Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Full-Disclosure Digest, Vol 27, Issue 16

From: "badr muhyeddin" <gigiyousef () hotmail com>
Date: Thu, 10 May 2007 15:35:25 +0300
Please, I beg you dont ever sent me any other email




From: full-disclosure-request () lists grok org uk
Reply-To: full-disclosure () lists grok org uk
To: full-disclosure () lists grok org uk
Subject: Full-Disclosure Digest, Vol 27, Issue 16
Date: Thu, 10 May 2007 12:00:02 +0100

Send Full-Disclosure mailing list submissions to
      full-disclosure () lists grok org uk

To subscribe or unsubscribe via the World Wide Web, visit
      https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
      full-disclosure-request () lists grok org uk

You can reach the person managing the list at
      full-disclosure-owner () lists grok org uk

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."


Note to digest recipients - when replying to digest posts, please trim your 
post appropriately. Thank you.


Today's Topics:

   1. [ MDKSA-2007:101 ] - Updated bind packages fix  vulnerability
      (security () mandriva com)
   2. Re: [ MDKSA-2007:101 ] - Updated bind packages fix
      vulnerability (Jeroen Massar)
   3. Re: [ MDKSA-2007:101 ] - Updated bind packages fix
      vulnerability (Jeroen Massar)
   4. Secunia Research: BearShare NCTAudioFile2 ActiveX       Control
      Buffer  Overflow (Secunia Research)
   5. Secunia Research: Internet Explorer HTML Objects        Memory
      Corruption      Vulnerability (Secunia Research)


----------------------------------------------------------------------

Message: 1
Date: Wed, 09 May 2007 18:22:52 -0600
From: security () mandriva com
Subject: [Full-disclosure] [ MDKSA-2007:101 ] - Updated bind packages
      fix     vulnerability
To: full-disclosure () lists grok org uk
Message-ID: <E1HlwQm-0006AI-4a () artemis annvix ca>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDKSA-2007:101
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : vim
 Date    : May 9, 2007
 Affected: 2007.0, 2007.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability in vim 7.0's modeline processing capabilities was
 discovered where a user with modelines enabled could open a text file
 containing a carefully crafted modeline, executing arbitrary commands
 as the user running vim.

 Updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2438
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2007.0:
 193c5e6f9c4b7fbd883e756fd68e9d9c  
2007.0/i586/vim-X11-7.0-16.1mdv2007.0.i586.rpm
 22c359a9bb903b4971c26ef8d820dd8b  
2007.0/i586/vim-common-7.0-16.1mdv2007.0.i586.rpm
 78b297d07af026ba2ca661af576753dd  
2007.0/i586/vim-enhanced-7.0-16.1mdv2007.0.i586.rpm
 a308c0c95a8feeb08db2e3cd4655360c  
2007.0/i586/vim-minimal-7.0-16.1mdv2007.0.i586.rpm
 f18e2a622218e087cdd0a91d9ae0d53e  
2007.0/SRPMS/vim-7.0-16.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 f059a28a227db17faffd2f363b42117a  
2007.0/x86_64/vim-X11-7.0-16.1mdv2007.0.x86_64.rpm
 64d32a388460072e1508be8c945d8409  
2007.0/x86_64/vim-common-7.0-16.1mdv2007.0.x86_64.rpm
 aa8ce225cc3811dcb76047b65e3dd1c4  
2007.0/x86_64/vim-enhanced-7.0-16.1mdv2007.0.x86_64.rpm
 dedd42ccd0b0a1934991d911eab9cb0a  
2007.0/x86_64/vim-minimal-7.0-16.1mdv2007.0.x86_64.rpm
 f18e2a622218e087cdd0a91d9ae0d53e  
2007.0/SRPMS/vim-7.0-16.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 ee17731cce031b58b290cf9a61c982c0  
2007.1/i586/vim-X11-7.0-16.1mdv2007.1.i586.rpm
 c3d2fd233ac1984af174fdad6c2b4be2  
2007.1/i586/vim-common-7.0-16.1mdv2007.1.i586.rpm
 5bf3f905abee7a585d5b11fb2c98b2e8  
2007.1/i586/vim-enhanced-7.0-16.1mdv2007.1.i586.rpm
 5138b4b2c511f7608f9db5503f14c6d1  
2007.1/i586/vim-minimal-7.0-16.1mdv2007.1.i586.rpm
 0f068f60ab76873471ebe0992ccc5ccd  
2007.1/SRPMS/vim-7.0-16.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 890a4acc16d4b59e59b721f65686b4ef  
2007.1/x86_64/vim-X11-7.0-16.1mdv2007.1.x86_64.rpm
 e6498971d58c5fc3fbe6aac03f0ae0fe  
2007.1/x86_64/vim-common-7.0-16.1mdv2007.1.x86_64.rpm
 0b4f61e8c8848a10d67a822b04bea7bd  
2007.1/x86_64/vim-enhanced-7.0-16.1mdv2007.1.x86_64.rpm
 0776ae51087370ec5ebce9c0996ed5e8  
2007.1/x86_64/vim-minimal-7.0-16.1mdv2007.1.x86_64.rpm
 0f068f60ab76873471ebe0992ccc5ccd  
2007.1/SRPMS/vim-7.0-16.1mdv2007.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGQjuFmqjQ0CJFipgRAgaPAKDq9k/P25VQ4erXuk8cznuJrsSbTACg8kLE
6u+Od503dEYQxrf63PILWMc=
=jk4Z
-----END PGP SIGNATURE-----



