dave b | 1 Jun 11:07 2011
Picon

cherokee server admin vulnerable to csrf

Vendor response: "This isn't an issue."

Problem: the cherokee server admin configuration web interface is
vulnerable to csrf.

Impact: if an admin is logged into the cherokee admin interface and
visits a site which runs "bad tm scripts" cherokee can be reconfigured
to run as $user and set log handlers(hooks) to execute arbitrary
commands (on error and on access).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

김무성 | 1 Jun 12:22 2011
Picon

packet replay tools for wlan

Hello. List

 

I’m looking for packet repaly tools for WLAN.

It have to be possible that .pacp replay on Wireless LAN through Wireless NIC.

 

Regards,

MuSung Kim.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Marc Heuse | 1 Jun 12:57 2011
Picon

Re: Ra-Guard evasion (new Internet-Drafts)

Hi Fernando,

to quote from your drafts:

> As part of the project "Security Assessment of the Internet Protocol
> version 6 (IPv6)" [CPNI-IPv6], we devised a number of techniques for
> circumventing the RA-Guard protection, which are described in the
> following sections of this document.  These techniques, and the
> corresponding tools to assess their effectiveness, had so far been
> made available only to vendors, in the hopes that they could
> implement counter-measures before they were publicly disclosed.
> However, since there has been some public discussion about these
> issues, it was deemed as appropiate to publish the present document.

this surprised me for two things.

First: Cisco was not aware. So you tell you discovered this issue as
well and you informed vendors, but the only vendor who really has RA
support so far is Cisco, and they did not know. I informed them.
So I recommend that you don't keep your findings to your group but
actively inform the vendors about that, and that not via an Internet draft.

Second: it is always a race who is credited as the finder of an issue.
As anybody can claim he had the vulnerability in his drawers for years,
only the person who publishes it gets the credit, so sorry :-)
I had my attack tool since beginning of January :-) - which is pretty
sure before your group discovered that, and I published first :-)

that being said I have started to inform vendors of two new IPv6
vulnerability types now, and nobody has told them about these before either.

But nontheless - good work, good draft proposals, thats the way to go
with the issue.

Greets,
Marc

> I've just published two new IETF Internet-Drafts, that document the
> problem of RA-Guard evasion, and propose mitigations.
> 
> They are two Internet-Drafts:
> 
> * "IPv6 Router Advertisement Guard (RA-Guard) Evasion", available at:
> http://tools.ietf.org/id/draft-gont-v6ops-ra-guard-evasion-00.txt
> 
> * "Security Implications of the Use of IPv6 Extension Headers with IPv6
> Neighbor Discovery", available at:
> http://tools.ietf.org/id/draft-gont-6man-nd-extension-headers-00.txt
> 
> The motivation for publishing these documents now (and not earlier or
> later) is discussed in the first I-D. ;-)
> 
> Any comments on these documents will be more than welcome.

--
Marc Heuse
www.mh-sec.de

Marc Heuse - IT-Security Consulting

Ust.-Ident.-Nr.: DE244222388
PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Cristina Pascual | 1 Jun 03:10 2011
Picon

Last Mile, June 5th | CfP: VALID 2011 || October 23-28, 2011 - Barcelona, Spain


INVITATION:

=================
Please consider to contribute to and/or forward to the appropriate groups the following opportunity to
submit and publish original scientific results.
The submission deadline is June 5, 2011
In addition, authors of selected papers will be invited to submit extended article versions to one of the
IARIA Journals: http://www.iariajournals.org
=================

============== VALID 2011 | Call for Papers ===============

CALL FOR PAPERS, TUTORIALS, PANELS

VALID 2011: The Third International Conference on Advances in System Testing and Validation Lifecycle

October 23-28, 2011 - Barcelona, Spain

General page: http://www.iaria.org/conferences2011/VALID11.html

Call for Papers: http://www.iaria.org/conferences2011/CfPVALID11.html

- regular papers
- short papers (work in progress)
- posters

Submission page: http://www.iaria.org/conferences2011/SubmitVALID11.html

Submission deadline: June 5th, 2011

Sponsored by IARIA, www.iaria.org

Extended versions of selected papers will be published in IARIA Journals: http://www.iariajournals.org

Please note the Poster Forum and Work in Progress options.

