|
Full Disclosure
mailing list archives
Re: Full-Disclosure Digest, Vol 80, Issue 70
From: JW <mirage1228 () yahoo com>
Date: Wed, 19 Oct 2011 08:47:19 -0700
Unsubscribe
Sent from my iPhone.
On Oct 19, 2011, at 4:00 AM, full-disclosure-request () lists grok org uk wrote:
Send Full-Disclosure mailing list submissions to
full-disclosure () lists grok org uk
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
full-disclosure-request () lists grok org uk
You can reach the person managing the list at
full-disclosure-owner () lists grok org uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."
Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you.
Today's Topics:
1. Re: eurotax.com XSS (doc mombasa)
2. [ MDVSA-2011:156 ] tomcat5 (security () mandriva com)
3. [ GLSA 201110-13 ] Tor: Multiple vulnerabilities (Tim Sammut)
4. Verizon Wireless to Sell Customers' Data to Advertisers
(Jeffrey Walton)
5. HackInTheBox Quartal Magazine - eZine Issue #007
(research () vulnerability-lab com)
6. Re: Verizon Wireless to Sell Customers' Data to Advertisers
(Jeffrey Walton)
7. Airvpn makes statement regarding hidemyass proxy (Laurelai)
8. DNS Poisoning via Port Exhaustion (Roee Hay)
9. ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector
Remote Code Execution Vulnerability (ZDI Disclosures)
10. Re: About reDuh (Bugtrace)
----------------------------------------------------------------------
Message: 1
Date: Tue, 18 Oct 2011 17:23:45 +0200
From: doc mombasa <doc.mombasa () gmail com>
Subject: Re: [Full-disclosure] eurotax.com XSS
To: DasKommandoPetraWolf () gmx net
Cc: full-disclosure () lists grok org uk
Message-ID:
<CAFMAuHq=cKmCwtGcoUphMBpSDi-GKQQn1bU1n_TCs0Wtiz4upQ () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"
lol seriously?
2011/10/17 <DasKommandoPetraWolf () gmx net>
Rotfront Genossen!
Im revolutionaeren Kampf und auf der Suche nach Alternativen zu
kapitalistischer Standardsoftware und Unternehmen hat
"Das Kommando Petra Wolf" sogenannte angebliche Sicherheitsluecken
in Form von XSS gefunden:
http://wli-de.eurotax.com/wli/dede/entry/welcome.php?koop_id=";><iframe
src='' onload=alert('BorkBork')>
Wir entschuldigen uns bei der Security Szene, dass wir uns nur damit
ausweisen koennen. Es wird keine weiteren XSS Advisories geben.
Der Wolf ist schwarz.
gezeichnet
Das Kommando Petra Wolf
--
"Wir bringen Kommunismus nach Amerika"
--
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20111018/c80de222/attachment-0001.html
------------------------------
Message: 2
Date: Tue, 18 Oct 2011 18:04:00 +0200
From: security () mandriva com
Subject: [Full-disclosure] [ MDVSA-2011:156 ] tomcat5
To: full-disclosure () lists grok org uk
Message-ID: <E1RGC92-0004yV-Ml () titan mandriva com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:156
http://www.mandriva.com/security/
_______________________________________________________________________
Package : tomcat5
Date : October 18, 2011
Affected: 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in tomcat
5.5.x:
The implementation of HTTP DIGEST authentication in tomcat was
discovered to have several weaknesses (CVE-2011-1184).
Apache Tomcat, when the MemoryUserDatabase is used, creates log entries
containing passwords upon encountering errors in JMX user creation,
which allows local users to obtain sensitive information by reading
a log file (CVE-2011-2204).
Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP
NIO connector, does not validate certain request attributes, which
allows local users to bypass intended file access restrictions or
cause a denial of service (infinite loop or JVM crash) by leveraging
an untrusted web application (CVE-2011-2526).
Certain AJP protocol connector implementations in Apache Tomcat allow
remote attackers to spoof AJP requests, bypass authentication, and
obtain sensitive information by causing the connector to interpret
a request body as a new request (CVE-2011-3190).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190
http://tomcat.apache.org/security-5.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
773a5fc229b75a431546c24f560e8913 2010.1/i586/tomcat5-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
6164f8836446357d0c524706e74cfaac 2010.1/i586/tomcat5-admin-webapps-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
608020232619e313b1e5b78c925e3ec9 2010.1/i586/tomcat5-common-lib-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
a014466c79378815eea53bf71058a811 2010.1/i586/tomcat5-jasper-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
fc23df07e993d5563ba5ea6cc19c7faf 2010.1/i586/tomcat5-jasper-eclipse-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
1e293502cc60a9543a83241165668df1 2010.1/i586/tomcat5-jasper-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
8bf104f92c4c365beea776a3e335dd74 2010.1/i586/tomcat5-jsp-2.0-api-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
34d375a720129c779a8396df0fea4332 2010.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
f266c74edee028677a2b2ce0d907f194 2010.1/i586/tomcat5-server-lib-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
f290cdda12fe10cbd2131f769ac001c0 2010.1/i586/tomcat5-servlet-2.4-api-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
86065d9a174943936047a07e6ee44de8 2010.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
eae685ce8ecee314b6d2221198eacc90 2010.1/i586/tomcat5-webapps-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
c5363a8910ef6f6ba395dc9222f66e42 2010.1/SRPMS/tomcat5-5.5.28-0.5.0.3mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
05f89a0bd05436ab648a2b6e7921cd7c 2010.1/x86_64/tomcat5-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
beb3f7bee12e2c3d27d2da45cd4d5cbf 2010.1/x86_64/tomcat5-admin-webapps-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
94f8860fdcc706d20e32f519a5f44e62 2010.1/x86_64/tomcat5-common-lib-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
1ae847ee8fccc93b0fbcd3caa20e3f4c 2010.1/x86_64/tomcat5-jasper-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
593df02d912d630bb580156d1352cee4 2010.1/x86_64/tomcat5-jasper-eclipse-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
00933232ea5411c8194b94caa2576365 2010.1/x86_64/tomcat5-jasper-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
2bad11a52672af123cb464fbd5195650 2010.1/x86_64/tomcat5-jsp-2.0-api-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
3b31cfb99a68d45022fe09a34623b78d 2010.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
8bfdc07d6a914edf7dac32e0641cbc0c 2010.1/x86_64/tomcat5-server-lib-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
c7667a661a3654750fc0069a1fa10289 2010.1/x86_64/tomcat5-servlet-2.4-api-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
51fb24de9c2cbbbbc10bad1a29d85709 2010.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
011186ea5ab76f3b4eac56e0ada5e080 2010.1/x86_64/tomcat5-webapps-5.5.28-0.5.0.3mdv2010.2.noarch.rpm
c5363a8910ef6f6ba395dc9222f66e42 2010.1/SRPMS/tomcat5-5.5.28-0.5.0.3mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
125a7eb9dcc1683f8ac07af85ca76ec0 mes5/i586/tomcat5-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
24c7aa0d7ea2ca4d9e4e1d9544ea16f8 mes5/i586/tomcat5-admin-webapps-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
568879dcf8335d6bf98076170f052072 mes5/i586/tomcat5-common-lib-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
84e69e48ecd35f246d4fa6ed926efad9 mes5/i586/tomcat5-jasper-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
540440225e1f3ce5de895c8ed46f2443 mes5/i586/tomcat5-jasper-eclipse-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
a9ff3a61cd9708fb2ad6ba6fd9112aff mes5/i586/tomcat5-jasper-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
1939ea1c2e62dc94a7835a6ac6dbf6e3 mes5/i586/tomcat5-jsp-2.0-api-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
d17ced8fe80f33f3007bc9dd8f7c446e mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
21ffcde63e835e3532d3383f9607c8b7 mes5/i586/tomcat5-server-lib-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
38f82d3d0cb274d8e3a8781f4087eff4 mes5/i586/tomcat5-servlet-2.4-api-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
f6d5fc18de6eb4eb64a4410514df3544 mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
57026e2da95e91b2a4140caa443afd1e mes5/i586/tomcat5-webapps-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
dc2118f7227a36e842cefaf417338a36 mes5/SRPMS/tomcat5-5.5.28-0.5.0.3mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
74e8a69d9970bd3fe07aa5014deed2d4 mes5/x86_64/tomcat5-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
febe57b644b0341a2abe88bc412d83d8 mes5/x86_64/tomcat5-admin-webapps-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
3045ba1b90c28c481b562946651dc0d2 mes5/x86_64/tomcat5-common-lib-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
3329413dde2923f317feacaac38ce303 mes5/x86_64/tomcat5-jasper-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
c689ea5d6a2305e98f17d2e62af54a65 mes5/x86_64/tomcat5-jasper-eclipse-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