------------------------------

Message: 2
Date: Thu, 10 May 2007 01:52:19 +0100
From: Jeroen Massar <jeroen () unfix org>
Subject: Re: [Full-disclosure] [ MDKSA-2007:101 ] - Updated bind
      packages fix    vulnerability
To: xsecurity () mandriva com
Cc: full-disclosure () lists grok org uk
Message-ID: <46426CC3.4070405 () spaghetti zurich ibm com>
Content-Type: text/plain; charset="iso-8859-1"

security () mandriva com wrote:

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDKSA-2007:101
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : vim
 Date    : May 9, 2007
 Affected: 2007.0, 2007.1


But the subject line reads:

[ MDKSA-2007:101 ] - Updated bind packages fix vulnerability

So is this a spoof or is this a spoof?
Or did somebody make a booboo at Mandriva. The PGP key seems to at least
check out for the fact that the signature on the part of the message
that is signed is correct. As the PGP key is not in the strong set it
can't be really trusted of course.

Greets,
 Jeroen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 311 bytes
Desc: OpenPGP digital signature
Url : 
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070510/5d4e910c/attachment-0001.bin

------------------------------

Message: 3
Date: Thu, 10 May 2007 01:54:20 +0100
From: Jeroen Massar <jeroen () unfix org>
Subject: Re: [Full-disclosure] [ MDKSA-2007:101 ] - Updated bind
      packages fix    vulnerability
To: security () mandriva com
Cc: full-disclosure () lists grok org uk
Message-ID: <46426D3C.6060900 () spaghetti zurich ibm com>
Content-Type: text/plain; charset="iso-8859-1"

Jeroen Massar wrote:

security () mandriva com wrote:

 

_______________________________________________________________________


 Mandriva Linux Security Advisory                         

MDKSA-2007:101

 http://www.mandriva.com/security/
 

_______________________________________________________________________


 Package : vim
 Date    : May 9, 2007
 Affected: 2007.0, 2007.1


But the subject line reads:

[ MDKSA-2007:101 ] - Updated bind packages fix vulnerability

So is this a spoof or is this a spoof?
Or did somebody make a booboo at Mandriva. The PGP key seems to at least
check out for the fact that the signature on the part of the message
that is signed is correct. As the PGP key is not in the strong set it
can't be really trusted of course.


Also setting a Reply-To: to a broken xsecurity () mandriva com absolutely
doesn't make any sense (unless you want to partially overcome the
problem of vacation messages getting bounced back, but hey those people
will nicely ignore your Reply-To anyway....)

--

This is the Postfix program at host imap.mandriva.com.

