> 1. A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables remote
>   DNS poisoning using Java applets. This vulnerability can be triggered when
>   opening a malicious webpage. A successful exploitation of this vulnerability
>   may lead to disclosure and manipulation of cookies and web pages, disclosure
>   of NTLM credentials and clipboard data of the logged-on user, and even
>   firewall bypass.
> 
> 2. A vulnerability in multiuser Windows environments which enables local DNS
>   cache poisoning of arbitrary domains. This vulnerability can be triggered
>   by a normal user (i.e. one with non-administrative rights) in order to
>   attack other users of the system. A successful exploitation of this
>   vulnerability may lead to information disclosure, privilege escalation,
>   universal XSS and more.
> 
> Whitepaper: http://bit.ly/q31wSq
> A blog post with video demos: http://bit.ly/qu4Ez7
> 
> 
> Roee Hay <roeeh@...ibm.com>, IBM Rational Application Security Research Group
> Yair Amit <yairam@...il.com>
> 
> 
> 
> ------------------------------
> 
> Message: 9
> Date: Tue, 18 Oct 2011 16:23:56 -0500
> From: ZDI Disclosures <zdi-disclosures@...pingpoint.com>
> Subject: [Full-disclosure] ZDI-11-295 : Apple QuickTime FlashPix JPEG
>    Tables Selector Remote Code Execution Vulnerability
> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
> Message-ID: <4E9DEE6C.7000008@...com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code
> Execution Vulnerability
> http://www.zerodayinitiative.com/advisories/ZDI-11-295
> October 18, 2011
> 
> -- CVE ID:
> CVE-2011-3222
> 
> -- CVSS:
> 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
> 
> -- Affected Vendors:
> 
> Apple
> 
> 
> 
> -- Affected Products:
> 
> Apple Quicktime
> 
> 
> 
> -- Vulnerability Details:
> This vulnerability allows remote attackers to execute arbitrary code on
> vulnerable installations of Apple Quicktime. User interaction is
> required to exploit this vulnerability in that the target must visit a
> malicious page or open a malicious file.
> 
> The specific flaw exists within the way Quicktime handles flashpix
> files. When a flashpix contains a tile that has a Compression Type 0x2
> (JPEG) and an 'JPEG tables selector' value that is bigger then the
> global stream property 'Maximum JPEG table index', Quicktime will write
> outside the global JPEG table. This corruption could lead to remote code
> execution under the context of the current user.
> 
> -- Vendor Response:
> 
> Apple has issued an update to correct this vulnerability. More details
> can be found at:
> 
> http://support.apple.com/kb/HT5002
> 
> 
> 
> -- Disclosure Timeline:
> 2011-07-20 - Vulnerability reported to vendor
> 2011-10-18 - Coordinated public release of advisory
> 
> -- Credit:
> This vulnerability was discovered by:
> 
> * Damian Put
> 
> 
> 
> -- About the Zero Day Initiative (ZDI):
> Established by TippingPoint, The Zero Day Initiative (ZDI) represents
> a best-of-breed model for rewarding security researchers for responsibly
> disclosing discovered vulnerabilities.
> 
> Researchers interested in getting paid for their security research
> through the ZDI can find more information and sign-up at:
> 
>    http://www.zerodayinitiative.com
> 
> The ZDI is unique in how the acquired vulnerability information is
> used. TippingPoint does not re-sell the vulnerability details or any
> exploit code. Instead, upon notifying the affected product vendor,
> TippingPoint provides its customers with zero day protection through
> its intrusion prevention technology. Explicit details regarding the
> specifics of the vulnerability are not exposed to any parties until
> an official vendor patch is publicly available. Furthermore, with the
> altruistic aim of helping to secure a broader user base, TippingPoint
> provides this vulnerability information confidentially to security
> vendors (including competitors) who have a vulnerability protection or
> mitigation product.
> 
> Our vulnerability disclosure policy is available online at:
> 
>    http://www.zerodayinitiative.com/advisories/disclosure_policy/
> 
> Follow the ZDI on Twitter:
> 
>    http://twitter.com/thezdi
> 
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 486 bytes
> Desc: OpenPGP digital signature
> Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20111018/d99dfb7b/attachment-0001.bin 
> 
> ------------------------------
> 
> Message: 10
> Date: Wed, 19 Oct 2011 07:13:50 +0800
> From: Bugtrace <bugtrace@...il.com>
> Subject: Re: [Full-disclosure] About reDuh
> To: full-disclosure <full-disclosure@...ts.grok.org.uk>
> Message-ID:
>    <CABV4c6NiMsp9Uy77KS7kMEK=CUO9wmaxghqjmjjW4a4o8KSCUw@...l.gmail.com>
> Content-Type: text/plain; charset=GB2312
> 
> java -jar reDuhClient.jar
> Usage: java reDuhClient [URL-to-reDuh] <proxy-host:proxyport>
> 
> e.g. (HTTP) : java reDuhClient http://www.compromised.com/reDuh.jsp
> e.g. (HTTPS): java reDuhClient https://www.compromised.com/reDuh.jsp
> e.g. (PROXY): java reDuhClient https://www.compromised.com/reDuh.jsp
> proxy-server:3128
> 
> 
> 2011/10/18 mezgani ali <handrix@...il.com>:
>> Is there any version that support https ?
>> 
>> 2009/2/8 seclists <seclists@....com>
>>> 
>>> Thx for your kind help,bro.
>>> 
>>> The jsp version of reDuh is powerful, so cool.
>>> 
>>> ??2009-02-08 07:39:41??"Haroon Meer" <haroon@...sepost.com> ??????
>>>> Hi..
>>>> 
>>>> * seclists [seclists@....com] seemed to say:
>>>>> Hi,bro
>>> 
>>>>>>>     Thx For shareing reDuh. I have download reDuh(asp/php/jsp)  and ReDuhClient from http://www.sensepost.com/research/reDuh.
>>> 
>>>>>>>    Then I have try it in my vmware,Reduh.jsp can work fine,But ReDuh.aspx can't.
>>> 
>>>>>>>    I type the commond "java reDuhClient 192.168.8.102 80 /reDuh.aspx", it return error.
>>>>> 
>>>>> [Info]Querying remote JSP for usable remote RPC port
>>> 
>>>>>>> [Error] Tried to find a remote RPC port in the range 42000 to 42050 but no attem
>>>>> pts were successful. Sorry it didn't work out.
>>>>> 
>>>>> What required for if let ReDuh.aspx work,please?
>>>>> My environment:
>>>>> windows 2003 Enterprise edition Sp2(Chinese)
>>>>> IIS 6.0
>>>>> ASP.NET Version is 2.0.50727
>>>> 
>>>> I seem to recall this exact error coming up in the past, and having been
>>>> resolved by ian@...sepost.com.
>>>> 
>>>> He will send you an email early next week with a little note on how to
>>>> fix it.
>>>> 
>>>> Thanks for using it, and please let us know if you have any other
>>>> questions..
>>>> 
>>>> Thanks
>>>> 
>>>> /mh
>>>> 
>>>> --
>>> 
>>>>> Haroon Meer, SensePost Information Security  |
>>> 
>>>>> http://www.sensepost.com/blog/
>>>> PGP: http://www.sensepost.com/pgp/haroon.txt |  Tel: +27 83786 6637
>>> 
>>> 
>>> ________________________________
>>> ????????????????????????
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>> 
>> 
>> 
>> --
>> Ali MEZGANI
>> Network Engineering/Security
>> http://www.nativelabs.org/
>> 
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>> 
> 
> 
> 
> ------------------------------
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
> End of Full-Disclosure Digest, Vol 80, Issue 70
> ***********************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