Full Disclosure mailing list archives
Re: Full-Disclosure Digest, Vol 27, Issue 16
From: "badr muhyeddin" <gigiyousef () hotmail com>
Date: Thu, 10 May 2007 15:35:25 +0300
Please, I beg you dont ever sent me any other email
From: full-disclosure-request () lists grok org uk Reply-To: full-disclosure () lists grok org uk To: full-disclosure () lists grok org uk Subject: Full-Disclosure Digest, Vol 27, Issue 16 Date: Thu, 10 May 2007 12:00:02 +0100 Send Full-Disclosure mailing list submissions to full-disclosure () lists grok org uk To subscribe or unsubscribe via the World Wide Web, visit https://lists.grok.org.uk/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-request () lists grok org uk You can reach the person managing the list at full-disclosure-owner () lists grok org uk When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you. Today's Topics: 1. [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability (security () mandriva com) 2. Re: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability (Jeroen Massar) 3. Re: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability (Jeroen Massar) 4. Secunia Research: BearShare NCTAudioFile2 ActiveX Control Buffer Overflow (Secunia Research) 5. Secunia Research: Internet Explorer HTML Objects Memory Corruption Vulnerability (Secunia Research) ---------------------------------------------------------------------- Message: 1 Date: Wed, 09 May 2007 18:22:52 -0600 From: security () mandriva com Subject: [Full-disclosure] [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability To: full-disclosure () lists grok org uk Message-ID: <E1HlwQm-0006AI-4a () artemis annvix ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:101 http://www.mandriva.com/security/ _______________________________________________________________________ Package : vim Date : May 9, 2007 Affected: 2007.0, 2007.1 _______________________________________________________________________ Problem Description: A vulnerability in vim 7.0's modeline processing capabilities was discovered where a user with modelines enabled could open a text file containing a carefully crafted modeline, executing arbitrary commands as the user running vim. Updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2438 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 193c5e6f9c4b7fbd883e756fd68e9d9c 2007.0/i586/vim-X11-7.0-16.1mdv2007.0.i586.rpm 22c359a9bb903b4971c26ef8d820dd8b 2007.0/i586/vim-common-7.0-16.1mdv2007.0.i586.rpm 78b297d07af026ba2ca661af576753dd 2007.0/i586/vim-enhanced-7.0-16.1mdv2007.0.i586.rpm a308c0c95a8feeb08db2e3cd4655360c 2007.0/i586/vim-minimal-7.0-16.1mdv2007.0.i586.rpm f18e2a622218e087cdd0a91d9ae0d53e 2007.0/SRPMS/vim-7.0-16.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: f059a28a227db17faffd2f363b42117a 2007.0/x86_64/vim-X11-7.0-16.1mdv2007.0.x86_64.rpm 64d32a388460072e1508be8c945d8409 2007.0/x86_64/vim-common-7.0-16.1mdv2007.0.x86_64.rpm aa8ce225cc3811dcb76047b65e3dd1c4 2007.0/x86_64/vim-enhanced-7.0-16.1mdv2007.0.x86_64.rpm dedd42ccd0b0a1934991d911eab9cb0a 2007.0/x86_64/vim-minimal-7.0-16.1mdv2007.0.x86_64.rpm f18e2a622218e087cdd0a91d9ae0d53e 2007.0/SRPMS/vim-7.0-16.1mdv2007.0.src.rpm Mandriva Linux 2007.1: ee17731cce031b58b290cf9a61c982c0 2007.1/i586/vim-X11-7.0-16.1mdv2007.1.i586.rpm c3d2fd233ac1984af174fdad6c2b4be2 2007.1/i586/vim-common-7.0-16.1mdv2007.1.i586.rpm 5bf3f905abee7a585d5b11fb2c98b2e8 2007.1/i586/vim-enhanced-7.0-16.1mdv2007.1.i586.rpm 5138b4b2c511f7608f9db5503f14c6d1 2007.1/i586/vim-minimal-7.0-16.1mdv2007.1.i586.rpm 0f068f60ab76873471ebe0992ccc5ccd 2007.1/SRPMS/vim-7.0-16.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 890a4acc16d4b59e59b721f65686b4ef 2007.1/x86_64/vim-X11-7.0-16.1mdv2007.1.x86_64.rpm e6498971d58c5fc3fbe6aac03f0ae0fe 2007.1/x86_64/vim-common-7.0-16.1mdv2007.1.x86_64.rpm 0b4f61e8c8848a10d67a822b04bea7bd 2007.1/x86_64/vim-enhanced-7.0-16.1mdv2007.1.x86_64.rpm 0776ae51087370ec5ebce9c0996ed5e8 2007.1/x86_64/vim-minimal-7.0-16.1mdv2007.1.x86_64.rpm 0f068f60ab76873471ebe0992ccc5ccd 2007.1/SRPMS/vim-7.0-16.1mdv2007.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGQjuFmqjQ0CJFipgRAgaPAKDq9k/P25VQ4erXuk8cznuJrsSbTACg8kLE 6u+Od503dEYQxrf63PILWMc= =jk4Z -----END PGP SIGNATURE----- ------------------------------ Message: 2 Date: Thu, 10 May 2007 01:52:19 +0100 From: Jeroen Massar <jeroen () unfix org> Subject: Re: [Full-disclosure] [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability To: xsecurity () mandriva com Cc: full-disclosure () lists grok org uk Message-ID: <46426CC3.4070405 () spaghetti zurich ibm com> Content-Type: text/plain; charset="iso-8859-1" security () mandriva com wrote:_______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:101 http://www.mandriva.com/security/ _______________________________________________________________________ Package : vim Date : May 9, 2007 Affected: 2007.0, 2007.1But the subject line reads: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability So is this a spoof or is this a spoof? Or did somebody make a booboo at Mandriva. The PGP key seems to at least check out for the fact that the signature on the part of the message that is signed is correct. As the PGP key is not in the strong set it can't be really trusted of course. Greets, Jeroen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 311 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070510/5d4e910c/attachment-0001.bin ------------------------------ Message: 3 Date: Thu, 10 May 2007 01:54:20 +0100 From: Jeroen Massar <jeroen () unfix org> Subject: Re: [Full-disclosure] [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability To: security () mandriva com Cc: full-disclosure () lists grok org uk Message-ID: <46426D3C.6060900 () spaghetti zurich ibm com> Content-Type: text/plain; charset="iso-8859-1" Jeroen Massar wrote:security () mandriva com wrote:_______________________________________________________________________Mandriva Linux Security AdvisoryMDKSA-2007:101http://www.mandriva.com/security/_______________________________________________________________________Package : vim Date : May 9, 2007 Affected: 