4f9f1bdcdc48b702fcfbb72f5a0b0654 mes5/x86_64/tomcat5-jasper-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
b054e07dda62cd976d426a787cc2cf8e mes5/x86_64/tomcat5-jsp-2.0-api-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
9c7a9d767e8f843413b749194f5edd33 mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
1acee64bbbc9e257badcbf4a3dbbd8e5 mes5/x86_64/tomcat5-server-lib-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
a39d5bef79a400f012e41ffe7d1b17c8 mes5/x86_64/tomcat5-servlet-2.4-api-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
6464fd323297c3d6619131c7b432c580 mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
fffd75e85b90aba4b6a3a5c73cabb944 mes5/x86_64/tomcat5-webapps-5.5.28-0.5.0.3mdvmes5.2.noarch.rpm
dc2118f7227a36e842cefaf417338a36 mes5/SRPMS/tomcat5-5.5.28-0.5.0.3mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFOnXa8mqjQ0CJFipgRAjmhAKDAS/US19egFVhiWmlS0O4FvKdFYACgiZbR
bUKgLw+nMniLQoAxCSXVRac=
=dh2c
-----END PGP SIGNATURE-----
------------------------------
Message: 3
Date: Tue, 18 Oct 2011 11:38:11 -0700
From: Tim Sammut <underling () gentoo org>
Subject: [Full-disclosure] [ GLSA 201110-13 ] Tor: Multiple
vulnerabilities
To: gentoo-announce () gentoo org
Cc: full-disclosure () lists grok org uk, bugtraq () securityfocus com,
security-alerts () linuxsecurity com
Message-ID: <4E9DC793.9080107 () gentoo org>
Content-Type: text/plain; charset="iso-8859-1"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Tor: Multiple vulnerabilities
Date: October 18, 2011
Bugs: #351920, #359789
ID: 201110-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities were found in Tor, the most severe of which
may allow a remote attacker to execute arbitrary code.
Background
==========
Tor is an implementation of second generation Onion Routing, a
connection-oriented anonymizing communication service.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/tor < 0.2.1.30 >= 0.2.1.30
Description
===========
Multiple vulnerabilities have been discovered in Tor. Please review the
CVE identifiers referenced below for details.
Impact
======
A remote unauthenticated attacker may be able to execute arbitrary code
with the privileges of the Tor process or create a Denial of Service.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Tor users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.30"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since April 2, 2011. It is likely that your system is already
no longer affected by this issue.
References
==========
[ 1 ] CVE-2011-0015
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0015
[ 2 ] CVE-2011-0016
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0016
[ 3 ] CVE-2011-0427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0427
[ 4 ] CVE-2011-0490
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0490
[ 5 ] CVE-2011-0491
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0491
[ 6 ] CVE-2011-0492
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0492
[ 7 ] CVE-2011-0493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0493
[ 8 ] CVE-2011-1924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1924
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-13.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20111018/3ec29475/attachment-0001.bin
------------------------------
Message: 4
Date: Tue, 18 Oct 2011 15:00:38 -0400
From: Jeffrey Walton <noloader () gmail com>
Subject: [Full-disclosure] Verizon Wireless to Sell Customers' Data to
Advertisers
To: FunSec List <funsec () linuxbox org>, Full Disclosure
<full-disclosure () lists grok org uk>
Message-ID:
<CAH8yC8m+q=rKUFNMPFyn1EoVb0Dug+wZaQymR_E8XOyi3R4aDA () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1
http://www.securitynewsdaily.com/verizon-wireless-sell-customers-data-to-advertisers-1249
Verizon Wireless will now collect phone users' information, including
their GPS location and Web browsing history, and sell the data to
third parties unless customers opt out of the tracking service.
Verizon Wireless' (VZW) updated privacy policy permits the mobile
giant to also track customers' app usage, device type, calling
features and amount of phone use, as well as any search terms they
type when browsing the Web on a VZW mobile device, and demographic
information provided by other companies, such as gender and age.
...
------------------------------
Message: 5
Date: Tue, 18 Oct 2011 21:29:12 +0200
From: "research () vulnerability-lab com"
<research () vulnerability-lab com>
Subject: [Full-disclosure] HackInTheBox Quartal Magazine - eZine Issue
#007
To: full-disclosure () lists grok org uk,
submissions () packetstormsecurity org
Message-ID: <4E9DD388.6020802 () vulnerability-lab com>
Content-Type: text/plain; charset=ISO-8859-15
;)
Title:
======
HITB Quartal Magazine - eZine Issue 007
Date:
=====
2011-10-18
References:
===========
Original: http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-007.pdf
Article: http://magazine.hitb.org/
Mirror: http://www.vulnerability-lab.com/resources/documents/297.pdf
Article: http://www.vulnerability-lab.com/get_content.php?id=297
VL-ID:
=====
297
Status:
========
Published
Exploitation-Technique:
=======================
Magazin
Severity:
=========
Critical
Details:
========
Hello readers and welcome to issue #7.