The topics suggested by the conference can be discussed in term of concepts, state of the art, research,
standards, implementations, running experiments, applications, and industrial case studies.
Authors are invited to submit complete unpublished papers, which are not under review in any other
conference or journal in the following, but not limited to, topic areas.

All tracks are open to both research and industry contributions, in terms of Regular papers, Posters, Work
in progress, Technical/marketing/business presentations, Demos, Tutorials, and Panels.

Before submission, please check and comply with the Editorial rules: http://www.iaria.org/editorialrules.html

VALID 2011 Topics (topics and submission details: see CfP on the site)

Robust design methodologies
Designing methodologies for robust systems; Secure software techniques; Industrial real-time
software; Defect avoidance; Cost models for robust systems; Design for testability; Design for
reliability and variability; Design for adaptation and resilience; Design for fault-tolerance and
fast recovery; Design for manufacturability, yield and reliability; Design for testability in the
context of model-driven engineering

Vulnerability discovery and resolution
Vulnerability assessment; On-line error detection; Vulnerabilities in hardware security;
Self-calibration; Alternative inspections; Non-intrusive vulnerability discovery methods;
Embedded malware detection

Defects and Debugging
Debugging techniques; Component debug; System debug; Software debug; Hardware debug; System debug;
Power-ground defects; Full-open defects in interconnecting lines; Physical defects in memories and
microprocessors; Zero-defect principles

Diagnosis
Diagnosis techniques; Advances in silicon debug and diagnosis; Error diagnosis; History-based
diagnosis; Multiple-defect diagnosis; Optical diagnostics; Testability and diagnosability;
Diagnosis and testing in mo bile environments

System and feature testing
Test strategy for systems-in-package; Testing embedded systems; Testing high-speed systems; Testing
delay and performance; Testing communication traffic and QoS/SLA metrics; Testing robustness;
Software testing; Hardware testing; Supply-chain testing; Memory testing; Microprocessor testing;
Mixed-signal production test; Testing multi-voltage domains; Interconnection and compatibility testing

Testing techniques and mechanisms
Fundamentals for digital and analog testing; Emerging testing methodologies; Engineering test
coverage; Designing testing suites; Statistical testing; Functional testing; Parametric testing;
Defect- and data-driven testing; Automated testing; Embedded testing; Autonomous self-testing; Low
cost testing; Optimized testing; Testing systems and devices; Test standards

Testing of wireless communications systems
Testing of mobile wireless communication systems; Testing of wireless sensor networks; Testing of
radio-frequency identification systems; Testing of ad-hoc networks; Testing methods for emerging
standards; Hardware-based prototyping of wireless communication systems; Physical layer
performance verification; On-chip testing of wireless communication systems; Modeling and
simulation of wireless channels; Noise characterization and validation; Case studies and industrial
applications of test instruments;

Software verification and validation
High-speed interface verification and fault-analysis; Software testing theory and practice;
Model-based testing; Verification metrics; Service/application specific testing; Model checking;
OO software testing; Testing embedded software; Quality assurance; Empirical studies for
verification and validation; Software inspection techniques; Software testing tools; New approaches
for software reliability verification and validation

Testing and validation of run-time evolving systems
Automated testing for run-time evolving systems; Testing and validation of evolving systems; Testing
and validation of self-controlled systems; Testing compile-time versus run-time dependency for
evolving systems; On-line validation and testing of evolving at run-time systems; Modeling for
testability of evolving at run-time systems; Near real-time and real-time monitoring of run-time
evolving systems; Verification and validation of reflective models for testing; Verification and
validation of fault tolerance in run-time evolving systems

Feature-oriented testing
Testing user interfaces and user-driven features; Privacy testing; Ontology accuracy testing; Testing
semantic matching; Testing certification processes; Testing authentication mechanisms; Testing
biometrics methodologies and mechanisms; Testing cross-nation systems; Testing system
interoperability; Testing system safety; Testing system robustness; Testing temporal constraints;
Testing transaction-based properties; Directed energy test capabilities /microwave, laser, etc./;
Testing delay and latency metrics

Domain-oriented testing
Testing autonomic and autonomous systems; Testing intrusion prevention systems; Firewall testing;
Information assurance testing; Testing social network systems; Testing recommender systems; Testing
biometric systems; Testing diagnostic systems; Testing on-line systems; Testing financial systems;
Testing life threatening systems; Testing emergency systems; Testing sensor-based systems; Testing
testing systems

