Full Disclosure Mailing List

Full Disclosure Mailing List

A lightly moderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately, most of the posts are worthless drivel, so finding the gems takes patience.

List Archives

Latest Posts

CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall) Максим Чудаков (May 21)
CVE-2013-3496. Local privilege escalation vulnerability in Infotecs
products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall)

CVE reference:
CVE-2013-3496

Credit:
Maksim Chudakov (@MChudakov)
Andrey Kurtasanov(andreykurtasanov () gmail com)

Severity:
Medium

Local\Remote:
Local

Vulnerability Class:
Privilege Escalation

Vendor URL:
http://www.infotecs.biz/

Affected OS:
Windows

Vulnerable systems:
ViPNet Client 3.2.10 (15632) and...

Sony PS3 Firmware v4.31 - Code Execution Vulnerability Vulnerability Lab (May 20)
Title:
======
Sony PS3 Firmware v4.31 - Code Execution Vulnerability

Date:
=====
2013-05-12

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=767

VL-ID:
=====
767

Common Vulnerability Scoring System:
====================================
6.5

Introduction:
=============
The PlayStation 3 is the third home video game console produced by Sony Computer Entertainment and the successor to the
PlayStation 2 as part of the...

Trend Micro DirectPass 1.5.0.1060 (Cloud) Software - Multiple Software Vulnerabilities Vulnerability Lab (May 20)
Title:
======
Trend Micro DirectPass 1.5.0.1060 (Cloud) Software - Multiple Software Vulnerabilities

Date:
=====
2013-05-21

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=894

Article: http://www.vulnerability-lab.com/dev/?p=580

Trend Micro (Reference): http://esupport.trendmicro.com/solution/en-US/1096805.aspx
Trend Micro Solution ID: 1096805

Video: http://www.vulnerability-lab.com/get_content.php?id=951

VL-ID:...

Re: exploitation ideas under memory pressure Tavis Ormandy (May 20)
I guess I'm talking to myself, maybe this list is all about XSS now ;)

I'm quite proud of this list cycle trick, here's how to turn it into an
arbitrary write.

First, we create a watchdog thread that will patch the list atomically
when we're ready. This is needed because we can't exploit the bug while
HeavyAllocPool is failing, because of the early exit in pprFlattenRec:

.text:BFA122B8 call newpathrec...

Re: My ISP is routing traffic to private addresses... Patrick Webster (May 20)
Maybe when we cut over to IPv6 the ISPs will revert to the golden age of
putting all their gear on publicly addressable space :)

Conversely, an enjoyable network design is where you route public IPs from
a private network to a private network, and the public IP has different
services on the internet to the internally routed version, but clients need
access to both.

NATing heaven.

Critical issues affecting multiple game engines ReVuln (May 20)
We have just released a paper [1], in which we detail several 0-day
issues affecting a number of different game engines, including: Unreal
Engine, CryEngine 3 and idTech 4.

During our presentation at the recent NoSuchCon conference in Paris, we
discussed [2] additional details about game engine issues. Additionally
we demonstrated [3] how an attacker can use master servers to perform
mass-exploiting of game vulnerabilities, in order to target...

Re: My ISP is routing traffic to private addresses... Alexander Georgiev (May 20)
Because private addresses have no global meaning, routing information
about private networks shall not be propagated on inter-enterprise
links, and packets with private source or destination addresses
should not be forwarded across such links. Routers in networks not
using private address space, especially those of Internet service
providers, are expected to be configured to reject (filter out)
routing information about private...

Defense in depth -- the Microsoft way Stefan Kanthak (May 20)
Hi @ll,

the "Microsoft Installer" creates for applications installed via an
.MSI the following uninstall information in the Windows registry
(see <http://msdn.microsoft.com/library/aa372105.aspx>):

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall]
"UninstallString"="MsiExec.Exe /X{<GUID>}"
"ModifyPath"="MsiExec.Exe /I{<GUID>}"

Note the unqualified path...

Thttpd 2.25b Directory Traversal Vulnerability metropolis haxor (May 20)
Hi guys,
You can find the software affected at http://www.acme.com/software/thttpd/thttpd-2.25b.tar.gz
Thanks,
Metropolis
###########################################
#
# Software Name : Thttpd 2.25b
#
# Version : 2.25b (29dec2003)
#
# Bug Type : Directory Traversal Vulnerability
#
# Found by : Metropolis
#
# Home : http://metropolis.fr.cr
#
# Discovered : 19/05/2013
#
# Download app : http://www.acme.com/software/thttpd/thttpd-2.25b.tar.gz
#
#...

Interesting referrer URLs when accessing vulnerability disclosure information halfdog (May 19)
Hello list,

In the aftermath of most of my full-disclosure posts I've observed
quite interesting referrer URLs when someone tries to read information
provided explaining the issue. In quite some cases, those requests can
be attributed to national CERTs, software distributors' security
teams, universities with IT-security research units, ... accessing
that information.

Information leaked via the referrer URLs indicates, that a...

Revision of "IPv6 Stable Privacy Addresses" (Fwd: I-D Action: draft-ietf-6man-stable-privacy-addresses-07.txt) Fernando Gont (May 19)
Folks,

We have published a revision of our IETF I-D "A method for Generating
Stable Privacy-Enhanced Addresses with IPv6 Stateless Address
Autoconfiguration (SLAAC)".

This revision is available at:
<http://tools.ietf.org/html/draft-ietf-6man-stable-privacy-addresses-07>.

This proposal is key for the mitigation of address-scanning attacks,
while at the same time preventing host-tracking.

Stay tuned for more IPv6 security news...

AFU vulnerabilities in MCImageManager for TinyMCE MustLive (May 19)
Hello list!

I want to warn you about vulnerabilities in Moxiecode Image Manager
(MCImageManager). This is commercial plugin for TinyMCE. It concerns as
MCImageManager, as all web applications which have MCImageManager in their
bundle.

These are Arbitrary File Uploading vulnerabilities, which lead to Code
Execution on IIS and Apache web servers.

-------------------------
Affected products:
-------------------------

Vulnerable are Moxiecode...

AFU vulnerabilities in MCFileManager for TinyMCE MustLive (May 18)
Hello list!

I want to warn you about vulnerabilities in Moxiecode File Manager
(MCFileManager). This is commercial plugin for TinyMCE. It concerns as
MCFileManager, as all web applications which have MCFileManager in their
bundle.

These are Arbitrary File Uploading vulnerabilities, which lead to Code
Execution on IIS and Apache web servers.

-------------------------
Affected products:
-------------------------

Vulnerable are Moxiecode...

Re: My ISP is routing traffic to private addresses... Justin Elze (May 18)
The idea behind private IP space is it doesn't leave the ISPs AS via BGP to
the rest of the internet.

Re: My ISP is routing traffic to private addresses... Dan Dart (May 18)
Virgin at least use the 172.16.x.x internally to their infrastructure
- and they suggest you use 192.168.x.x for your personal use.
Traceroutes to any "external" address outside of their network go
through a 172.16.x.x

More Lists

Dozens of other network security lists are archived at SecLists.Org.