headers
Cesar | 1 May 2003 02:55
Picon
Favicon

Re: Latest MS SQL Server vulnerabilities revealed.


MS SQL Server DOES allow multiple statements, you
should be confused with mysql. The ideas presented in
paper work most of the time on web applications
vulnerable to SQL injection, the only problem is when
firewalls block all outbound connections, but that can
be bypassed using other OLEDB providers.

Cesar.

--- Michael - <michael <at> nix.org> wrote:
> 
> After reading your papers I must say it was quite
> interesting and it introduce quite a few new ideas.
> However, most of them (at leat in your paper found
> at
>
http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf
> ) base themselves on the idea that you can perform
> an 'insert' with SQL injection. In my experience,
> this is impossible most of the time due to the fact
> that MSSQL doesnt allow multiple statement and that
> you can only add an union in the middle of an SQL
> statement that is usualy part of a web application. 
> 
> Michael 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Michael - | 1 May 2003 03:28

Re: Latest MS SQL Server vulnerabilities revealed.


 After reading your papers I must say it was quite interesting and it introduce quite a few new ideas.
However, most of them (at leat in your paper found at
http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf )
base themselves on the idea that you can perform an 'insert' with SQL injection. In my experience, this is
impossible most of the time due to the fact that MSSQL doesnt allow multiple statement and that you can only
add an union in the middle of an SQL statement that is usualy part of a web application. 

 Michael 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Permalink | Reply | 0 comments |
headers
tom ferris | 1 May 2003 05:16

MDG Web Server 4D 3.6.0 Buffer Overflow

SP Research Labs Advisory x05
-----------------------------
www.security-protocols.com

Product - MDG Web Server 4D 3.6.0 Buffer Overflow

Download it here:

ftp://ftp.mdg.com/demos/WS4D/Win/WS4D_3.6.0_Full.exe

Date Released - 04/30/2003

Release Mode –

Vendor was notified on 04/27/2003. The vendor did not give me a date for
the updated version.

------------------------------

Product Description from the vendor -

A full featured web server with an integrated database for publishing your
databases on the web for MacOS and WindowsNT.

-------------------------------

Vulnerability Description -

A buffer overflow vulnerability exists within MDG Web Server 4D 3.6.0.  
By doing a GET / with 4096 <’s  will cause the web server to crash.  Once
(Continue reading)

Permalink | Reply | 0 comments |
headers
Sir Mordred | 1 May 2003 05:56
Favicon

<at> (#)Mordred Labs - web security notices ?

Hi,

Well, security admins build honeypots/honeynets to discover
the attack methods, but the only thing they are capable is catching 
a damn kid, who just scanned a very big range of ip addresses and finally
discovered that one host with the ip "1.2.3.4" and the name
"honeypot1.mycompany.com" (and RedHat 6 default install) is vulnerable to a
remote overflow,
for which (i.e. overflow) that kid happen to have an exploit,
which (i.e. exploit) have been coded and published by gobbles one
or two year ago (that kid does not remember such sort of things of
course)...., long preface, yeah? :-)

Note i did not mention about web application security guides, asp best
practices ... etc ... etc

So what?

We are planning to release "security notices" on a regular basis. 
They will be containing an information on the real state of web application
security, with the real world examples.
The examples will be well known high profile web sites/enterprise portals,
mostly the ones which claims to be security related (yeah, even some
hack-groups sites :-) ),
and blame us if our notices will be disclosuring that
when you reguest url http://phpbb.com/news.php?id=11',
you get back something like:
[snip]
Could not query news database
109
(Continue reading)

Permalink | Reply | 0 comments |
headers
bugzilla | 1 May 2003 09:47
Picon
Favicon

[RHSA-2003:133-01] Updated man packages fix minor vulnerability

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated man packages fix minor vulnerability
Advisory ID:       RHSA-2003:133-01
Issue date:        2003-05-01
Updated on:        2003-05-01
Product:           Red Hat Linux
Keywords:          
Cross references:  
Obsoletes:         
CVE Names:         CAN-2003-0124
---------------------------------------------------------------------

1. Topic:

Updated man packages fix a minor security vulnerability.

2. Relevant releases/architectures:

Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386

3. Problem description:

The man package includes tools for finding and displaying online documentation.

Versions of man before 1.51 have a bug where a malformed man file can cause
(Continue reading)

Permalink | Reply | 0 comments |
headers
John.Airey | 1 May 2003 10:59
Picon

RE: Robert S Johnson is out of the office.

> -----Original Message-----
> From: Valdis.Kletnieks <at> vt.edu [mailto:Valdis.Kletnieks <at> vt.edu]
> Sent: 30 April 2003 18:14
> To: John.Airey <at> rnib.org.uk
> Cc: tcannon <at> noops.org; full-disclosure <at> lists.netsys.com
> Subject: Re: [Full-Disclosure] Robert S Johnson is out of the office. 
> 
> 
> On Wed, 30 Apr 2003 09:27:15 BST, John.Airey <at> rnib.org.uk said:
> 
> > According to Ollie's book "Under Fire", the messages were 
> "deleted" but not
> > actually removed from the system. It's a bit like deleting 
> messages from a
> > PST file without then compressing it. Or deleting a file 
> from a Netware
> > server without a subsequent purge. Or deleting an email 
> from an Exchange
> > server without purging them from the deleted items folder...
> 
> Hmm.. OK.. The way I heard it, the mail system in question 
> was IBM's PROFS,
> and the data was recovered off the backup tapes.
> 
> http://www.fas.org/spp/starwars/offdocs/reagan/chron.txt
> 
> The Federation of American Scientists has it that way too.  
> Guess it boils
> down to who you believe, Ollie or FAS.
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
debian-security-announce | 1 May 2003 15:12
Picon
Favicon

[SECURITY] [DSA 297-1] New snort packages fix remote root exploits


--------------------------------------------------------------------------
Debian Security Advisory DSA 297-1                     security <at> debian.org
http://www.debian.org/security/                             Martin Schulze
May 1st, 2003                           http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : snort
Vulnerability  : integer overflow, buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0033 CAN-2003-0209
CERT advisories: VU#139129 VU#916785
Bugtraq Ids    : 7178 6963

Two vulnerabilities have been discoverd in Snort, a popular network
intrusion detection system.  Snort comes with modules and plugins that
perform a variety of functions such as protocol analysis.  The
following issues have been identified:

Heap overflow in Snort "stream4" preprocessor
   (VU#139129, CAN-2003-0209, Bugtraq Id 7178)

   Researchers at CORE Security Technologies have discovered a
   remotely exploitable inteter overflow that results in overwriting
   the heap in the "stream4" preprocessor module.  This module allows
   Snort to reassemble TCP packet fragments for further analysis.  An
   attacker could insert arbitrary code that would be executed as
   the user running Snort, probably root.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Cisco Systems Product Security Incident Response Team | 1 May 2003 18:00
Picon
Favicon

Cisco Security Advisory: Cisco ONS15454, ONS15327, ONS15454SDH, and ONS15600 Nessus Vulnerabilities


  Cisco Security Advisory: Cisco ONS15454, ONS15327, ONS15454SDH, and ONS15600
                             Nessus Vulnerabilities

Revision 1.0

  For Public Release 2003 May 01 at 1600 UTC (GMT)

     ----------------------------------------------------------------------

Contents

     Summary
     Affected Products
     Details
     Impact
     Software Versions and Fixes
     Obtaining Fixed Software
     Workarounds
     Exploitation and Public Announcements
     Status of This Notice: FINAL
     Distribution
     Revision History
     Cisco Security Procedures

     ----------------------------------------------------------------------

Summary

   Nessus exposes FTP and Telnet vulnerabilities in the Cisco ONS15454
(Continue reading)

Permalink | Reply | 0 comments |
headers
mattmurphy@kc.rr.com | 1 May 2003 19:25
Picon

eBay Security Contact

Hello,

I'm looking for contact information for the security department (if such a 
thing exists) at eBay.  If anyone has any security contact information 
(specifically, I'm looking for e-mail addresses), or just general "support" 
information where I can reach a human -- as such information appears to be 
deeply buried.  I'm really starting to become frustrated by the lack of 
support; everything they have is automated/robotic, and even that doesn't 
really

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Permalink | Reply | 0 comments |
headers
Kevin Spett | 1 May 2003 20:21

Re: eBay Security Contact

I recommend calling support and asking to speak with a supervisor, and then
their supervisor's supervisor, etc. etc.  That's worked well for me at a
number of companies.

Kevin.

----- Original Message ----- 
From: <mattmurphy <at> kc.rr.com>
To: <full-disclosure <at> lists.netsys.com>; <bugtraq <at> securityfocus.com>
Sent: Thursday, May 01, 2003 1:25 PM
Subject: [Full-Disclosure] eBay Security Contact

> Hello,
>
> I'm looking for contact information for the security department (if such a
> thing exists) at eBay.  If anyone has any security contact information
> (specifically, I'm looking for e-mail addresses), or just general
"support"
> information where I can reach a human -- as such information appears to be
> deeply buried.  I'm really starting to become frustrated by the lack of
> support; everything they have is automated/robotic, and even that doesn't
> really
>
> --------------------------------------------------------------------
> mail2web - Check your email from the web at
> http://mail2web.com/ .
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane