bugtraq logo
Bugtraq Mailing List

The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
201028693
2009298247289297302270263263243314200318
2008443460400323341233304271351269228272
2007704526485492435369387490407453439364
2006519559598603699763564569514524599439
2005383532553516361300524445366393376342
2004329681368393330476367421467366402470
2003274393464396331260155359528352352353
2002393383438440302380433434312435387278
2001507347479301443776436269276311316
2000439488357266397455434450504448409525
19994024862573001998269377451303385395
1998144118231194234243378306240242296222
199710911910616322521119716477150219188
19962025112021717326892166131153
19952832602272662455080112103299937
199433861201895210613696364144264
19933421

Latest Posts

Hacktics Advisory Feb09: XSS in Oracle E-Business Suite Ofer Maor (Feb 09)
Hacktics Research Group Security Advisory
http://www.hacktics.com/#view=Resources%7CAdvisory

By Gil Cohen, Hacktics.
9-Feb-2010

===========
I. Overview
===========
During a penetration test performed by Hacktics' experts, certain
vulnerabilities were identified in an Oracle E-Business Suite deployment.
Further research has identified that a web interface showing user errors are
vulnerable to reflected cross site scripting attacks.

A friendly...

[CORE-2010-0121] Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers CORE Security Technologies Advisories (Feb 08)
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/

Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers

1. *Advisory Information*

Title: Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
Advisory Id: CORE-2010-0121
Advisory URL:
http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities
Date published: 2010-02-05
Date of last update: 2010-02-05...

[Hacking Event] Night Da Hack 2010 : Call For Proposals m . mahdjoub (Feb 08)
- Night Da Hack 2010

Date: June 19-20 2010
Time: 4 PM - 7 AM
Location: Paris, France

What is Night da Hack?
“Night da Hack” comes from a rough translation from French “Nuit du Hack”. Started in 2003 by Hackerz Voice team, and
inspired by world famous DEF CON, “Nuit du Hack” is one of the oldest French underground hacking conference.

Around computer security related talks, workshops and contests, Night da Hack aims at bringing...

JDownloader Remote Code Execution Matthias -apoc- Hecker (Feb 08)
-- Product

JDownloader[1] is an open source download manager for One-Click-
Filehoster like Rapidshare or Megaupload. The Click'n'Load[2] interface
allows external applications and websites to send URLs to the local
running JDownloader. With Click'n'Load2 [3] it is possible to sent
AES-CBC encrypted URLs (for some kind of link 'obfuscation').
The encrypted payload _and_ key are sent with an HTTP-POST submit on
localhost port 9666 (default port,...

Re: Samba Remote Zero-Day Exploit Stefan Kanthak (Feb 08)
Dan Kaminsky wrote on February 06, 2010 6:43 PM:

OUCH!
No, creating junctions (as well as the Vista introduced symlinks)
DOESN'T need admin rights!

[snip]

Stefan

Re: Samba Remote Zero-Day Exploit Dan Kaminsky (Feb 08)
You need admin rights to create junctions. At that point, path
constraints aren't relevant, just psexec and get not only arbitrary
path but arbitrary code.

The fix is to do what everybody with a directory traversal bug has to
do, block out of path relative directories. In this specific case,
prevent the creation of symlinks where the target is out of the SMB
share's range. (Still allow navigation to such symlinks if one exists,...

Re: Samba Remote Zero-Day Exploit Kingcope (Feb 08)
Hello Paul,

First and foremost I did not know about the configuration setting which
closes the bug when i posted the advisory. So this was my mistake.
But for the most servers which are not entirely hardened (and my
assumption is that this applies to many servers in internal networks)
the traversal can be a serious issue, because a samba user (even nobody)
can create the symlinks. It would in my point of view be more secure to
only allow...

RE: Samba Remote Zero-Day Exploit Michael Wojcik (Feb 08)
symlinks

And at least since Vista, it also supports symlinks, which are designed
to mimic Unix symlinks, and can point to files or directories. Junctions
and symlinks can cross volumes; symlinks can also refer to files or
directories on network filesystems.

Junctions (which Microsoft also sometimes refers to as "soft links") and
symlinks are implemented with NTFS reparse points, just like mounts. You
can see some of the differences...

Re: Samba Remote Zero-Day Exploit paul . szabo (Feb 08)
Dear Kingcope,

The samba server follows symlinks by default. There are options
("follow symlinks", "wide links") for turning it off:

http://www.samba.org/samba/docs/using_samba/ch08.html#samba2-CHP-8-SECT-1.2
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#FOLLOWSYMLINKS
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WIDELINKS

The "problem" at your installation seems a...

[security bulletin] HPSBUX02503 SSRT100019 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other security-alert (Feb 08)
SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01997760
Version: 1

HPSBUX02503 SSRT100019 rev.1 - HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other

Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2010-02-08
Last Updated: 2010-02-08

Potential Security Impact: Remote Increase in privilege, Denial of Service and other vulnerabilities...

[security bulletin] HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10, Remote Unauthorized Access security-alert (Feb 08)
SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02002298
Version: 1

HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10, Remote Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2010-02-08
Last Updated: 2010-02-08

Potential Security Impact: Remote unauthorized access

Source: Hewlett-Packard Company, HP Software Security Response Team...

[ MDVSA-2010:034 ] kernel security (Feb 08)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:034
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kernel
Date : February 8, 2010
Affected: 2009.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Some...

Re: [Full-disclosure] Samba Remote Zero-Day Exploit Thierry Zoller (Feb 08)
http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html

Re: [Full-disclosure] Samba Remote Zero-Day Exploit Thierry Zoller (Feb 08)
Hi Paul,

Facts :
- Several distributions run with vulnerable settings per default
if there is a "misconfiguration" it is part of the vendor.
- Your not supposed to be able to traverse dirs.

Consequence it is a vulnerability, whether you can mitigate it is
a different piece of cake.

Next time somebody creates an IE8 0day that relies on javascript,
will you scream "misconfiguration!" ? Of course you could disable...

Re: Samba Remote Zero-Day Exploit Dan Kaminsky (Feb 08)
On Feb 6, 2010, at 5:26 PM, "Stefan Kanthak" <stefan.kanthak () nexgo de>
wrote:

Really? Try. Especially remotely over SMB w/o remote interactive.

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]