[<prev] [next>] [day] [month] [year] [list]
Message-Id: <B8E316D2-0E06-48BC-AC7D-A73D40192FB3@yahoo.com>
Date: Wed, 19 Oct 2011 08:47:19 -0700
From: JW <mirage1228@...oo.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Full-Disclosure Digest, Vol 80, Issue 70
Unsubscribe
Sent from my iPhone.
On Oct 19, 2011, at 4:00 AM, full-disclosure-request@...ts.grok.org.uk wrote:
> Send Full-Disclosure mailing list submissions to
> full-disclosure@...ts.grok.org.uk
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
> full-disclosure-request@...ts.grok.org.uk
>
> You can reach the person managing the list at
> full-disclosure-owner@...ts.grok.org.uk
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Full-Disclosure digest..."
>
>
> Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you.
>
>
> Today's Topics:
>
> 1. Re: eurotax.com XSS (doc mombasa)
> 2. [ MDVSA-2011:156 ] tomcat5 (security@...driva.com)
> 3. [ GLSA 201110-13 ] Tor: Multiple vulnerabilities (Tim Sammut)
> 4. Verizon Wireless to Sell Customers' Data to Advertisers
> (Jeffrey Walton)
> 5. HackInTheBox Quartal Magazine - eZine Issue #007
> (research@...nerability-lab.com)
> 6. Re: Verizon Wireless to Sell Customers' Data to Advertisers
> (Jeffrey Walton)
> 7. Airvpn makes statement regarding hidemyass proxy (Laurelai)
> 8. DNS Poisoning via Port Exhaustion (Roee Hay)
> 9. ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector
> Remote Code Execution Vulnerability (ZDI Disclosures)
> 10. Re: About reDuh (Bugtrace)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 18 Oct 2011 17:23:45 +0200
> From: doc mombasa <doc.mombasa@...il.com>
> Subject: Re: [Full-disclosure] eurotax.com XSS
> To: DasKommandoPetraWolf@....net
> Cc: full-disclosure@...ts.grok.org.uk
> Message-ID:
> <CAFMAuHq=cKmCwtGcoUphMBpSDi-GKQQn1bU1n_TCs0Wtiz4upQ@...l.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> lol seriously?
>
> 2011/10/17 <DasKommandoPetraWolf@....net>
>
>> Rotfront Genossen!
>>
>> Im revolutionaeren Kampf und auf der Suche nach Alternativen zu
>> kapitalistischer Standardsoftware und Unternehmen hat
>> "Das Kommando Petra Wolf" sogenannte angebliche Sicherheitsluecken
>> in Form von XSS gefunden:
>>
>> http://wli-de.eurotax.com/wli/dede/entry/welcome.php?koop_id="><iframe
>> src='' onload=alert('BorkBork')>
>>
>> Wir entschuldigen uns bei der Security Szene, dass wir uns nur damit
>> ausweisen koennen. Es wird keine weiteren XSS Advisories geben.
>> Der Wolf ist schwarz.
>>
>> gezeichnet
>>
>> Das Kommando Petra Wolf
>>
>> --
>> "Wir bringen Kommunismus nach Amerika"
>>
>>
>> --
>> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
>> belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20111018/c80de222/attachment-0001.html
>
> ------------------------------
>
> Message: 2
> Date: Tue, 18 Oct 2011 18:04:00 +0200
> From: security@...driva.com
> Subject: [Full-disclosure] [ MDVSA-2011:156 ] tomcat5
> To: full-disclosure@...ts.grok.org.uk
> Message-ID: <E1RGC92-0004yV-Ml@...an.mandriva.com>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> _______________________________________________________________________
>
> Mandriva Linux Security Advisory MDVSA-2011:156
> http://www.mandriva.com/security/
> _______________________________________________________________________
>
> Package : tomcat5
> Date : October 18, 2011
> Affected: 2010.1, Enterprise Server 5.0
> _______________________________________________________________________
>
> Problem Description:
>
> Multiple vulnerabilities has been discovered and corrected in tomcat
> 5.5.x:
>
> The implementation of HTTP DIGEST authentication in tomcat was
> discovered to have several weaknesses (CVE-2011-1184).