I'm sorry to have to inform you that your message could not be
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                      The Postfix program

<xsecurity () mandriva com>: host
    /var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp] said: 550-Mailbox
    unknown.  Either there is no mailbox associated with this 550-name
or you
    do not have authorization to see it. 550 5.1.1 User unknown (in reply 
to
    RCPT TO command)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 311 bytes
Desc: OpenPGP digital signature
Url : 
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070510/b3c3d277/attachment-0001.bin

------------------------------

Message: 4
Date: Thu, 10 May 2007 07:12:09 +0200
From: Secunia Research <remove-vuln () secunia com>
Subject: [Full-disclosure] Secunia Research: BearShare NCTAudioFile2
      ActiveX Control Buffer  Overflow
To: full-disclosure () lists grok org uk
Message-ID: <1178773929.16120.437.camel@ts3.intnet>
Content-Type: text/plain

======================================================================

                     Secunia Research 09/05/2007

     - BearShare NCTAudioFile2 ActiveX Control Buffer Overflow -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

======================================================================
1) Affected Software

BearShare 6.0.2.26789

NOTE: Other versions may also be affected.

======================================================================
2) Severity

Rating: Highly critical
Impact: System compromise
Where:  Remote

======================================================================
3) Vendor's Description of Software

"Share, Discover and Download music and videos."

Product Link:
http://www.bearshare.com/

======================================================================
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in BearShare, which
can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the
NCTAudioFile2.AudioFile ActiveX control when handling the
"SetFormatLikeSample()" method. This can be exploited to cause a
stack-based buffer overflow by passing an overly long string (about
4124 bytes) as argument to the affected method.

Successful exploitation allows execution of arbitrary code when a user
e.g. visits a malicious website.

======================================================================
5) Solution

Set the kill-bit for the affected ActiveX control.

======================================================================
6) Time Table

30/04/2007 - Vendor notified.
09/05/2007 - Public disclosure.

======================================================================
7) Credits

Discovered by Carsten Eiram, Secunia Research.

======================================================================
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2007-0018 for the vulnerability.

======================================================================
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://corporate.secunia.com/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.

http://secunia.com/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:

http://corporate.secunia.com/secunia_research/33/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/secunia_vacancies/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
10) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2007-50/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================





------------------------------

Message: 5
Date: Thu, 10 May 2007 07:13:49 +0200
From: Secunia Research <remove-vuln () secunia com>
Subject: [Full-disclosure] Secunia Research: Internet Explorer HTML
      Objects Memory Corruption       Vulnerability
To: full-disclosure () lists grok org uk
Message-ID: <1178774029.16120.441.camel@ts3.intnet>
Content-Type: text/plain

======================================================================

                     Secunia Research 09/05/2007

   - Internet Explorer HTML Objects Memory Corruption Vulnerability -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

======================================================================
1) Affected Software

* Microsoft Internet Explorer 7

======================================================================
2) Severity

Rating: Moderately Critical
Impact: System Access
Where:  Remote

======================================================================
3) Vendor's Description of Software

Internet Explorer 7 provides improved navigation through tabbed
browsing, web search right from the toolbar, advanced printing, easy
discovery, reading and subscription to RSS feeds, and much more.

http://www.microsoft.com/windows/products/winfamily/ie/default.mspx

======================================================================
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in Internet Explorer,
which can be exploited by malicious people to compromise a vulnerable
system.

The vulnerability is caused due to an error in the handling of HTML
objects as a CMarkup object is used in certain cases after it has been
freed. This can be exploited to corrupt memory via a specially crafted
web page.

Successful exploitation allows execution of arbitrary code.

======================================================================
5) Solution

Apply patches (see the Microsoft security bulletin for details).

======================================================================
6) Time Table

18/01/2007 - Vendor notified.
19/01/2007 - Vendor response.
09/05/2007 - Public disclosure.

======================================================================
7) Credits

Discovered by JJ Reyes, Secunia Research.

======================================================================
8) References

MS07-027 (KB931768):
http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2007-0947 for the vulnerability.

======================================================================
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://corporate.secunia.com/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.

http://secunia.com/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:

http://corporate.secunia.com/secunia_research/33/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/secunia_vacancies/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
10) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2007-36/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================





------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

End of Full-Disclosure Digest, Vol 27, Issue 16
***********************************************


_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: