Full Disclosure

Syndicate content
An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience.
Updated: 42 min 11 sec ago

[ GLSA 201009-01 ] wxGTK: User-assisted execution of arbitrary code

2 hours 51 min ago

Posted by Alex Legler on Sep 02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201009-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: wxGTK: User-assisted execution of arbitrary code...

Re: DLL hijacking with Autorun on a USB drive

3 hours 48 min ago

Posted by coderman on Sep 02

sir, you've got a Coyotos stuck in your mustache. what did you eat for lunch?

Re: DLL hijacking with Autorun on a USB drive

3 hours 56 min ago

Posted by coderman on Sep 02

there are some useful mitigations around these inevitable failures,
http://qubes-os.org/Architecture.html is an example of isolation
rather than correctness i've liked since NetTop wrapped RSBAC policy
around vmware guest isolation...

defense in depth loves company, so application correctness, in
addition to NX / other hw protections on guest/host, in addition to
virtual machine isolation, in addition to RSBAC constraints, in
addition to ......

Re: DLL hijacking with Autorun on a USB drive

4 hours 6 min ago

Posted by Valdis . Kletnieks on Sep 02

Yeah, but hacking a Harvard architecture is still balls harder than hacking
a von Neumann architecture. ;)

Bug in vde_plug, remote exploitation possible?

4 hours 22 min ago

Posted by halfdog on Sep 02

Vde (virtual distributed ethernet) is an ethernet compliant virtual network that
can be spawned over a set of physical computers over the internet ... (see
http://vde.sourceforge.net).

The vde_plug (at least on ubuntu hardy) contains a bug, that is triggered when a
certain amount of encapsulated ether frame data is sent to the plug in a
specially timed manner. When the input buffer is filled just with a single byte,
vde_plug uses also the first...

Re: DLL hijacking with Autorun on a USB drive

5 hours 14 min ago

Posted by Pavel Kankovsky on Sep 02

If your OS's security model "understands" programs and data belong in
different security domains then every instruction of code on your computer
is trusted to enforce that policy. Your line of defence goes through every
program and any bug can breach it. The failure is inevitable. [1]

[1] P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor,
S. J. Turner and J. F. Farrell, "The Inevitability of Failure: The Flawed...

Re: question regarding RSA

5 hours 46 min ago

Posted by Pavel Kankovsky on Sep 02

You made general questions about RSA as a cryptographic primitive.
There was nothing about PKI in them.

RSA encryption uses public keys. Public keys are--as their name
suggests--supposed to be known publicly. Anyone can compute ciphertexts
from plaintexts. An encryption oracle will not help you crack RSA private
keys. If you can do it with the oracle, you can do it without the oracle
as well.

As far as encryption is concerned the purpose of...

Verizon Wireless security contact?

8 hours 32 min ago

Posted by auto666077 on Sep 02

I'm looking for a Verizon Wireless security contact to report
somewhat minor security issues with their software. If you know
one, I'd appreciate it if you could reply to me with their contact
info.

[ MDVSA-2010:169 ] mozilla-thunderbird

9 hours 17 min ago

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:169
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mozilla-thunderbird
Date : September 2, 2010
Affected: 2008.0, 2009.0, 2010.0, 2010.1
_______________________________________________________________________

Problem...

Re: DLL hijacking POC (failed, see for yourself)

10 hours 5 min ago

Posted by p8x on Sep 02

Hi Christian,

I tested the POC here on Win 7 x64 ultimate fully updated and the issue
does work for me.

Vulnerabilities in CMS WebManager-Pro

10 hours 10 min ago

Posted by MustLive on Sep 02

Hello Full-Disclosure!

I want to warn you about SQL Injection and Redirector (URL Redirector Abuse)
vulnerabilities in CMS WebManager-Pro (SecurityVulns ID:11108). It's
Ukrainian commercial CMS.

SQL Injection:

http://site/c.php?id=1%20and%20version()=5

Redirector:

http://site/c.php?id=1&url=http://websecurity.com.ua

Affected products: both systems CMS WebManager-Pro from two developers.
Vulnerable are versions CMS WebManager-Pro up to...

Re: DLL hijacking POC (failed, see for yourself)

10 hours 19 min ago

Posted by Jacky Jack on Sep 02

http://support.microsoft.com/kb/2264107

This is just optional. Not mandatory patch update as far as I know.

[USN-982-1] Wget vulnerability

10 hours 22 min ago

Posted by Marc Deslauriers on Sep 02

===========================================================
Ubuntu Security Notice USN-982-1 September 02, 2010
wget vulnerability
CVE-2010-2252
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem...

Re: DLL hijacking POC (failed, see for yourself)

10 hours 25 min ago

Posted by Larry Seltzer on Sep 02

I don’t think you read my e-mail. They fixed it. Have you retested today?

*From:* Christian Sciberras [mailto:uuf6429 () gmail com]
*Sent:* Thursday, September 02, 2010 9:44 AM
*To:* Larry Seltzer
*Cc:* full-disclosure () lists grok org uk
*Subject:* Re: [Full-disclosure] DLL hijacking POC (failed, see for
yourself)

As I said at the very first email, the POC, even at it's best, doesn't work
on my 64bit system at all.

Regards,
Chris.

On Thu,...

Re: DLL hijacking POC (failed, see for yourself)

10 hours 27 min ago

Posted by Christian Sciberras on Sep 02

As I said at the very first email, the POC, even at it's best, doesn't work
on my 64bit system at all.

Regards,
Chris.

On Thu, Sep 2, 2010 at 3:41 PM, Larry Seltzer <larry () larryseltzer com>wrote:

Re: DLL hijacking POC (failed, see for yourself)

10 hours 30 min ago

Posted by Larry Seltzer on Sep 02

FYI everyone, ACROS has fixed the POC for 64-bit systems. The old one
failed on my Win7 64-bit and the new one works.

http://www.binaryplanting.com/test.htm

I did notice that if you just click on the link
(\\www.binaryplanting.com\demo\windows_address_book_64) Windows turns it
into a file:// url and opens it in the default browser (Chrome in my
case). The POC won't work because there's no remote CWD (at least I
imagine there isn't). If this is...

Re: DLL hijacking POC (failed, see for yourself)

14 hours 56 min ago

Posted by Darren McDonald on Sep 02

We're not, Microsoft have decided to make it the system administrators
problem through this registry setting. Which is fair enough IMO :)

(resent as I used the wrong from address)

Re: DLL hijacking POC (failed, see for yourself)

14 hours 58 min ago

Posted by Darren McDonald on Sep 02

I think that depends if its installed and on how the setting is
configured. Some environments are going to require DLLs to be loaded
from remote shares, others not. This isnt a 'patch' to a software
security flaw, its a security setting. Im guessing the default
configuration maybe messing around with the mentioned PoC, that was my
only point.

Re: DLL hijacking POC (failed, see for yourself)

15 hours 3 min ago

Posted by Christian Sciberras on Sep 02

Uh, what I was asking, is, with this patch in place, the issue is fixed,
forever?

Cheers,
Chris.

Re: DLL hijacking POC (failed, see for yourself)

15 hours 8 min ago

Posted by Christian Sciberras on Sep 02

Thanks Darren, that was very enlightening.
Considering those facts, where are we at in fixing this whole issue?

Cheers,
Chris.