>
> Apache Tomcat, when the MemoryUserDatabase is used, creates log entries
> containing passwords upon encountering errors in JMX user creation,
> which allows local users to obtain sensitive information by reading
> a log file (CVE-2011-2204).
>
> Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP
> NIO connector, does not validate certain request attributes, which
> allows local users to bypass intended file access restrictions or
> cause a denial of service (infinite loop or JVM crash) by leveraging
> an untrusted web application (CVE-2011-2526).
>
> Certain AJP protocol connector implementations in Apache Tomcat allow
> remote attackers to spoof AJP requests, bypass authentication, and
> obtain sensitive information by causing the connector to interpret
> a request body as a new request (CVE-2011-3190).
>
> The updated packages have been patched to correct these issues.
> _______________________________________________________________________
>
> References:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190
> http://tomcat.apache.org/security-5.html
> _______________________________________________________________________
>
> Updated Packages:
>
> Mandriva Linux 2010.1:
> 773a5fc229b75a431546c24f560e8913 2010.1/i586/tomcat5-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 6164f8836446357d0c524706e74cfaac 2010.1/i586/tomcat5-admin-webapps-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 608020232619e313b1e5b78c925e3ec9 2010.1/i586/tomcat5-common-lib-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> a014466c79378815eea53bf71058a811 2010.1/i586/tomcat5-jasper-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> fc23df07e993d5563ba5ea6cc19c7faf 2010.1/i586/tomcat5-jasper-eclipse-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 1e293502cc60a9543a83241165668df1 2010.1/i586/tomcat5-jasper-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 8bf104f92c4c365beea776a3e335dd74 2010.1/i586/tomcat5-jsp-2.0-api-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 34d375a720129c779a8396df0fea4332 2010.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> f266c74edee028677a2b2ce0d907f194 2010.1/i586/tomcat5-server-lib-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> f290cdda12fe10cbd2131f769ac001c0 2010.1/i586/tomcat5-servlet-2.4-api-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 86065d9a174943936047a07e6ee44de8 2010.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> eae685ce8ecee314b6d2221198eacc90 2010.1/i586/tomcat5-webapps-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> c5363a8910ef6f6ba395dc9222f66e42 2010.1/SRPMS/tomcat5-5.5.28-0.5.0.3mdv2010.2.src.rpm
>
> Mandriva Linux 2010.1/X86_64:
> 05f89a0bd05436ab648a2b6e7921cd7c 2010.1/x86_64/tomcat5-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> beb3f7bee12e2c3d27d2da45cd4d5cbf 2010.1/x86_64/tomcat5-admin-webapps-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 94f8860fdcc706d20e32f519a5f44e62 2010.1/x86_64/tomcat5-common-lib-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 1ae847ee8fccc93b0fbcd3caa20e3f4c 2010.1/x86_64/tomcat5-jasper-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 593df02d912d630bb580156d1352cee4 2010.1/x86_64/tomcat5-jasper-eclipse-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 00933232ea5411c8194b94caa2576365 2010.1/x86_64/tomcat5-jasper-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 2bad11a52672af123cb464fbd5195650 2010.1/x86_64/tomcat5-jsp-2.0-api-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 3b31cfb99a68d45022fe09a34623b78d 2010.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 8bfdc07d6a914edf7dac32e0641cbc0c 2010.1/x86_64/tomcat5-server-lib-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> c7667a661a3654750fc0069a1fa10289 2010.1/x86_64/tomcat5-servlet-2.4-api-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 51fb24de9c2cbbbbc10bad1a29d85709 2010.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> 011186ea5ab76f3b4eac56e0ada5e080 2010.1/x86_64/tomcat5-webapps-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
> c5363a8910ef6f6ba395dc9222f66e42 2010.1/SRPMS/tomcat5-5.5.28-0.5.0.3mdv2010.2.src.rpm
>
> Mandriva Enterprise Server 5:
