iDefense Security Advisory 05.27.08: EMC AlphaStor Server Agent Multiple Stack Buffer Overflow Vulnerabilities

 ( 102 days 1 hour ago)

iDefense Security Advisory 05.27.08 May 27, 2008 I. BACKGROUND AlphaStor is a suite of applications used for disk management. For more information, please see the vendor's website at the following URL. II. DESCRIPTION Remote exploitation of multiple stack based buffer overflow ...

ZDI-08-033: Motorola RAZR JPG Processing Stack Overflow Vulnerability

 ( 102 days 1 hour ago)

ZDI-08-033: Motorola RAZR JPG Processing Stack Overflow Vulnerability May 27, 2008 -- Affected Vendors: Motorola -- Affected Products: Motorola RAZR -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola RAZR firmware based cell phones. User interaction is ...

iDefense Security Advisory 05.27.08: EMC AlphaStor Library Manager Arbitrary Command Execution Vulnerability

 ( 102 days 1 hour ago)

iDefense Security Advisory 05.27.08 May 27, 2008 I. BACKGROUND AlphaStor is a suite of applications used for disk management. For more information, please see the vendor's website found at the following link. II. DESCRIPTION Remote exploitation of an arbitrary command execution vulnerability in ...

Re: IOS Rookit: the sky isn't falling (yet)

 ( 102 days 1 hour ago)

Hi, On Tue, 27 May 2008 09:08:58 0200 Nicolas FISCHBACH wrote: > Here's [8] a "screenshot" of CIR vs Topo. for those of you interested, here is the link to the full report (link may wrap): cheers FX -- Recurity Labs GmbH Felix 'FX' Lindner ...

[ GLSA 200805-21 ] Roundup: Permission bypass

 ( 102 days 1 hour ago)

- - Gentoo Linux Security Advisory GLSA 200805-21 - - - - Severity: Normal Title: Roundup: Permission bypass Date: May 27, 2008 Bugs: #212488, #214666 ID: 200805-21 - - Synopsis A vulnerability in Roundup allows for bypassing permission restrictions. Background ...

rPSA-2008-0177-1 emacs emacs-leim

 ( 102 days 1 hour ago)

rPath Security Advisory: 2008-0177-1 Published: 2008-05-27 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect User Non-deterministic Unauthorized Access Updated Versions: emacs=conary.rpath.comatrpl:1/21.4a-5.4-1 emacs-leim=conary.rpath.comatrpl:1/21.4a-5.4-1 rPath Issue Tracking System: References: Description: Previous versions of the emacs package are vulnerable to an Arbitrary ...

Re: function sleep() in all versions of PHP

 ( 102 days 1 hour ago)

maxexecutiontime is *CPU EXECUTION* time and not *WALL-CLOCK* time -- reread the definition from the PHP man pages. Since you are doing sleep() in the script, which is suspending the process (script), no CPU time is accruing for that process (script), ...

Hackers exploiting Flash Player zero-day bug

 ( 102 days 7 hours ago)

Attackers are already exploiting an unpatched bug in the latest version of Adobe System Inc.'s popular Flash Player, security researchers said today.

Re: function sleep() in all versions of PHP

 ( 102 days 7 hours ago)

Mark, I agree with you that this is a known issue, and that there are ways around it, however I would in fact call it a vulnerability. The reasoning behind this is behind the definition of vulnerability, and here is a good one: ...

[SECURITY] [DSA 1588-1] New Linux 2.6.18 packages fix several vulnerabilities

 ( 102 days 7 hours ago)

- Debian Security Advisory DSA-1588-1 securityatdebian.org dann frazier May 27, 2008 - Package : linux-2.6 Vulnerability : denial of service Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2007-6712 CVE-2008-1615 CVE-2008-2136 CVE-2008-2137 Several vulnerabilities have been discovered in the Linux kernel that may ...

Re: function sleep() in all versions of PHP

 ( 102 days 7 hours ago)

Yeap. „Using PHP as an in-process script interpreter grants script authors control over the httpd children.” It is possible to make DoS (block all sockets/memory exe.). (more in Xploit magazin) Reason: Use PHP via a CGI interpreter with RLimit* directives. ...

Re: MDAP ANTs PWNAGE: dumping the admin password of the BT Home Hub

 ( 102 days 7 hours ago)

UPDATED: The BT Home Hub's serial number - which is the default admin password - can also be found on UPnP description XML files. Note that no password is required to access such files, as they're used for UPnP (authentication-less) operations. Note: UPnP is enabled by default on ...

Security, Open Source Style

 ( 102 days 7 hours ago)

Today we are excited to announce another community initiative--the Open Source Software Security community (oss-security). This project is an ongoing effort to manage security information in Open Source software by building on the collaborative foundation of the open source model. ...

Re: function sleep() in all versions of PHP

 ( 102 days 7 hours ago)

Mark Sanders escribió: > This vulnerability is not per se a vulnerability but a annoyance that > has been dealt with in many ways. > > It is quite common to not let any process on a web server run longer ...

Re: CORE-2008-0126: Multiple vulnerabilities in iCal

 ( 102 days 7 hours ago)

CORE / SecurityFocus, The cross-references between BID, CVE and vulnerability seem to be wrong in both the advisory and BID database. From the advisory: : Multiple vulnerabilities in iCal : : Advisory ID: CORE-2008-0126 : Advisory URL: : Bugtraq ID: 28629 28632 28633 ...

IOS Rookit: the sky isn't falling (yet)

 ( 102 days 7 hours ago)

I finally got to see Topo's presentation this week-end at PH-Neutral and discuss it with him and FX. Given that the slides aren't online yet [1], that Core hasn't published Topo's technical paper on their website [2] yet either, and that I'm done replying to ...

RoomPHPlanning 1.5 (weekview.php) SQL Injection Vulnerability

 ( 102 days 7 hours ago)

# # # ...::::RoomPHPlanning((weekview.php)) 1.5 SQL Injection Vulnerabilities ::::... # Virangar Security Team www.virangar.net www.virangar.ir Discoverd By :virangar security team(hadihadi) special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to my best friend in the world hadiaryaie2004 & my lovely friend arash(imm02tal) ...

[security bulletin] HPSBUX02335 SSRT071454 rev.2 - HP-UX Running useradd(1M), Local Unauthorized Access

 ( 102 days 7 hours ago)

SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01455884 Version: 2 HPSBUX02335 SSRT071454 rev.2 - HP-UX Running useradd(1M), Local Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-05-26 Last Updated: 2008-05-26 ...

Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php

 ( 102 days 7 hours ago)

This is a bogus issue. There is no SQL injection. It does cause a DB error, but it's not injection related. Read the code properly. $vbulletin->GPC['q'] gets split up into an array. ($search) This array then goes through a foreach loop ($search AS $word) ...

Mandriva: Updated x11-server packages fix stuck keys in Wine

 ( 102 days 10 hours ago)

LinuxSecurity.com: On certain circumstances, specially when using Wine, keys would get stuck, and stay so, even after quitting the application, requiring the user to restart Xorg.

Mandriva: Updated nfs-utils packages fix lack of quota

 ( 102 days 10 hours ago)

LinuxSecurity.com: The nfs server initscript in Mandriva Linux 2008 and 2008 Spring releases lacked support for NFS quota, preventing quota information to be available on user side. The updated packages fix this issue.

Mandriva: Updated dkms package fixes a few bugs

 ( 102 days 10 hours ago)

LinuxSecurity.com: The dkms-minimal package in Mandriva Linux 2008 Spring did not require lsb-release. If lsb-release was not installed, the dkms modules were installed in the standard location, instead of the intended /dkms or /dkms-binary. This update fixes that issue. Due to another bug, dkms would consider older installed binary dkms modules as original modules when installing a newer version of the module as a source dkms package, thus wrongly moving the binary modules around. This update disables original_module handling, not needed anymore since the rework of dkms system in 2008 Spring. Dkms would also print an error message during an upgrade of binary module packages, and under certain conditions an additional warning message regarding multiple modules being found. This update removes those harmless messages when they are not appropriate.

Debian: New mtr packages fix execution of arbitrary code

 ( 102 days 10 hours ago)

LinuxSecurity.com: Adam Zabrocki discovered that under certain circumstances mtr, a full screen ncurses and X11 traceroute tool, could be tricked into executing arbitrary code via overly long reverse DNS records.

Mandriva: Updated gnutls packages fix denial of service

 ( 102 days 10 hours ago)

LinuxSecurity.com: Flaws discovered in versions prior to 2.2.4 (stable) and 2.3.10 (development) of GnuTLS allow an attacker to cause denial of service (application crash), and maybe (so far undetermined) execute arbitrary code. The updated packages have been patched to fix these flaws. Note that any applications using this library must be restarted for the update to take effect.

TJX staffer sacked after talking about security problems

 ( 102 days 14 hours ago)

He says he tried to work through official channels, but after getting no satisfaction and turning to the blogosphere, a young security researcher has been fired from his TJX day job for blabbing about new troubles at the famously breached store chain.

Six hours to hack the FBI (and other pen-testing adventures)

 ( 102 days 20 hours ago)

Penetration testing can reveal weak spots in an enterprise's network and Web systems -- sometimes, "spots" that are big enough to drive a tank through, and on systems the bad guys would kill to get access to. White-hat pen testers dish on some of the more egregious messes they've encountered.

Five steps to successful and cost-effective penetration testing

 ( 102 days 20 hours ago)

Whether you hire outside consultants or do the testing yourself, here are some tips for making sure your time and money are well spent.

Five free pen-testing tools

 ( 102 days 20 hours ago)

Security assessment and deep testing don't require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. We provide you with five to grow on.