---------------------

VALID Advisory Chairs

Andrea Baruzzo, Universit degli Studi di Udine, Italy
Cristina Seceleanu, Mlardalen University, Sweden
Mehdi Tahoori, Karlsruhe Institute of Technology (KIT), Germany
Mehmet Aksit, University of Twente - Enschede, The Netherlands

VALID 2011 Research Institute Liaison Chairs

Juho Perl, VTT Technical Research Centre of Finland, Finland
Alexander Klaus, Fraunhofer Institute for Experimental Software Engineering (IESE), Germany
Kazumi Hatayama, Nara Institute of Science and Technology, Japan
Alin Stefanescu, University of Pitesti, Romania
Vladimir Rubanov, Institute for System Programming / Russian Academy of Sciences (ISPRAS), Russia
Tanja Vos, Universidad Politcnica de Valencia, Spain

VALID 2011 Industry Chairs

Abel Marrero, Daimler Center for Automotive IT Innovations - Berlin, Germany
Sebastian Wieczorek, SAP AG - Darmstadt, Germany
Eric Verhulst, Altreonic, Belgium
Committee: http://www.iaria.org/conferences2011/ComVALID11.html
====================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Ross.Bushby | 1 Jun 12:48 2011
Picon

Re: packet replay tools for wlan

Aireplay

http://www.aircrack-ng.org/doku.php?id=interactive_packet_replay&DokuWiki=29d7926cab990d025beca0e13e588b06




김무성 <kimms <at> infosec.co.kr>
Sent by: full-disclosure-bounces <at> lists.grok.org.uk

01/06/2011 11:45

To
<full-disclosure <at> lists.grok.org.uk>
cc
Subject
[Full-disclosure] packet replay tools for wlan






Hello. List

 

I’m looking for packet repaly tools for WLAN.

It have to be possible that .pacp replay on Wireless LAN through Wireless NIC.

 

Regards,

MuSung Kim.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

=========================================================
NOTICE

This message and any attachments are intended only for the individual or company to which it is addressed and may contain information which is privileged, confidential or prohibited from disclosure or unauthorised use. Any form of dissemination, copying, disclosure, distribution and/or publication of this e-mail message or its attachments to third parties is only permitted with the express permission of the sender. If you have received this E-mail in error please notify servicedesk <at> imtech-ict.co.uk or telephone +44 (0)20 8391 4080 and delete it from your system. Any opinions expressed are those of the author and do not necessarily represent the views of Imtech ICT UK Ltd.
Any emails that you send to Imtech ICT UK Limited personnel may be monitored by systems or persons other than the named communicant, for the purposes of ascertaining whether the communication complies with the law and Imtech ICT Uk's policies.
We cannot accept any liability for any loss or damage sustained as a result of software viruses. It is your responsibility to carry out such virus checking as is necessary before opening any attachment.

Imtech ICT UK Ltd Registered Office Address :
Oakcroft Business Centre, Oakcroft Road, Chessington, Surrey KT9 1RH.
Registered Company Number : 03024706
=========================================================
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
security | 1 Jun 14:21 2011

[ MDVSA-2011:104 ] bind


 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:104
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : bind
 Date    : June 1, 2011
 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been identified and fixed in ISC BIND:

 Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x
 before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before
 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service
 (assertion failure and daemon exit) via a negative response containing
 large RRSIG RRsets (CVE-2011-1910).

 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php\?cPath=149\&amp;products_id=490

 The updated packages have been patched to correct this issue. For
 2010.2 ISC BIND was upgraded to 9.7.3-P1 which is not vulnerable to
 this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 ebe0e9136ca078d55e8474b7e4774fa0  2009.0/i586/bind-9.6.2-0.3mdv2009.0.i586.rpm
 4bcead4d6fffece6a8786e20580f433b  2009.0/i586/bind-devel-9.6.2-0.3mdv2009.0.i586.rpm
 7c4269cc12c36c81b8d5e6beda01db22  2009.0/i586/bind-doc-9.6.2-0.3mdv2009.0.i586.rpm
 180a7897d73d5f81bb22403bbfd01301  2009.0/i586/bind-utils-9.6.2-0.3mdv2009.0.i586.rpm 
 9ce92b36b69535037658b12de6ba91f3  2009.0/SRPMS/bind-9.6.2-0.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 b9711c2fc96a83b7b3ce16e872480a94  2009.0/x86_64/bind-9.6.2-0.3mdv2009.0.x86_64.rpm
 835c967bdb7e163ee650ad4c2a93a02e  2009.0/x86_64/bind-devel-9.6.2-0.3mdv2009.0.x86_64.rpm
 afd62cab2b8be8ab47307541cda19b1b  2009.0/x86_64/bind-doc-9.6.2-0.3mdv2009.0.x86_64.rpm
 949e7df04821a40c180a43323fb1b6b3  2009.0/x86_64/bind-utils-9.6.2-0.3mdv2009.0.x86_64.rpm 
 9ce92b36b69535037658b12de6ba91f3  2009.0/SRPMS/bind-9.6.2-0.3mdv2009.0.src.rpm

 Mandriva Linux 2010.1:
 facbc4e2c06e947c116f22c6ab546dc9  2010.1/i586/bind-9.7.3-0.0.P1.1.1mdv2010.2.i586.rpm
 15fe702c18438ad9a9d07d1a08e8dc5e  2010.1/i586/bind-devel-9.7.3-0.0.P1.1.1mdv2010.2.i586.rpm
 f67cc34ea4fa188c6e1ce78a2f418cec  2010.1/i586/bind-doc-9.7.3-0.0.P1.1.1mdv2010.2.i586.rpm
 c954e45cc2f928f8c241c1c544b76c1b  2010.1/i586/bind-utils-9.7.3-0.0.P1.1.1mdv2010.2.i586.rpm 
 a258d307cde57f5f8f750311d1922aee  2010.1/SRPMS/bind-9.7.3-0.0.P1.1.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 7fc178b5236b9d82e028f1d95a0995e7  2010.1/x86_64/bind-9.7.3-0.0.P1.1.1mdv2010.2.x86_64.rpm
 b9a1c2434083eec6bdf537249f62ef12  2010.1/x86_64/bind-devel-9.7.3-0.0.P1.1.1mdv2010.2.x86_64.rpm
 923cbacff1dd7b8a35b248af46979f84  2010.1/x86_64/bind-doc-9.7.3-0.0.P1.1.1mdv2010.2.x86_64.rpm
 c564274f9fd0a837963cd7359ef520de 
2010.1/x86_64/bind-utils-9.7.3-0.0.P1.1.1mdv2010.2.x86_64.rpm 
 a258d307cde57f5f8f750311d1922aee  2010.1/SRPMS/bind-9.7.3-0.0.P1.1.1mdv2010.2.src.rpm

 Corporate 4.0:
 438be9cf334ebfabac9128ab17488b16  corporate/4.0/i586/bind-9.4.3-0.4.20060mlcs4.i586.rpm
 73bdfc4039746f9f5ecc95c8b02c9baa  corporate/4.0/i586/bind-devel-9.4.3-0.4.20060mlcs4.i586.rpm
 b659532890edec643588df8097b4f9a4 
corporate/4.0/i586/bind-utils-9.4.3-0.4.20060mlcs4.i586.rpm 
 6264781c61bac05330db0300520686aa  corporate/4.0/SRPMS/bind-9.4.3-0.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 a202e00d59ea543e2e2683ebd21509c2  corporate/4.0/x86_64/bind-9.4.3-0.4.20060mlcs4.x86_64.rpm
 c020841e7cc8ee34ec576a3dd3a6c053  corporate/4.0/x86_64/bind-devel-9.4.3-0.4.20060mlcs4.x86_64.rpm
 47ee68c9f935447a0160850a6f151fb5 
corporate/4.0/x86_64/bind-utils-9.4.3-0.4.20060mlcs4.x86_64.rpm 
 6264781c61bac05330db0300520686aa  corporate/4.0/SRPMS/bind-9.4.3-0.4.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 467bf36fd2f979b44936a5048e66b177  mes5/i586/bind-9.6.2-0.3mdvmes5.2.i586.rpm
 cb277066933724335637f05c89371a06  mes5/i586/bind-devel-9.6.2-0.3mdvmes5.2.i586.rpm
 fc839ab342e30da3777d4e15af7412f6  mes5/i586/bind-doc-9.6.2-0.3mdvmes5.2.i586.rpm
 e71726f1845cb35577fe18af40ec8798  mes5/i586/bind-utils-9.6.2-0.3mdvmes5.2.i586.rpm 
 ca697b83e7ae5d4d108ae6ca6ce95107  mes5/SRPMS/bind-9.6.2-0.3mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 7a488676d28da8704b51ca731b726697  mes5/x86_64/bind-9.6.2-0.3mdvmes5.2.x86_64.rpm
 4803a569597c7372b7b2323da9220d4d  mes5/x86_64/bind-devel-9.6.2-0.3mdvmes5.2.x86_64.rpm
 1a6c027085db39464be568061c70c877  mes5/x86_64/bind-doc-9.6.2-0.3mdvmes5.2.x86_64.rpm
 f520ec26e2c0e68e1f82767f1a4b6d54  mes5/x86_64/bind-utils-9.6.2-0.3mdvmes5.2.x86_64.rpm 
 ca697b83e7ae5d4d108ae6ca6ce95107  mes5/SRPMS/bind-9.6.2-0.3mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
SecurityXploded Group | 1 Jun 14:36 2011