It has been a long journey since the first release of the magazine and we have seen a lot of changes and
improvements overtime and still trying our best to do more.
But as we grow, the amount of work and the time we need to spend working on the magazine have also increased,
thus requiring us to recruit more people to join our small editorial team. So, if you think you would like to
do something for the community and believe that we can have a great use of your talent - Feel free to drop
us an email!
As for issue #7, Jonathan Kent wrote a great piece of article about the current global crisis in the cyberspace
while Aditya K. Sood and his team on the other hand wrote about extending SQL injection attacks through buffer
overflow exploitation. We are also very happy to have Jonathan Brossard contributing an article introducing the
readers to his newly released exploitation framework. We will leave you to explore the rest of the articles and
we hope you enjoy them. Have fun reading this issue and more to come in issue #8!!
Zarul Shahrin Suhaimi
Editor-in-Chief,
Hack in The Box Magazine
Credits:
========
HackintheBox Team (HITB) - magazine.hitb.org
Disclaimer:
===========
The information provided in this document is provided as it is without any warranty. Vulnerability-Lab disclaims all
warranties,
either expressed or implied, including the warranties of merchantability and capability for a particular purpose.
Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss
of business
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such
damages. Some
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing
limitation
may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization
from Vulnerability-
Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights,
including the use of
other media, are reserved by Vulnerability-Lab or its suppliers.
Copyright ? 2011|Vulnerability-Lab
--
Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
Contact: admin () vulnerability-lab com or support () vulnerability-lab com
------------------------------
Message: 6
Date: Tue, 18 Oct 2011 15:49:05 -0400
From: Jeffrey Walton <noloader () gmail com>
Subject: Re: [Full-disclosure] Verizon Wireless to Sell Customers'
Data to Advertisers
To: FunSec List <funsec () linuxbox org>, Full Disclosure
<full-disclosure () lists grok org uk>
Message-ID:
<CAH8yC8=iHKN1OXn6maLdmtgGR2vxcWGHO_DW+VpEwJo8h0sWSQ () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1
On Tue, Oct 18, 2011 at 3:00 PM, Jeffrey Walton <noloader () gmail com> wrote:
http://www.securitynewsdaily.com/verizon-wireless-sell-customers-data-to-advertisers-1249
Verizon Wireless will now collect phone users' information, including
their GPS location and Web browsing history, and sell the data to
third parties unless customers opt out of the tracking service.
Verizon Wireless' (VZW) updated privacy policy permits the mobile
giant to also track customers' app usage, device type, calling
features and amount of phone use, as well as any search terms they
type when browsing the Web on a VZW mobile device, and demographic
information provided by other companies, such as gender and age.
FTC Complaint 33055545, https://www.ftccomplaintassistant.gov/.
FCC Complaint 11-C00340020, http://esupport.fcc.gov/complaints.htm.
------------------------------
Message: 7
Date: Tue, 18 Oct 2011 15:13:35 -0500
From: Laurelai <laurelai () oneechan org>
Subject: [Full-disclosure] Airvpn makes statement regarding hidemyass
proxy
To: "full-disclosure () lists grok org uk"
<full-disclosure () lists grok org uk>
Message-ID: <4E9DDDEF.2080206 () oneechan org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
https://airvpn.org/index.php?option=com_kunena&Itemid=55&func=view&catid=2&id=891#891
<https://airvpn.org/index.php?option=com_kunena&Itemid=55&func=view&catid=2&id=891#891>
------------------------------
Message: 8
Date: Tue, 18 Oct 2011 22:39:25 +0200
From: Roee Hay <roeeh () il ibm com>
Subject: [Full-disclosure] DNS Poisoning via Port Exhaustion
To: bugtraq <bugtraq () securityfocus com>,
full-disclosure () lists grok org uk, dailydave () lists immunityinc com
Message-ID:
<CAA4i3gYFah=XN7=VgHDybKOYE35FeSVkRf8cZEKVjRaX9EDnUA () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1
Hey,
Today we are releasing a very interesting whitepaper which describes a DNS
poisoning attack against stub resolvers.
It discloses two vulnerabilities:
1. A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables remote
DNS poisoning using Java applets. This vulnerability can be triggered when
opening a malicious webpage. A successful exploitation of this vulnerability
may lead to disclosure and manipulation of cookies and web pages, disclosure
of NTLM credentials and clipboard data of the logged-on user, and even
firewall bypass.
