In some mail from Elizabeth Zwicky, sie said:
>
> > I've never heard of anyone suggesting you could copy data
> >from one port to another, if only because there's no such thing as an
> >open file in postscript.
>
> Sure there is. PostScript has all the standard file handling, among
> other things

[ more ]  [ reply ]

On Thu, 22 Jan 2004, Steve G wrote:
> Xinetd, stunnel, and sshd can all run completely untrusted
> applications without leaking their listening descriptor. Why
> can't apache? Its not just mod_perl, mod_php leaks the https
> descriptor, too.

Xinetd, stunnel, and sshd all run completely untrusted a

[ more ]  [ reply ]

Your view will depend on whether you are a Republican or a Democrat IF
you are in the US. If you are a member of another party in the US you
will likely say a pox on both. If you are not in the US you will sit
there laughing at both sides.

Whether a hack or a bad configuration, from a moral point w

[ more ]  [ reply ]

Darren Reed wrote:

> > During one of our security reviews the following situation was
> > uncovered. What are your thoughts?
> >
> > Suppose a postscript printer has multiple interfaces connected to
> > different networks, is there a way to leverage PostScript to create a
> > vulnerability suc

[ more ]  [ reply ]

> I've never heard of anyone suggesting you could copy data
>from one port to another, if only because there's no such thing as an
>open file in postscript.

Sure there is. PostScript has all the standard file handling, among
other things for handling peripherals for font storage. Alas, I am
moving

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrake Linux Security Update Advisory
_______________________________________________________________________

Package name: slocate
Advisory ID:

[ more ]  [ reply ]

At Freitag, 23. Januar 2004 06:01 Darren Reed wrote:
> First, remember that postscript has been designed for rendering images
> on a page. It has -no- native networking comands nor ability to talk
> to any peripheral.

This statement is misleading. PostScript allows reading and writing of files
for

[ more ]  [ reply ]

On Thu, 22 Jan 2004, Bob Kryger wrote:

> During one of our security reviews the following situation was
> uncovered. What are your thoughts?
>
> Suppose a postscript printer has multiple interfaces connected to
> different networks, is there a way to leverage PostScript to create a
> vulnerability

[ more ]  [ reply ]

Good morning, der Mouse,

as bugtraq is not letting our postings pass, I cc the full disclosure
list, where this topic happened to start also.

Hope I address you correctly. .o)

At Samstag, 24. Januar 2004 05:38 you wrote:
> > [...] All print jobs come in as PostScript-readable
> > files (program p

[ more ]  [ reply ]

> I've never heard of anyone suggesting you could copy data from one
> port to another, if only because there's no such thing as an open
> file in postscript.

Actually, PostScript does have open files; find a Red Book, look up the
"file" operator, and follow the pointers to elsewhere. (Many/most
P

[ more ]  [ reply ]

At Freitag, 23. Januar 2004 05:15 der Mouse wrote:
> [about reading arbitray memory locaition with PostScript]
> ... such a thing is unnecessary for normal use

And it is not needed. All print jobs come in as PostScript-readable
files (program plus data) and the software on the printer
which reads a

[ more ]  [ reply ]

Circa 2004-01-23 16:01:02 +1100 dixit Darren Reed:

: In some mail from Bob Kryger, sie said:
: > Suppose a postscript printer has multiple interfaces connected to
: > different networks, is there a way to leverage PostScript to create a
: > vulnerability such as.
: >
: > 1. Allow an attacker log

[ more ]  [ reply ]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Software: Oracle HTTP Server Powered by Apache
Vendor: http://www.apache.com
http://www.oracle.com
Versions: Oracle HTTP Server Powered by Apache/1.3.22 (Win32)
mod_plsql/3.0.9.8

[ more ]  [ reply ]

Donato Ferrante

Application: Tiny Server
http://sourceforge.net/projects/tinyserver

Version: 1.1 (1.0.5)

Bugs: Multiple Vulnerabilities

Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]
web: www.aut

[ more ]  [ reply ]

S-Quadra Advisory #2004-01-23

Topic: QuadComm Q-Shop ASP Shopping Cart Software multiple security
vulnerabilities
Severity: High
Vendor URL: http://www.quadcomm.com
Advisory URL: http://www.s-quadra.com/advisories/Adv-20040123.txt
Release date: 23 Jan 2004

1. DESCRIPTION

Q-Shop is a shoppin

[ more ]  [ reply ]

Steve G wrote:

>>Then one just writes a perl extension in C. Who's responsible
>>then?
> But don't you need root to add extentions?

>>Who's responsible if you just write a C module which hijacks the
>>descriptors?
> Again, you need an admin to update apache's config.

you need an admin to updat

[ more ]  [ reply ]

> It has been suggested that PostScript is very powerful and can be
> used to accomplish a number of general purpose computing tasks
> including copying data from one port to another and examining memory.

PostScript, as a language, is Turing-universal, yes. If the
implementation permits opening ar

[ more ]  [ reply ]

VENDOR: Finjan (www.finjan.com)

PRODUCT: SurfinGate (recently renamed ?Vital Security?)

VERSIONS: All releases of versions 6 & 7 as of 1/22/2004.

Older versions have not been tested.

NOTIFICATION: The vendor has known of the problem over a year

DESCRIPTION

[ more ]  [ reply ]

Phorum 3.4.5 Vulnerabilities

-----------------------------
Credit:
Author: : Calum Power
Version(s) : <= 3.4.5
Vendor : Phorum
Vendor URL : http://phorum.org

Vendor Contacted: Yes
Vendor Fix: Phorum has released Phorum v3.4.6 as a response to this
advisory. Please patch your vulnerable

[ more ]  [ reply ]

On Thu, 2004-01-22 at 09:25, Richard M. Smith wrote:
> http://www.boston.com/news/nation/articles/2004/01/22/infiltration_of_fi
les_
> seen_as_extensive?mode=PF
>
> Infiltration of files seen as extensive
> Senate panel's GOP staff pried on Democrats
> By Charlie Savage, Globe Staff, 1/22/2004
>
>

[ more ]  [ reply ]

This was clearly not a "hack attack". The title and opening content of this
article is quite intentionally misleading. The phrases "infiltration",
"monitoring secret memos", "exploited computer glitch", "hack attack" are
used. If you read the entire article you will find out the following:

First

[ more ]  [ reply ]

In some mail from Bob Kryger, sie said:
>
> During one of our security reviews the following situation was
> uncovered. What are your thoughts?
>
> Suppose a postscript printer has multiple interfaces connected to
> different networks, is there a way to leverage PostScript to create a
> vulnera

[ more ]  [ reply ]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Software: Novell Netware
Vendor: http://www.Novell.com
Versions: NetWare-Enterprise-Web-Server/5.1/6.0
Platforms: Windows
Bug: Multiple Vulnerabilities
Risk: Medium
E

[ more ]  [ reply ]

>Then one just writes a perl extension in C. Who's responsible
>then?

But don't you need root to add extentions?

>Who's responsible if you just write a C module which hijacks the
>descriptors?

Again, you need an admin to update apache's config.

>Where do you draw the line?

I would think apac

[ more ]  [ reply ]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Software: FREESCO public http server - Running thttpd/2.05 09nov99
Vendor: http://www.freesco.org
Versions: 2.05
Platforms: Unix
Bug: Cross Site Scripting Vulnerabillity
Risk:

[ more ]  [ reply ]

Eric,

I would tend to agree with the other critiques of the paper and would
include one more point. In your analysis of p_r (probability of
rediscovery), you assume its value to be very low, if not zero, for most
bugs (on a side note, vulnerabilities would be a much better term
here). This is der

[ more ]  [ reply ]

>At least, it's possible to store descriptors table and
>implement check for descriptor in every perl file/socket
>function inside mod_perl (and mod_php and mod_something) and
>only allow access to std descriptors and to descriptors open
>inside same script. The choice is between spee

[ more ]  [ reply ]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Software: GeoHttpServer
Vendor: GEOVISION INC
http://www.geovision.com.tw
Versions: ALL
Platforms: Unix
Bug: Authentification Bypass Vulnerability & D.O.S (Den

[ more ]  [ reply ]

* 3APA3A <3APA3A (at) SECURITY.NNOV (dot) RU [email concealed]> wrote:

> You're right: mod_perl is inside apache memory space and can access any
> descriptor, so it's impossible to blame apache descriptor is leaked. But
> you're wrong. mod_perl has access to memory, not perl script. At least,
> it's possible to store des

[ more ]  [ reply ]

3APA3A wrote:

> Dear Ben Laurie,
>
> --Thursday, January 22, 2004, 6:53:01 PM, you wrote to linux_4ever (at) yahoo (dot) com [email concealed]:
>
> BL> This is not a leak - mod_perl is a module that is compiled into Apache,
> BL> and hence has access to all its resources (including memory). If you
> BL> want to run untrusted

[ more ]  [ reply ]