MSN Live Password Decryptor v2.0 is Released

Hi all,

MSNLivePasswordDecryptor is the FREE software to instantly recover
MSN/Hotmail/Windows Live Messenger passwords stored by applications
such as MSN, Windows Live Messenger, Hotmail, web browsers and other
messengers.

It has both GUI as well as command-line interface making it useful for
Pen testers & forensic folks.

Find more details here,
http://securityxploded.com/msn-live-password-decryptor.php

If you are curious to know how it decrypts the 'Windows Live' password
secrets with complete CODE sample, check out our research article,
"Exposing the Password Secrets of MSN/Windows Live Messenger"
http://securityxploded.com/msn-live-messenger-password-secrets.php

--

-- 
- SecurityXploded
An Infosec Research & Development Portal

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

security | 1 Jun 15:28 2011

[ MDVSA-2011:105 ] wireshark


 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:105
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : June 1, 2011
 Affected: 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 This advisory updates wireshark to the latest version (1.2.17),
 fixing several security issues:

 * Large/infinite loop in the DICOM dissector. (Bug 5876) Versions
 affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.

 * Huzaifa Sidhpurwala of the Red Hat Security Response Team
 discovered that a corrupted Diameter dictionary file could crash
 Wireshark. Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.

 * Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
 that a corrupted snoop file could crash Wireshark. (Bug 5912) Versions
 affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.

 * David Maciejak of Fortinet&#039;s FortiGuard Labs discovered that
 malformed compressed capture data could crash Wireshark. (Bug 5908)
 Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.

 * Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
 that a corrupted Visual Networks file could crash Wireshark. (Bug 5934)
 Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
 _______________________________________________________________________

 References:

 http://www.wireshark.org/security/wnpa-sec-2011-07.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 bf11862659afce8761a4d58ee546d1b9  2010.1/i586/dumpcap-1.2.17-0.1mdv2010.2.i586.rpm
 0da0281f3c736de4929a053d5d92d1a7  2010.1/i586/libwireshark0-1.2.17-0.1mdv2010.2.i586.rpm
 b6e97b06fd0ac0e7384d6aab97e5cc50  2010.1/i586/libwireshark-devel-1.2.17-0.1mdv2010.2.i586.rpm
 5cd0f0029fb4431c51ed8cd9207075ee  2010.1/i586/rawshark-1.2.17-0.1mdv2010.2.i586.rpm
 43b1ee7fec3df0d6063d2f2e875a3ba1  2010.1/i586/tshark-1.2.17-0.1mdv2010.2.i586.rpm
 fa313ad7a730edd4440c7a5d61cb3aa3  2010.1/i586/wireshark-1.2.17-0.1mdv2010.2.i586.rpm
 a61c1457627b7371c3c7693dce1ebb6d  2010.1/i586/wireshark-tools-1.2.17-0.1mdv2010.2.i586.rpm 
 0dd2c106f7747527cab50ccb820e3005  2010.1/SRPMS/wireshark-1.2.17-0.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 125bf4d3c37ff2fd06ca3116d1a06448  2010.1/x86_64/dumpcap-1.2.17-0.1mdv2010.2.x86_64.rpm
 2e80800ec2d5a221bcc6a1beffa99605  2010.1/x86_64/lib64wireshark0-1.2.17-0.1mdv2010.2.x86_64.rpm
 d05b01efa7eceb47c4dc9655a4108790  2010.1/x86_64/lib64wireshark-devel-1.2.17-0.1mdv2010.2.x86_64.rpm
 13ff82aeeed568b1e58884b965d4dd2b  2010.1/x86_64/rawshark-1.2.17-0.1mdv2010.2.x86_64.rpm
 fbbbcbcdfd4f98893c6a49f03d9990f7  2010.1/x86_64/tshark-1.2.17-0.1mdv2010.2.x86_64.rpm
 d5e412a56fbbb8d8d456ab06408587a7  2010.1/x86_64/wireshark-1.2.17-0.1mdv2010.2.x86_64.rpm
 adf06e2c47c991886b674a9b300c83c6 
2010.1/x86_64/wireshark-tools-1.2.17-0.1mdv2010.2.x86_64.rpm 
 0dd2c106f7747527cab50ccb820e3005  2010.1/SRPMS/wireshark-1.2.17-0.1mdv2010.2.src.rpm

 Corporate 4.0:
 642f57dfe04fbe995e2dc3764305ac48  corporate/4.0/i586/dumpcap-1.2.17-0.1.20060mlcs4.i586.rpm
 6a32aebf65252655762e4b276765435e  corporate/4.0/i586/libwireshark0-1.2.17-0.1.20060mlcs4.i586.rpm
 d3170e8152da4c8911e4a997f68434e6  corporate/4.0/i586/libwireshark-devel-1.2.17-0.1.20060mlcs4.i586.rpm
 a352fd66d6778a139e6ba01723fed2fd  corporate/4.0/i586/rawshark-1.2.17-0.1.20060mlcs4.i586.rpm
 db3c0befa16510f4cb4ecb1420a6d261  corporate/4.0/i586/tshark-1.2.17-0.1.20060mlcs4.i586.rpm
 c558f334fa91cef5b92c8de899a138f0  corporate/4.0/i586/wireshark-1.2.17-0.1.20060mlcs4.i586.rpm
 60f329a78d00c9c22cbb3b1bf7464ba4 
corporate/4.0/i586/wireshark-tools-1.2.17-0.1.20060mlcs4.i586.rpm 
 45b07dac18687757472e952371f0c7a5  corporate/4.0/SRPMS/wireshark-1.2.17-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 b6c85c2f78b59e35e0a07d040fe9ab2e  corporate/4.0/x86_64/dumpcap-1.2.17-0.1.20060mlcs4.x86_64.rpm
 f7947f2f688a2989edee5202ed7edb4c  corporate/4.0/x86_64/lib64wireshark0-1.2.17-0.1.20060mlcs4.x86_64.rpm
 1d3938c349d356b719b1461340744a07  corporate/4.0/x86_64/lib64wireshark-devel-1.2.17-0.1.20060mlcs4.x86_64.rpm
 615e1104bb0cc89494cd018802c8db99  corporate/4.0/x86_64/rawshark-1.2.17-0.1.20060mlcs4.x86_64.rpm
 759e77482159d94b723f2e3cdcad3987  corporate/4.0/x86_64/tshark-1.2.17-0.1.20060mlcs4.x86_64.rpm
 20bc7d7883ec6ad04661540aac91750b  corporate/4.0/x86_64/wireshark-1.2.17-0.1.20060mlcs4.x86_64.rpm
 7552340c66ecaf4ca3c343efd2687844 
corporate/4.0/x86_64/wireshark-tools-1.2.17-0.1.20060mlcs4.x86_64.rpm 
 45b07dac18687757472e952371f0c7a5  corporate/4.0/SRPMS/wireshark-1.2.17-0.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 aaa5c6d5fc4d2c95ac4195e47d33fafa  mes5/i586/dumpcap-1.2.17-0.1mdvmes5.2.i586.rpm
 6d58055269e6092d0a5686a4a8c42ac3  mes5/i586/libwireshark0-1.2.17-0.1mdvmes5.2.i586.rpm
 a3cb3bb89e80fe29c790f6e8b063b131  mes5/i586/libwireshark-devel-1.2.17-0.1mdvmes5.2.i586.rpm
 79fa5c8f2a5eb746b1187c65cbae4e40  mes5/i586/rawshark-1.2.17-0.1mdvmes5.2.i586.rpm
 e100f6d645ab73a1fc5a9deb84606698  mes5/i586/tshark-1.2.17-0.1mdvmes5.2.i586.rpm
 4b04325c54878e19f1f4c72311560034  mes5/i586/wireshark-1.2.17-0.1mdvmes5.2.i586.rpm
 5527a82f63a08dd5c975155e1fedd338  mes5/i586/wireshark-tools-1.2.17-0.1mdvmes5.2.i586.rpm 
 55e251303583720d3cb1017a6ee760cb  mes5/SRPMS/wireshark-1.2.17-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 cfb3fce8ca61979a2a6460ae5bb1e0fa  mes5/x86_64/dumpcap-1.2.17-0.1mdvmes5.2.x86_64.rpm
 a0143cf4fd861df6d0e48f64fde3b624  mes5/x86_64/lib64wireshark0-1.2.17-0.1mdvmes5.2.x86_64.rpm
 06d2eabbcefdc213ca49eea94861384f  mes5/x86_64/lib64wireshark-devel-1.2.17-0.1mdvmes5.2.x86_64.rpm
 e280f7279b408002816ac4a4cc5011db  mes5/x86_64/rawshark-1.2.17-0.1mdvmes5.2.x86_64.rpm
 9268040d3f61500dda520eab5ac49fd6  mes5/x86_64/tshark-1.2.17-0.1mdvmes5.2.x86_64.rpm
 9277a5ee2abdb2382e123269f7ea2688  mes5/x86_64/wireshark-1.2.17-0.1mdvmes5.2.x86_64.rpm
 e9d8581141921e54a69932192f96b817  mes5/x86_64/wireshark-tools-1.2.17-0.1mdvmes5.2.x86_64.rpm 
 55e251303583720d3cb1017a6ee760cb  mes5/SRPMS/wireshark-1.2.17-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
Juerd Waalboer | 1 Jun 17:28 2011
Picon