> 125a7eb9dcc1683f8ac07af85ca76ec0 mes5/i586/tomcat5-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 24c7aa0d7ea2ca4d9e4e1d9544ea16f8 mes5/i586/tomcat5-admin-webapps-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 568879dcf8335d6bf98076170f052072 mes5/i586/tomcat5-common-lib-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 84e69e48ecd35f246d4fa6ed926efad9 mes5/i586/tomcat5-jasper-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 540440225e1f3ce5de895c8ed46f2443 mes5/i586/tomcat5-jasper-eclipse-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> a9ff3a61cd9708fb2ad6ba6fd9112aff mes5/i586/tomcat5-jasper-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 1939ea1c2e62dc94a7835a6ac6dbf6e3 mes5/i586/tomcat5-jsp-2.0-api-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> d17ced8fe80f33f3007bc9dd8f7c446e mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 21ffcde63e835e3532d3383f9607c8b7 mes5/i586/tomcat5-server-lib-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 38f82d3d0cb274d8e3a8781f4087eff4 mes5/i586/tomcat5-servlet-2.4-api-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> f6d5fc18de6eb4eb64a4410514df3544 mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 57026e2da95e91b2a4140caa443afd1e mes5/i586/tomcat5-webapps-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> dc2118f7227a36e842cefaf417338a36 mes5/SRPMS/tomcat5-5.5.28-0.5.0.3mdvmes5.2.src.rpm
>
> Mandriva Enterprise Server 5/X86_64:
> 74e8a69d9970bd3fe07aa5014deed2d4 mes5/x86_64/tomcat5-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> febe57b644b0341a2abe88bc412d83d8 mes5/x86_64/tomcat5-admin-webapps-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 3045ba1b90c28c481b562946651dc0d2 mes5/x86_64/tomcat5-common-lib-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 3329413dde2923f317feacaac38ce303 mes5/x86_64/tomcat5-jasper-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> c689ea5d6a2305e98f17d2e62af54a65 mes5/x86_64/tomcat5-jasper-eclipse-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 4f9f1bdcdc48b702fcfbb72f5a0b0654 mes5/x86_64/tomcat5-jasper-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> b054e07dda62cd976d426a787cc2cf8e mes5/x86_64/tomcat5-jsp-2.0-api-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 9c7a9d767e8f843413b749194f5edd33 mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 1acee64bbbc9e257badcbf4a3dbbd8e5 mes5/x86_64/tomcat5-server-lib-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> a39d5bef79a400f012e41ffe7d1b17c8 mes5/x86_64/tomcat5-servlet-2.4-api-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> 6464fd323297c3d6619131c7b432c580 mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> fffd75e85b90aba4b6a3a5c73cabb944 mes5/x86_64/tomcat5-webapps-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
> dc2118f7227a36e842cefaf417338a36 mes5/SRPMS/tomcat5-5.5.28-0.5.0.3mdvmes5.2.src.rpm
> _______________________________________________________________________
>
> To upgrade automatically use MandrivaUpdate or urpmi. The verification
> of md5 checksums and GPG signatures is performed automatically for you.
>
> All packages are signed by Mandriva for security. You can obtain the
> GPG public key of the Mandriva Security Team by executing:
>
> gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
>
> You can view other update advisories for Mandriva Linux at:
>
> http://www.mandriva.com/security/advisories
>
> If you want to report vulnerabilities, please contact
>
> security_(at)_mandriva.com
> _______________________________________________________________________
>
> Type Bits/KeyID Date User ID
> pub 1024D/22458A98 2000-07-10 Mandriva Security Team
> <security*mandriva.com>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iD8DBQFOnXa8mqjQ0CJFipgRAjmhAKDAS/US19egFVhiWmlS0O4FvKdFYACgiZbR
> bUKgLw+nMniLQoAxCSXVRac=
> =dh2c
> -----END PGP SIGNATURE-----
>
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 18 Oct 2011 11:38:11 -0700
> From: Tim Sammut <underling@...too.org>
> Subject: [Full-disclosure] [ GLSA 201110-13 ] Tor: Multiple
> vulnerabilities
> To: gentoo-announce@...too.org
> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
> security-alerts@...uxsecurity.com
> Message-ID: <4E9DC793.9080107@...too.org>
> Content-Type: text/plain; charset="iso-8859-1"
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Gentoo Linux Security Advisory GLSA 201110-13
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> http://security.gentoo.org/
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Severity: High
> Title: Tor: Multiple vulnerabilities
> Date: October 18, 2011
> Bugs: #351920, #359789
> ID: 201110-13
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Synopsis
> ========
>
> Multiple vulnerabilities were found in Tor, the most severe of which
> may allow a remote attacker to execute arbitrary code.