2007.0, 2007.1But the subject line reads: [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability So is this a spoof or is this a spoof? Or did somebody make a booboo at Mandriva. The PGP key seems to at least check out for the fact that the signature on the part of the message that is signed is correct. As the PGP key is not in the strong set it can't be really trusted of course.Also setting a Reply-To: to a broken xsecurity () mandriva com absolutely doesn't make any sense (unless you want to partially overcome the problem of vacation messages getting bounced back, but hey those people will nicely ignore your Reply-To anyway....) -- This is the Postfix program at host imap.mandriva.com. I'm sorry to have to inform you that your message could not be be delivered to one or more recipients. It's attached below. For further assistance, please send mail to <postmaster> If you do so, please include this problem report. You can delete your own text from the attached returned message. The Postfix program <xsecurity () mandriva com>: host /var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 311 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070510/b3c3d277/attachment-0001.bin ------------------------------ Message: 4 Date: Thu, 10 May 2007 07:12:09 +0200 From: Secunia Research <remove-vuln () secunia com> Subject: [Full-disclosure] Secunia Research: BearShare NCTAudioFile2 ActiveX Control Buffer Overflow To: full-disclosure () lists grok org uk Message-ID: <1178773929.16120.437.camel@ts3.intnet> Content-Type: text/plain ====================================================================== Secunia Research 09/05/2007 - BearShare NCTAudioFile2 ActiveX Control Buffer Overflow - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software BearShare 6.0.2.26789 NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Highly critical Impact: System compromise Where: Remote ====================================================================== 3) Vendor's Description of Software "Share, Discover and Download music and videos." Product Link: http://www.bearshare.com/ ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in BearShare, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the NCTAudioFile2.AudioFile ActiveX control when handling the "SetFormatLikeSample()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (about 4124 bytes) as argument to the affected method. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website. ====================================================================== 5) Solution Set the kill-bit for the affected ActiveX control. ====================================================================== 6) Time Table 30/04/2007 - Vendor notified. 09/05/2007 - Public disclosure. ====================================================================== 7) Credits Discovered by Carsten Eiram, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2007-0018 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://corporate.secunia.com/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://corporate.secunia.com/secunia_research/33/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/secunia_vacancies/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/secunia_security_advisories/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2007-50/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== ------------------------------ Message: 5 Date: Thu, 10 May 2007 07:13:49 +0200 From: Secunia Research <remove-vuln () secunia com> Subject: [Full-disclosure] Secunia Research: Internet Explorer HTML Objects Memory Corruption Vulnerability To: full-disclosure () lists grok org uk Message-ID: <1178774029.16120.441.camel@ts3.intnet> Content-Type: text/plain ====================================================================== Secunia Research 09/05/2007 - Internet Explorer HTML Objects Memory Corruption Vulnerability - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software * Microsoft Internet Explorer 7 ====================================================================== 2) Severity Rating: Moderately Critical Impact: System Access Where: Remote ====================================================================== 3) Vendor's Description of Software Internet Explorer 7 provides improved navigation through tabbed browsing, web search right from the toolbar, advanced printing, easy discovery, reading and subscription to RSS feeds, and much more. http://www.microsoft.com/windows/products/winfamily/ie/default.mspx ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of HTML objects as a CMarkup object is used in certain cases after it has been freed. This can be exploited to corrupt memory via a specially crafted web page. Successful exploitation allows execution of arbitrary code. ====================================================================== 5) Solution Apply patches (see the Microsoft security bulletin for details). ====================================================================== 6) Time Table 18/01/2007 - Vendor notified. 19/01/2007 - Vendor response. 09/05/2007 - Public disclosure. ====================================================================== 7) Credits Discovered by JJ Reyes, Secunia Research. ====================================================================== 8) References MS07-027 (KB931768): http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2007-0947 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://corporate.secunia.com/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://corporate.secunia.com/secunia_research/33/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/secunia_vacancies/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/secunia_security_advisories/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2007-36/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== ------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ End of Full-Disclosure Digest, Vol 27, Issue 16 ***********************************************
_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Full-Disclosure Digest, Vol 27, Issue 16 badr muhyeddin (May 10)