Netgear WNDAP350 root password leak

https://revspace.nl/RevelationSpace/NewsItem11x05x30x0

Summary:

    * http://192.168.0.237/downloadFile.php reveals secrets
    * http://192.168.0.237/BackupConfig.php reveals secrets
    * Included in the exposed secrets: root password and WPA2 keys
    * The PHPs do not require authentication
    * Vulnerable versions: 2.0.1, 2.0.9 (latest)
--

-- 
Met vriendelijke groet, // Kind regards, // Korajn salutojn,

Juerd Waalboer  <juerd <at> tnx.nl>
TNX

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Picon

Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar


Cisco Security Advisory: Default Credentials Vulnerability in Cisco
Network Registrar

Advisory ID: cisco-sa-20110601-cnr

Revision 1.0

For Public Release 2011 June 01 1600 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Network Registrar Software Releases prior to 7.2 contain a
default password for the administrative account. During the initial
installation, users are not forced to change this password, allowing
it to persist after the installation. An attacker who is aware of
this vulnerability could authenticate with administrative privileges
and arbitrarily change the configuration of Cisco Network Registrar.

The upgrade to Software Release 7.2 is not free; however, a
workaround is provided in this document that will prevent
exploitation of the vulnerability.

When performing an upgrade to Software Release 7.2, you must use the
workaround to change the password of the administrative account. You
will be prompted to enter a new administrator's password only if you
are performing a new installation of Software Release 7.2 of Cisco
Network Registrar.

The workaround for this vulnerability is to change the password
associated with the administrative account using the method described
in the "Workarounds" section.

This advisory is posted at: 
http://www.cisco.com/warp/public/707/cisco-sa-20110601-cnr.shtml

Affected Products
=================

Vulnerable Products
+------------------

This vulnerability affects all releases of Cisco Network Registrar
prior to Software Release 7.2. The vulnerability is present in the
affected releases on all platforms.

To verify the release of Cisco Network Registrar that is running,
select the About option from the menu. Alternatively, if using the
command-line interface, execute the following command:

    nrcmd> session get version

Products Confirmed Not Vulnerable
+--------------------------------

No other Cisco products are currently known to be affected by this
vulnerability.

Details
=======

Cisco Network Registrar provides highly scalable and reliable DNS,
DHCP, and TFTP services. The central management capabilities of Cisco
Network Registrar simplify administrative tasks associated with
network and device configuration.

Cisco Network Registrar contains a default password for the
administrative account. An attacker could use this knowledge to
authenticate with administrative privileges and arbitrarily change
the configuration of Cisco Network Registrar. This vulnerability is
documented in Cisco bug ID CSCsm50627 ( registered customers only)
and has been assigned the Common Vulnerabilities and Exposures (CVE)
identifier CVE-2011-2024.

Additionally, it is a good practice to change passwords periodically.
The interval should comply with an organization's security policy
but, as a guideline, passwords should be changed two to three times a
year. This practice applies equally to all products regardless of
when they are installed and to all users, administrators and
non-administrators.

Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.

Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.

Cisco has provided an FAQ to answer additional questions regarding
CVSS at the following link:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:

http://intellishield.cisco.com/security/alertmanager/cvss

* CSCsm50627 - Initially supplied admin password not changed during the installation

CVSS Base Score - 10
    Access Vector -            Network
    Access Complexity -        Low
    Authentication -           None
    Confidentiality Impact -   Complete
    Integrity Impact -         Complete
    Availability Impact -      Complete

CVSS Temporal Score - 8.3
    Exploitability -           Functional
    Remediation Level -        Official-Fix
    Report Confidence -        Confirmed

Impact
======

Successful exploitation of the vulnerability may allow an attacker to
make arbitrary changes to the configuration of Cisco Network
Registrar.

Software Versions and Fixes
===========================

When considering software upgrades, also consult 
http://www.cisco.com/go/psirt and any subsequent advisories to 
determine exposure and a complete upgrade solution.

In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.

This vulnerability is fixed in Software Release 7.2. All releases of
Cisco Network Registrar prior to 7.2 will not force users to change
the administrative password during the initial installation.

Workarounds
===========

The provided workaround changes the password that is associated with
the administrator's account. To change the password using the web
interface, select Advanced -> Administrators -> Admin from the menu.

Execute the following command to change the administrator's password
using the command-line interface:

    admin <admin-name> enterPassword

Additionally, access to Cisco Network Registrar (TCP ports 8080,
8090, 8443, and 8453) and the host on which it is running should be
limited to legitimate IP addresses. Consult the documentation of the
host operating system for further details how to accomplish this
task.

The use of IP addresses as a form of authentication is a
well-established network security practice. For more guidance on the
use of access control lists (ACLs) or the explicit identification of
network management stations in devices and applications, reference
the white paper A Security-Oriented Approach to IP Addressing at the
following link: 
http://www.cisco.com/web/about/security/intelligence/security-for-ip-addr.html

Obtaining Fixed Software
========================

Cisco will not make free upgrade software available for affected
customers to address this vulnerability. The workaround provided in
this document describes how to change the passwords in current
releases of the software.

Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at:
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml

Do not contact psirt <at> cisco.com or security-alert <at> cisco.com for
software upgrades.

Customers with Service Contracts
+-------------------------------

Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.

Customers using Third Party Support Organizations
+------------------------------------------------

Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.

The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.

Customers without Service Contracts
+----------------------------------

Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.

  * +1 800 553 2447 (toll free from within North America)
  * +1 408 526 7209 (toll call from anywhere in the world)
  * e-mail: tac <at> cisco.com

Customers should have their product serial number available and be
prepared to give the URL of this notice.

Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for 
additional TAC contact information, including localized telephone numbers, 
and instructions and e-mail addresses for use in various languages.

Exploitation and Public Announcements
=====================================

The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.

This vulnerability was discovered during an internal review.

Status of this Notice: FINAL
============================

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.

A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.

Distribution
============

This advisory is posted on Cisco's worldwide website at :

http://www.cisco.com/warp/public/707/cisco-sa-20110601-cnr.shtml

In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.

  * cust-security-announce <at> cisco.com
  * first-bulletins <at> lists.first.org
  * bugtraq <at> securityfocus.com
  * vulnwatch <at> vulnwatch.org
  * cisco <at> spot.colorado.edu
  * cisco-nsp <at> puck.nether.net
  * full-disclosure <at> lists.grok.org.uk
  * comp.dcom.sys.cisco <at> newsgate.cisco.com

Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.

Revision History
================

+---------------------------------------+
| Revision |            | Initial       |
| 1.0      | 2001-06-01 | public        |
|          |            | release       |
+---------------------------------------+

Cisco Security Procedures
=========================

Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at: 
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt

+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------

Gmane