Full Disclosure Mailing List

Full Disclosure Mailing List

A lightly moderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately, most of the posts are worthless drivel, so finding the gems takes patience.

List Archives

Latest Posts

Re: The story of the Linux kernel 3.x... Tavis Ormandy (May 16)
Adam Zabrocki <pi3 () pi3 com pl> wrote:

You must be doing something unusual, are these stock kernels?

Those distributions all have good security teams who certainly understand
what CONFIG_COMPAT_VDSO does, and would not enable it.

Tavis.

Re: Trigerring Java code from a SVG image Nicolas Grégoire (May 16)
Agreed. Uploading a SVG chameleon (SVG file triggering a XSLT
transformation) to a website allows to display nearly arbitrary content
if the file is called directly. This is similar to the WXR upload
feature abused by the MSVR team in order to XSS the Wordpress.com
website (as presented at 27C3).

Mario's research have shown some weird behavior in Opera. There's an
online demo of SVG files loaded via <img> and starting some...

Video tutorial: Stack-Based Buffer Overflow Juan Sacco (May 16)
I've made a video tutorial about buffer overflows take a look and share it
if you like it!

Video tutorial: http://www.youtube.com/watch?v=yPKCSXK8ZYo

Enjoy!

Re: Trigerring Java code from a SVG image Krzysztof Kotowicz (May 16)
Kind of. You can still do some stuff from <img> in Opera.
http://kotowicz.net/opera/

Re: The story of the Linux kernel 3.x... Adam Zabrocki (May 16)
Hi Tavis,

I've checked with the same result:

*) Fedora 16
*) latest Ubuntu
*) latest Suse

Best regards,
Adam Zabrocki

[PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem Timo Warns (May 16)
PRE-CERT Security Advisory
==========================

* Advisory: PRE-SA-2012-03
* Released on: 10 May 2012
* Affected product: Linux Kernel 3.3.x <= 3.3.4
2.6.x <= 2.6.35.13
* Impact: code execution / privilege escalation
* Origin: HFS plus file system
* Credit: Timo Warns (PRESENSE Technologies GmbH)
* CVE Identifier: CVE-2012-2319

Summary
-------

The Linux kernel contains a vulnerability in the driver...

Re: Trigerring Java code from a SVG image Dan Kaminsky (May 16)
Anything from <img> in any browser?

Re: The story of the Linux kernel 3.x... Tavis Ormandy (May 16)
Adam Zabrocki <pi3 () pi3 com pl> wrote:

You must be using CONFIG_COMPAT_VDSO, it's rarely used unless you need
compatibility with an ancient libc that was released during the narrow
window where the vdso was mapped at a static location.

Any libc released since ~2006 would never need it, and will determine the
vdso location at runtime from auxv.

If any distribution ships a kernel with this option enabled, then you've
found a...

Re: Trigerring Java code from a SVG image Michele Orru (May 16)
Mario Heiderich did a lot of research on that, he found so many bugs
that allowed
to embed Javascript in SVG images.

Nice stuff Nick btw,

Cheers
antisnatchor

Re: Trigerring Java code from a SVG image Dan Kaminsky (May 16)
Yeah, there's a bunch of wild stuff in SVG. The browsers ignore most of
it, AFAIK. I think Firefox is the only browser to even consider
ForeignObjects (which let you throw HTML back into SVG).

Probably the most interesting SVG thing is how they either do or don't have
script access, depending on whether or not they're loaded as <img>'s. It
would be problematic indeed if <img src="foo.jpg"> could...

JW player xss security flaw WooYun (May 16)
"LongTail Video is a New York-based startup that has pioneered the web
video market. Our flagship product the - JW Player - is active on over
one million websites and streams billions of videos each month."

Someone has reported a xss security flaw of JW Player on wooyun,much
more information here:

http://www.wooyun.org/bugs/wooyun-2010-07166

from: http://www.wooyun.org/whitehats/gainover

a example here:...

struts csrf token bypass WooYun (May 16)
hi

someone report a security flaw of struts on wooyun,it allow you bypass
the struts's csrf protection without XSS

much more information here:

http://zone.wooyun.org/content/205

:)

The story of the Linux kernel 3.x... Adam Zabrocki (May 16)
The story of the Linux kernel 3.x...

In 2005 everybody was exited about possibility of bypass ASLR on all
Linux 2.6 kernels because of the new concept called VDSO (Virtual
Dynamic Shared Object). More information about this story can be found
at the following link:
http://www.trilithium.com/johan/2005/08/linux-gate/

In short, VDSO was mmap'ed by the kernel in the user space memory always
at the same fixed address. Because of that...

SEC-T 2012 CFP and Challenge olle (May 16)
TL;DR
Submit here: http://sec-t.org/2012/cfp.html
Crack this: http://youtu.be/rMqZW0fFThc
TL;DR

CFP for the 5th annual SEC-T conference in Stockholm, Sweden is open!
This year the conference is held on the 13th and 14th of September.

Don't forget to try your hand at the challenge, this year harder than
ever and produced in cooperation with the one and only Fairlight crew.
Winner gets a free ticket to the conference and infinite glory!!!11...

Trigerring Java code from a SVG image Nicolas Grégoire (May 16)
Hello,

SVG is a XML-based file format for static or animated images. Some SVG
specifications (like SVG 1.1 and SVG Tiny 1.2) allow to trigger some
Java code when the SVG file is opened.

Given that I had to look at these features for a customer, I developed
some PoC codes which are now available online:
http://www.agarri.fr/docs/batik-evil.svg
http://www.agarri.fr/docs/batik-evil.jar

I published a more detailed article on my blog:...

More Lists

Dozens of other network security lists are archived at SecLists.Org.