>
> Background
> ==========
>
> Tor is an implementation of second generation Onion Routing, a
> connection-oriented anonymizing communication service.
>
> Affected packages
> =================
>
> -------------------------------------------------------------------
> Package / Vulnerable / Unaffected
> -------------------------------------------------------------------
> 1 net-misc/tor < 0.2.1.30 >= 0.2.1.30
>
> Description
> ===========
>
> Multiple vulnerabilities have been discovered in Tor. Please review the
> CVE identifiers referenced below for details.
>
> Impact
> ======
>
> A remote unauthenticated attacker may be able to execute arbitrary code
> with the privileges of the Tor process or create a Denial of Service.
>
> Workaround
> ==========
>
> There is no known workaround at this time.
>
> Resolution
> ==========
>
> All Tor users should upgrade to the latest version:
>
> # emerge --sync
> # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.30"
>
> NOTE: This is a legacy GLSA. Updates for all affected architectures are
> available since April 2, 2011. It is likely that your system is already
> no longer affected by this issue.
>
> References
> ==========
>
> [ 1 ] CVE-2011-0015
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0015
> [ 2 ] CVE-2011-0016
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0016
> [ 3 ] CVE-2011-0427
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0427
> [ 4 ] CVE-2011-0490
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0490
> [ 5 ] CVE-2011-0491
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0491
> [ 6 ] CVE-2011-0492
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0492
> [ 7 ] CVE-2011-0493
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0493
> [ 8 ] CVE-2011-1924
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1924
>
> Availability
> ============
>
> This GLSA and any updates to it are available for viewing at
> the Gentoo Security Website:
>
> http://security.gentoo.org/glsa/glsa-201110-13.xml
>
> Concerns?
> =========
>
> Security is a primary focus of Gentoo Linux and ensuring the
> confidentiality and security of our users' machines is of utmost
> importance to us. Any security concerns should be addressed to
> security@...too.org or alternatively, you may file a bug at
> https://bugs.gentoo.org.
>
> License
> =======
>
> Copyright 2011 Gentoo Foundation, Inc; referenced text
> belongs to its owner(s).
>
> The contents of this document are licensed under the
> Creative Commons - Attribution / Share Alike license.
>
> http://creativecommons.org/licenses/by-sa/2.5
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 230 bytes
> Desc: OpenPGP digital signature
> Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20111018/3ec29475/attachment-0001.bin
>
> ------------------------------
>
> Message: 4
> Date: Tue, 18 Oct 2011 15:00:38 -0400
> From: Jeffrey Walton <noloader@...il.com>
> Subject: [Full-disclosure] Verizon Wireless to Sell Customers' Data to
> Advertisers
> To: FunSec List <funsec@...uxbox.org>, Full Disclosure
> <full-disclosure@...ts.grok.org.uk>
> Message-ID:
> <CAH8yC8m+q=rKUFNMPFyn1EoVb0Dug+wZaQymR_E8XOyi3R4aDA@...l.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> http://www.securitynewsdaily.com/verizon-wireless-sell-customers-data-to-advertisers-1249
>
> Verizon Wireless will now collect phone users' information, including
> their GPS location and Web browsing history, and sell the data to
> third parties unless customers opt out of the tracking service.
>
> Verizon Wireless' (VZW) updated privacy policy permits the mobile
> giant to also track customers' app usage, device type, calling
> features and amount of phone use, as well as any search terms they
> type when browsing the Web on a VZW mobile device, and demographic
> information provided by other companies, such as gender and age.
>
> ...
>
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 18 Oct 2011 21:29:12 +0200
> From: "research@...nerability-lab.com"
> <research@...nerability-lab.com>
> Subject: [Full-disclosure] HackInTheBox Quartal Magazine - eZine Issue
> #007
> To: full-disclosure@...ts.grok.org.uk,
> submissions@...ketstormsecurity.org
> Message-ID: <4E9DD388.6020802@...nerability-lab.com>
> Content-Type: text/plain; charset=ISO-8859-15
>
> ;)
>
>
> Title:
> ======
> HITB Quartal Magazine - eZine Issue 007
>
>
> Date:
> =====
> 2011-10-18
>
>
> References:
> ===========
> Original: http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-007.pdf
> Article: http://magazine.hitb.org/
>
> Mirror: http://www.vulnerability-lab.com/resources/documents/297.pdf
> Article: http://www.vulnerability-lab.com/get_content.php?id=297
>
> VL-ID:
> =====
> 297
>
>
> Status:
> ========
> Published
>
>
> Exploitation-Technique:
> =======================
> Magazin
>
>
> Severity:
> =========
> Critical
>
>
> Details:
> ========
> Hello readers and welcome to issue #7.
> It has been a long journey since the first release of the magazine and we have seen a lot of changes and
> improvements overtime and still trying our best to do more.
>
> But as we grow, the amount of work and the time we need to spend working on the magazine have also increased,
> thus requiring us to recruit more people to join our small editorial team. So, if you think you would like to
> do something for the community and believe that we can have a great use of your talent - Feel free to drop
> us an email!
>
> As for issue #7, Jonathan Kent wrote a great piece of article about the current global crisis in the cyberspace
> while Aditya K. Sood and his team on the other hand wrote about extending SQL injection attacks through buffer
> overflow exploitation. We are also very happy to have Jonathan Brossard contributing an article introducing the
> readers to his newly released exploitation framework. We will leave you to explore the rest of the articles and
> we hope you enjoy them. Have fun reading this issue and more to come in issue #8!!
>
> Zarul Shahrin Suhaimi
> Editor-in-Chief,
> Hack in The Box Magazine
>
>
> Credits:
> ========
> HackintheBox Team (HITB) - magazine.hitb.org
>
>
> Disclaimer:
> ===========
> The information provided in this document is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
> either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
> Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
> profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
> states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
> may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability-
> Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of
> other media, are reserved by Vulnerability-Lab or its suppliers.
>
> Copyright ? 2011|Vulnerability-Lab
>
>
>
>
> --
> Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
> Contact: admin@...nerability-lab.com or support@...nerability-lab.com
>
>
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 18 Oct 2011 15:49:05 -0400
> From: Jeffrey Walton <noloader@...il.com>
> Subject: Re: [Full-disclosure] Verizon Wireless to Sell Customers'
> Data to Advertisers
> To: FunSec List <funsec@...uxbox.org>, Full Disclosure
> <full-disclosure@...ts.grok.org.uk>
> Message-ID:
> <CAH8yC8=iHKN1OXn6maLdmtgGR2vxcWGHO_DW+VpEwJo8h0sWSQ@...l.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Tue, Oct 18, 2011 at 3:00 PM, Jeffrey Walton <noloader@...il.com> wrote:
>> http://www.securitynewsdaily.com/verizon-wireless-sell-customers-data-to-advertisers-1249
>>
>> Verizon Wireless will now collect phone users' information, including
>> their GPS location and Web browsing history, and sell the data to
>> third parties unless customers opt out of the tracking service.
>>
>> Verizon Wireless' (VZW) updated privacy policy permits the mobile
>> giant to also track customers' app usage, device type, calling
>> features and amount of phone use, as well as any search terms they
>> type when browsing the Web on a VZW mobile device, and demographic
>> information provided by other companies, such as gender and age.
> FTC Complaint 33055545, https://www.ftccomplaintassistant.gov/.
> FCC Complaint 11-C00340020, http://esupport.fcc.gov/complaints.htm.
>
>
>
> ------------------------------
>
> Message: 7
> Date: Tue, 18 Oct 2011 15:13:35 -0500
> From: Laurelai <laurelai@...echan.org>
> Subject: [Full-disclosure] Airvpn makes statement regarding hidemyass
> proxy
> To: "full-disclosure@...ts.grok.org.uk"
> <full-disclosure@...ts.grok.org.uk>
> Message-ID: <4E9DDDEF.2080206@...echan.org>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> https://airvpn.org/index.php?option=com_kunena&Itemid=55&func=view&catid=2&id=891#891
> <https://airvpn.org/index.php?option=com_kunena&Itemid=55&func=view&catid=2&id=891#891>
>
>
>
> ------------------------------
>
> Message: 8
> Date: Tue, 18 Oct 2011 22:39:25 +0200
> From: Roee Hay <roeeh@...ibm.com>
> Subject: [Full-disclosure] DNS Poisoning via Port Exhaustion
> To: bugtraq <bugtraq@...urityfocus.com>,
> full-disclosure@...ts.grok.org.uk, dailydave@...ts.immunityinc.com
> Message-ID:
> <CAA4i3gYFah=XN7=VgHDybKOYE35FeSVkRf8cZEKVjRaX9EDnUA@...l.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hey,
>
> Today we are releasing a very interesting whitepaper which describes a DNS
> poisoning attack against stub resolvers.
>
> It discloses two vulnerabilities:
>
> 1. A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables remote
> DNS poisoning using Java applets. This vulnerability can be triggered when
> opening a malicious webpage. A successful exploitation of this vulnerability
> may lead to disclosure and manipulation of cookies and web pages, disclosure
> of NTLM credentials and clipboard data of the logged-on user, and even
> firewall bypass.
>
> 2. A vulnerability in multiuser Windows environments which enables local DNS
> cache poisoning of arbitrary domains. This vulnerability can be triggered
> by a normal user (i.e. one with non-administrative rights) in order to
> attack other users of the system. A successful exploitation of this
> vulnerability may lead to information disclosure, privilege escalation,
> universal XSS and more.
>
> Whitepaper: http://bit.ly/q31wSq
> A blog post with video demos: http://bit.ly/qu4Ez7
>
>
> Roee Hay <roeeh@...ibm.com>, IBM Rational Application Security Research Group
> Yair Amit <yairam@...il.com>
>
>
>
> ------------------------------
>
> Message: 9
> Date: Tue, 18 Oct 2011 16:23:56 -0500
> From: ZDI Disclosures <zdi-disclosures@...pingpoint.com>
> Subject: [Full-disclosure] ZDI-11-295 : Apple QuickTime FlashPix JPEG
> Tables Selector Remote Code Execution Vulnerability
> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
> Message-ID: <4E9DEE6C.7000008@...com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code
> Execution Vulnerability
> http://www.zerodayinitiative.com/advisories/ZDI-11-295
> October 18, 2011
>
> -- CVE ID:
> CVE-2011-3222
>
> -- CVSS:
> 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
>
> -- Affected Vendors:
>
> Apple
>
>
>
> -- Affected Products:
>
> Apple Quicktime
>
>
>
> -- Vulnerability Details:
> This vulnerability allows remote attackers to execute arbitrary code on
> vulnerable installations of Apple Quicktime. User interaction is
> required to exploit this vulnerability in that the target must visit a
> malicious page or open a malicious file.
>
> The specific flaw exists within the way Quicktime handles flashpix
> files. When a flashpix contains a tile that has a Compression Type 0x2
> (JPEG) and an 'JPEG tables selector' value that is bigger then the
> global stream property 'Maximum JPEG table index', Quicktime will write
> outside the global JPEG table. This corruption could lead to remote code
> execution under the context of the current user.
>
> -- Vendor Response:
>
> Apple has issued an update to correct this vulnerability. More details
> can be found at:
>
> http://support.apple.com/kb/HT5002
>
>
>
> -- Disclosure Timeline:
> 2011-07-20 - Vulnerability reported to vendor
> 2011-10-18 - Coordinated public release of advisory
>
> -- Credit:
> This vulnerability was discovered by:
>
> * Damian Put
>
>
>
> -- About the Zero Day Initiative (ZDI):
> Established by TippingPoint, The Zero Day Initiative (ZDI) represents
> a best-of-breed model for rewarding security researchers for responsibly
> disclosing discovered vulnerabilities.
>
> Researchers interested in getting paid for their security research
> through the ZDI can find more information and sign-up at:
>
> http://www.zerodayinitiative.com
>
> The ZDI is unique in how the acquired vulnerability information is
> used. TippingPoint does not re-sell the vulnerability details or any
> exploit code. Instead, upon notifying the affected product vendor,
> TippingPoint provides its customers with zero day protection through
> its intrusion prevention technology. Explicit details regarding the
> specifics of the vulnerability are not exposed to any parties until
> an official vendor patch is publicly available. Furthermore, with the
> altruistic aim of helping to secure a broader user base, TippingPoint
> provides this vulnerability information confidentially to security
> vendors (including competitors) who have a vulnerability protection or
> mitigation product.
>
> Our vulnerability disclosure policy is available online at:
>
> http://www.zerodayinitiative.com/advisories/disclosure_policy/
>
> Follow the ZDI on Twitter:
>
> http://twitter.com/thezdi
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 486 bytes
> Desc: OpenPGP digital signature
> Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20111018/d99dfb7b/attachment-0001.bin
>
> ------------------------------
>
> Message: 10
> Date: Wed, 19 Oct 2011 07:13:50 +0800
> From: Bugtrace <bugtrace@...il.com>
> Subject: Re: [Full-disclosure] About reDuh
> To: full-disclosure <full-disclosure@...ts.grok.org.uk>
> Message-ID:
> <CABV4c6NiMsp9Uy77KS7kMEK=CUO9wmaxghqjmjjW4a4o8KSCUw@...l.gmail.com>
> Content-Type: text/plain; charset=GB2312
>
> java -jar reDuhClient.jar
> Usage: java reDuhClient [URL-to-reDuh] <proxy-host:proxyport>
>
> e.g. (HTTP) : java reDuhClient http://www.compromised.com/reDuh.jsp
> e.g. (HTTPS): java reDuhClient https://www.compromised.com/reDuh.jsp
> e.g. (PROXY): java reDuhClient https://www.compromised.com/reDuh.jsp
> proxy-server:3128
>
>
> 2011/10/18 mezgani ali <handrix@...il.com>:
>> Is there any version that support https ?
>>
>> 2009/2/8 seclists <seclists@....com>
>>>
>>> Thx for your kind help,bro.
>>>
>>> The jsp version of reDuh is powerful, so cool.
>>>
>>> ??2009-02-08 07:39:41??"Haroon Meer" <haroon@...sepost.com> ??????
>>>> Hi..
>>>>
>>>> * seclists [seclists@....com] seemed to say:
>>>>> Hi,bro
>>>
>>>>>>> Thx For shareing reDuh. I have download reDuh(asp/php/jsp) and ReDuhClient from http://www.sensepost.com/research/reDuh.
>>>
>>>>>>> Then I have try it in my vmware,Reduh.jsp can work fine,But ReDuh.aspx can't.
>>>
>>>>>>> I type the commond "java reDuhClient 192.168.8.102 80 /reDuh.aspx", it return error.
>>>>>
>>>>> [Info]Querying remote JSP for usable remote RPC port
>>>
>>>>>>> [Error] Tried to find a remote RPC port in the range 42000 to 42050 but no attem
>>>>> pts were successful. Sorry it didn't work out.
>>>>>
>>>>> What required for if let ReDuh.aspx work,please?
>>>>> My environment:
>>>>> windows 2003 Enterprise edition Sp2(Chinese)
>>>>> IIS 6.0
>>>>> ASP.NET Version is 2.0.50727
>>>>
>>>> I seem to recall this exact error coming up in the past, and having been
>>>> resolved by ian@...sepost.com.
>>>>
>>>> He will send you an email early next week with a little note on how to
>>>> fix it.
>>>>
>>>> Thanks for using it, and please let us know if you have any other
>>>> questions..
>>>>
>>>> Thanks
>>>>
>>>> /mh
>>>>
>>>> --
>>>
>>>>> Haroon Meer, SensePost Information Security |
>>>
>>>>> http://www.sensepost.com/blog/
>>>> PGP: http://www.sensepost.com/pgp/haroon.txt | Tel: +27 83786 6637
>>>
>>>
>>> ________________________________
>>> ????????????????????????
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>> --
>> Ali MEZGANI
>> Network Engineering/Security
>> http://www.nativelabs.org/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> ------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> End of Full-Disclosure Digest, Vol 80, Issue 70
> ***********************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists