SecurityFocus

[slackware-security] libxml2 (SSA:2012-341-03) 2012-12-07
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libxml2 (SSA:2012-341-03)

New libxml2 packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix a security issue.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------

[ more ] [ reply ]

[slackware-security] ruby (SSA:2012-341-04) 2012-12-07
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ruby (SSA:2012-341-04)

New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current
to fix security issues.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/

[ more ] [ reply ]

CA20121205-01: Security Notice for CA XCOM Data Transport on Unix and Linux 2012-12-05
Kotas, Kevin J (Kevin Kotas ca com)

[ MDVSA-2012:177 ] bind 2012-12-05
security mandriva com

Buffalo LinkStation LS-WTGL Default Admin Account & Guest Access Information 2012-12-05
Darius Freamon (darius freamon gmail com)

After reading l0rd lunatic's post about the Buffalo router
(http://seclists.org/fulldisclosure/2012/Nov/234), noticed that going
to login page and clicking 'help' will show you the default admin
account. I think that is what he meant about information disclosure!
It also lets you login as guest and

[ more ] [ reply ]

Re: Stack overflow in Microsoft HTML Help 6.1 (CHM files) 2012-12-04
chiles simpson ctr usafa af mil

Hello Luigi,
Has anyone released a patch for this? I am under the gun to close out this Cat 1 write-up. Can you assist me?
Ed Simpson

[ more ] [ reply ]

[security bulletin] HPSB3C02831 SSRT100661 rev.1 - HP Intelligent Management Center User Access Manager (UAM), Remote Execution of Arbitrary Code 2012-12-04
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03589863

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03589863
Version: 1

HPSB3C02831 SS

[ more ] [ reply ]

[security bulletin] HPSBMU02816 SSRT100949 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access 2012-12-04
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03507416

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03507416
Version: 1

HPSBMU02816 SS

[ more ] [ reply ]

CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter 2012-12-04
Mark Thomas (markt apache org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- - Tomcat 7.0.0 to 7.0.31
- - Tomcat 6.0.0 to 6.0.35

Description:
The CSRF prevention filter could be bypasse

[ more ] [ reply ]

CVE-2012-3546 Apache Tomcat Bypass of security constraints 2012-12-04
Mark Thomas (markt apache org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2012-3546 Apache Tomcat Bypass of security constraints

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- - Tomcat 7.0.0 to 7.0.29
- - Tomcat 6.0.0 to 6.0.35
Earlier unsupported versions may also be affected

Descript

[ more ] [ reply ]

CVE-2012-4534 Apache Tomcat denial of service 2012-12-04
Mark Thomas (markt apache org)

CVE-2012-4534 Apache Tomcat denial of service

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Tomcat 7.0.0 to 7.0.27
- Tomcat 6.0.0 to 6.0.35

Description:
When using the NIO connector with sendfile and HTTPS enabled, if a
client breaks the connection while reading

[ more ] [ reply ]

[security bulletin] HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS) 2012-12-04
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03556108

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03556108
Version: 1

HPSBPI02828 SS

[ more ] [ reply ]

[security bulletin] HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access 2012-12-04
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03464042

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03464042
Version: 1

HPSBPI02807 SS

[ more ] [ reply ]

Re: MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day 2012-12-01
king cope (isowarez isowarez isowarez googlemail com)

(see attached)

Cheerio,

Kingcope
PK
ñ´A#mysql_win_remote_stuxnet_technique/PK?ó>Hã?þ?Â,mysql_win_remote_stuxnet_technique/event.cpp½U[oÚH~n¤ü?³¬?
W¤ô-?H8[TÈ6J«ÝÈì1ÕÌ¸3ãõ¿ïñÓ$]©Ú.ÌøÜ¾3çÚëÁ*í&e 0fL?É0aÔJÉ?L*KK¤Ð²`@Ë²à 5\?îéI¯wzrzò;IQ¥Þm9J%?ûÝü²MÖ&åi`åKE×?67Ä"_¹îÇoû

[ more ] [ reply ]

FreeSSHD Remote Authentication Bypass Zeroday Exploit 2012-12-01
king cope (isowarez isowarez isowarez googlemail com)

(see attachment)

Cheerio,

Kingcope
PK
ñ³AFreeFTPD_0day_src/PK»?ó>Ø?9æ?YFreeFTPD_0day_src/diff.txt??Í
Â0?ïû{è¡BSkú??â«??¦?KRHßD
Ø?;,3ìð4?e!·jëý?õµ\ù>^µÊ½ñí"ðæ¨â"?É?)EÆ?áèµ÷ÆY^Þ??w'ÆÂe;?´¢SIò²ïG
?b?Q9kµ
ü7ë'E¢¤è*)?Ô?&J0/?HßM(?§ »?OQ?*?üç÷PK?ó>Hã?þ?ÂFreeFTPD_0day_sr

[ more ] [ reply ]

FreeFTPD Remote Authentication Bypass Zeroday Exploit (Stuxnet technique) 2012-12-01
king cope (isowarez isowarez isowarez googlemail com)

(see attachment)

Cheerio,

Kingcope
PK
³AFreeSSHD_0day/PK
³AFreeSSHD_0day/FreeSSHD_0day/PK
®A.FreeSSHD_0day/FreeSSHD_0day/FreeSSHD_0day_src/PK»?ó>Ø?9æ?Y6Fre
eSSHD_0day/FreeSSHD_0day/FreeSSHD_0day_src/diff.txt??Í
Â0?ïû{è¡BSkú??â«??¦?KRHßD
Ø?;,3ìð4?e!·jëý?õµ\ù>^µÊ½ñí"ðæ¨â"?É

[ more ] [ reply ]

Centrify Deployment Manager v2.1.0.283 2012-12-04
larry0 me com

This is actually the login UID of the user Deployment manager is being run as.

>Centrify Deployment Manager v2.1.0.283

[ more ] [ reply ]

Centrify Deployment Manager v2.1.0.283 2012-12-04
larry0 me com

Centrify Deployment Manager v2.1.0.283

While at a training session for centrify, I noticed poor handling of files in /tmp. I was able to overwrite /etc/shadow with the contents of adcheckDMoutput.

I am sure there are more vulnerabilities to be exploit, maybe a local root - but being this is a trai

[ more ] [ reply ]

Privilege Escalation through Binary Planting in Panda Internet Security 2012-12-03
by_argos hotmail com

========================================================================

Privilege Escalation through Binary Planting in Panda Internet Security
========================================================================

Software: Panda Internet Security 2012 & 2013
Vendor: http://www.pandasecurity.co

[ more ] [ reply ]

MySQL Local/Remote FAST Account Password Cracking 2012-12-03
king cope (isowarez isowarez isowarez googlemail com)

FAST Cracking of MySQL account passwords locally or over the network (post-auth)

(to the maintainers: you don't need to patch this, looks alot like a
minor bug, prolly documented :D)

I found a method to crack mysql user passwords locally or over the
network pretty efficiently.
During Tests it was

[ more ] [ reply ]

DC4420 - London DEFCON - Christmas 2012 meet! Tuesday 11th December 2012 2012-12-04
Major Malfunction (majormal pirate-radio org)

Hard to believe, but 2012 is almost over!!!!

Once again we've managed to secure the venue for a December meet, so we
can start the festivities well before your livers are too crippled by
office parties... Not only that, but we've even got a speaker lined up!

Chris from Facebook London's Site Int

[ more ] [ reply ]

[SECURITY] [DSA 2581-1] mysql-5.1 security update 2012-12-04
Yves-Alexis Perez (corsac debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2581-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Yves-Alexis Perez
December 04, 2012

[ more ] [ reply ]

Re: phpGiftReq SQL Injection 2012-12-03
generalpf gmail com

All SQL queries have been replaced with parameterized statements in version 2.0.0.

[ more ] [ reply ]

Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday 2012-12-03
Sergei Golubchik (serg askmonty org)

Hi, king cope!

On Dec 02, king cope wrote:
> Hi,
> My opinion is that the FILE to admin privilege elevation should be
> patched. What is the reason to have FILE and ADMIN privileges
> seperated when with this exploit FILE privileges equate to ALL ADMIN
> privileges.
> I understand that it's insecu

[ more ] [ reply ]

[ MDVSA-2012:176 ] libxml2 2012-12-02
security mandriva com

[SECURITY] [DSA 2580-1] libxml security update 2012-12-02
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2580-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
December 02, 2012

[ more ] [ reply ]

Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday 2012-12-02
Yves-Alexis Perez (corsac debian org) (1 replies)

On dim., 2012-12-02 at 21:17 +0100, king cope wrote:
> My opinion is that the FILE to admin privilege elevation should be patched.
> What is the reason to have FILE and ADMIN privileges seperated when
> with this exploit
> FILE privileges equate to ALL ADMIN privileges.

Maybe because you might not

[ more ] [ reply ]

Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday 2012-12-02
king cope (isowarez isowarez isowarez googlemail com)