2. A vulnerability in multiuser Windows environments which enables local DNS
cache poisoning of arbitrary domains. This vulnerability can be triggered
by a normal user (i.e. one with non-administrative rights) in order to
attack other users of the system. A successful exploitation of this
vulnerability may lead to information disclosure, privilege escalation,
universal XSS and more.
Whitepaper: http://bit.ly/q31wSq
A blog post with video demos: http://bit.ly/qu4Ez7
Roee Hay <roeeh () il ibm com>, IBM Rational Application Security Research Group
Yair Amit <yairam () gmail com>
------------------------------
Message: 9
Date: Tue, 18 Oct 2011 16:23:56 -0500
From: ZDI Disclosures <zdi-disclosures () tippingpoint com>
Subject: [Full-disclosure] ZDI-11-295 : Apple QuickTime FlashPix JPEG
Tables Selector Remote Code Execution Vulnerability
To: full-disclosure () lists grok org uk, bugtraq () securityfocus com
Message-ID: <4E9DEE6C.7000008 () hp com>
Content-Type: text/plain; charset="iso-8859-1"
ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-295
October 18, 2011
-- CVE ID:
CVE-2011-3222
-- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
-- Affected Vendors:
Apple
-- Affected Products:
Apple Quicktime
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple Quicktime. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists within the way Quicktime handles flashpix
files. When a flashpix contains a tile that has a Compression Type 0x2
(JPEG) and an 'JPEG tables selector' value that is bigger then the
global stream property 'Maximum JPEG table index', Quicktime will write
outside the global JPEG table. This corruption could lead to remote code
execution under the context of the current user.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More details
can be found at:
http://support.apple.com/kb/HT5002
-- Disclosure Timeline:
2011-07-20 - Vulnerability reported to vendor
2011-10-18 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Damian Put
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 486 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20111018/d99dfb7b/attachment-0001.bin
------------------------------
Message: 10
Date: Wed, 19 Oct 2011 07:13:50 +0800
From: Bugtrace <bugtrace () gmail com>
Subject: Re: [Full-disclosure] About reDuh
To: full-disclosure <full-disclosure () lists grok org uk>
Message-ID:
<CABV4c6NiMsp9Uy77KS7kMEK=CUO9wmaxghqjmjjW4a4o8KSCUw () mail gmail com>
Content-Type: text/plain; charset=GB2312
java -jar reDuhClient.jar
Usage: java reDuhClient [URL-to-reDuh] <proxy-host:proxyport>
e.g. (HTTP) : java reDuhClient http://www.compromised.com/reDuh.jsp
e.g. (HTTPS): java reDuhClient https://www.compromised.com/reDuh.jsp
e.g. (PROXY): java reDuhClient https://www.compromised.com/reDuh.jsp
proxy-server:3128
2011/10/18 mezgani ali <handrix () gmail com>:
Is there any version that support https ?
2009/2/8 seclists <seclists () 126 com>
Thx for your kind help,bro.
The jsp version of reDuh is powerful, so cool.
??2009-02-08 07:39:41??"Haroon Meer" <haroon () sensepost com> ??????
Hi..
* seclists [seclists () 126 com] seemed to say:
Hi,bro
Thx For shareing reDuh. I have download reDuh(asp/php/jsp) and ReDuhClient from
http://www.sensepost.com/research/reDuh.
Then I have try it in my vmware,Reduh.jsp can work fine,But ReDuh.aspx can't.
I type the commond "java reDuhClient 192.168.8.102 80 /reDuh.aspx", it return error.
[Info]Querying remote JSP for usable remote RPC port
[Error] Tried to find a remote RPC port in the range 42000 to 42050 but no attem
pts were successful. Sorry it didn't work out.
What required for if let ReDuh.aspx work,please?
My environment:
windows 2003 Enterprise edition Sp2(Chinese)
IIS 6.0
ASP.NET Version is 2.0.50727
I seem to recall this exact error coming up in the past, and having been
resolved by ian () sensepost com
He will send you an email early next week with a little note on how to
fix it.
Thanks for using it, and please let us know if you have any other
questions..
Thanks
/mh
--
Haroon Meer, SensePost Information Security |
http://www.sensepost.com/blog/
PGP: http://www.sensepost.com/pgp/haroon.txt | Tel: +27 83786 6637
________________________________
????????????????????????
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Ali MEZGANI
Network Engineering/Security
http://www.nativelabs.org/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
End of Full-Disclosure Digest, Vol 80, Issue 70
***********************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Full-Disclosure Digest, Vol 80, Issue 70 JW (Oct 19)
|
