From jericho at attrition.org Tue Apr 7 02:24:56 2009 From: jericho at attrition.org (security curmudgeon) Date: Tue, 7 Apr 2009 02:24:56 +0000 (UTC) Subject: [VIM] Q2 Solutions ConnX - timeline Message-ID: http://archives.neohapsis.com/archives/bugtraq/2009-04/0018.html Recommendation: Vendor refused to comment on whether they would develop a patch or even notify existing client base. Workaround: Remove ConnX server from public Internet access and protect behind corporate firewalls, SSL-VPN, web application firewall etc. Disclosure timeline: 30-Oct-2008 - Discovered during audit. 05-Nov-2008 - Notified vendor. Vendor declined to comment. 01-Dec-2008 - Submitted full details to vendor. 18-Dec-2008 - Attempted to contact vendor again for a patch release date. 18-Dec-2008 - And again... 18-Dec-2008 - Vendor response, no patch - "We support our clients, not independent contractors." 03-Apr-2009 - Disclosure. From smoore at securityglobal.net Tue Apr 7 03:03:49 2009 From: smoore at securityglobal.net (Stuart Moore) Date: Mon, 06 Apr 2009 23:03:49 -0400 Subject: [VIM] correct CVE for mod_perl Apache::Status XSS Message-ID: <49DAC295.7040907@securityglobal.net> Fred Moyer's e-mail message to the perl-advocacy mod_perl mailing list regarding the Apache::Status XSS bug mentioned CVE-2009-0796 in the subject line and CVE-2009-0795 in the body of the message. Fred has confirmed that CVE-2009-0796 is the correct number. Stuart http://mail-archives.apache.org/mod_mbox/perl-advocacy/200904.mbox/%3Cad28918e0904011458h273a71d4x408f1ed286c9dfbc at mail.gmail.com%3E From coley at linus.mitre.org Tue Apr 7 17:21:49 2009 From: coley at linus.mitre.org (Steven M. Christey) Date: Tue, 7 Apr 2009 13:21:49 -0400 (EDT) Subject: [VIM] Vendor dispute of Check Point overflow (CVE-2009-1227) Message-ID: All, cve at mitre received the following dispute by Check Point for CVE-2009-1227: Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with and without HFAs. The issue was not reproduced. We have conducted a thorough analysis of the relevant code and verified that we are secure against this attack. We consider this attack to pose no risk to Check Point customers. str0ke - if you were able to successfully test this before publishing as MILW0RM:8313, that would be informative. - Steve From bugsnothugs at gmail.com Tue Apr 7 19:50:44 2009 From: bugsnothugs at gmail.com (Bugs NotHugs) Date: Tue, 7 Apr 2009 13:50:44 -0600 Subject: [VIM] Vendor dispute of Check Point overflow (CVE-2009-1227) Message-ID: <63ac005e0904071250i79159e03l8bd0aa21a05a5c45@mail.gmail.com> Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with and without HFAs. The issue was not reproduced. We have conducted a thorough analysis of the relevant code and verified that we are secure against this attack. We consider this attack to pose no risk to Check Point customers. HDM test version R66 of VPN-1 and not work. Bug is real, details sparse. From client engagement where client not tell us exact version software. Test happen two years ago, so older version affected. Not able to test again so publish details and move on. -- BugsNotHugs Shared Vulnerability Disclosure Account From str0ke at milw0rm.com Tue Apr 7 20:51:39 2009 From: str0ke at milw0rm.com (str0ke) Date: Tue, 07 Apr 2009 15:51:39 -0500 Subject: [VIM] Vendor dispute of Check Point overflow (CVE-2009-1227) In-Reply-To: References: Message-ID: <49DBBCDB.8080706@milw0rm.com> Didn't check it out, pretty sure I grabbed it from one of the lists :( /str0ke Steven M. Christey wrote: > All, > > cve at mitre received the following dispute by Check Point for > CVE-2009-1227: > > Check Point Security Alert Team has analyzed this report. We've > tried to reproduce the attack on all VPN-1 versions from NG FP2 and > above with and without HFAs. The issue was not reproduced. We have > conducted a thorough analysis of the relevant code and verified that > we are secure against this attack. We consider this attack to pose > no risk to Check Point customers. > > str0ke - if you were able to successfully test this before publishing as > MILW0RM:8313, that would be informative. > > - Steve > > From coley at linus.mitre.org Wed Apr 8 15:14:08 2009 From: coley at linus.mitre.org (Steven M. Christey) Date: Wed, 8 Apr 2009 11:14:08 -0400 (EDT) Subject: [VIM] correct CVE for mod_perl Apache::Status XSS In-Reply-To: <49DAC295.7040907@securityglobal.net> References: <49DAC295.7040907@securityglobal.net> Message-ID: On Mon, 6 Apr 2009, Stuart Moore wrote: > Fred Moyer's e-mail message to the perl-advocacy mod_perl mailing list > regarding the Apache::Status XSS bug mentioned CVE-2009-0796 in the > subject line and CVE-2009-0795 in the body of the message. We've rejected CVE-2009-0795, which had already been assigned to a separate issue in rose_sendmsg/kernel, which has been reassigned to CVE-2009-1265. - Steve ====================================================== Name: CVE-2009-0795 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0795 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0796, CVE-2009-1265. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a different issue. Notes: All CVE users should consult CVE-2009-0796 and CVE-2009-1265 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. ====================================================== Name: CVE-2009-0796 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796 Reference: MLIST:[modperl-cvs] 20090401 svn commit: r761081 - in /perl/modperl/branches/1.x: Changes lib/Apache/Status.pm Reference: URL:http://www.gossamer-threads.com/lists/modperl/modperl-cvs/99477#99477 Reference: MLIST:[modperl] 20090401 [SECURITY] [CVE-2009-0796] Vulnerability found in Apache::Status and Apache2::Status Reference: URL:http://www.gossamer-threads.com/lists/modperl/modperl/99475#99475 Reference: MISC:https://launchpad.net/bugs/cve/2009-0796 Reference: CONFIRM:http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?r1=177851&r2=761081&pathrev=761081&diff_format=h Reference: CONFIRM:http://svn.apache.org/viewvc?view=rev&revision=761081 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=494402 Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI. ====================================================== Name: CVE-2009-1265 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1265 Reference: MISC:http://bugzilla.kernel.org/show_bug.cgi?id=10423 Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=83e0bbcbe2145f160fbaa109b0439dae7f4a38a9 Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent. From theall at tenablesecurity.com Wed Apr 15 16:12:24 2009 From: theall at tenablesecurity.com (George A. Theall) Date: Wed, 15 Apr 2009 12:12:24 -0400 Subject: [VIM] PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities Message-ID: <40A5D9B5-A647-4B5E-B2C9-35CDEE0BFEC2@tenablesecurity.com> Hey str0ke, you're aware that milw0rm 8425 is rather old, aren't you? It's a repost of a message Sirdarckcat posted to Bugtraq in 2006 -- http://www.securityfocus.com/archive/1/445007/30/0/threaded . I'm not sure why, but SecurityFocus created BID 34505 for the repost even though BID 19818 is for the issues in the original post. George -- theall at tenablesecurity.com From str0ke at milw0rm.com Wed Apr 15 16:27:47 2009 From: str0ke at milw0rm.com (str0ke) Date: Wed, 15 Apr 2009 11:27:47 -0500 Subject: [VIM] PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities In-Reply-To: <40A5D9B5-A647-4B5E-B2C9-35CDEE0BFEC2@tenablesecurity.com> References: <40A5D9B5-A647-4B5E-B2C9-35CDEE0BFEC2@tenablesecurity.com> Message-ID: <49E60B03.5080802@milw0rm.com> Hey George :) I added the vuln for future references. I missed it when it came out back in 2006. George A. Theall wrote: > Hey str0ke, you're aware that milw0rm 8425 is rather old, aren't you? > It's a repost of a message Sirdarckcat posted to Bugtraq in 2006 -- > http://www.securityfocus.com/archive/1/445007/30/0/threaded. > > I'm not sure why, but SecurityFocus created BID 34505 for the repost > even though BID 19818 is for the issues in the original post. > > > George From str0ke at milw0rm.com Mon Apr 20 20:04:07 2009 From: str0ke at milw0rm.com (str0ke) Date: Mon, 20 Apr 2009 15:04:07 -0500 Subject: [VIM] Twitter Message-ID: <49ECD537.4070205@milw0rm.com> Who all twitters here? Wouldn't mind grabbing a few extra following users to my list that talk about current vulnerabilities. /str0ke From jericho at attrition.org Mon Apr 20 20:03:28 2009 From: jericho at attrition.org (security curmudgeon) Date: Mon, 20 Apr 2009 20:03:28 +0000 (UTC) Subject: [VIM] Twitter In-Reply-To: <49ECD537.4070205@milw0rm.com> References: <49ECD537.4070205@milw0rm.com> Message-ID: http://attrition.org/news/content/09-04-17.001.html Attrition.org: We Twitter, Therefore We Suck -- But, you don't want to follow us =) We don't really talk about vulnerabilities on it, and most of what we do is meant to inflame, or show how silly 99% of twitter is. On Mon, 20 Apr 2009, str0ke wrote: : Who all twitters here? Wouldn't mind grabbing a few extra following : users to my list that talk about current vulnerabilities. : : /str0ke : From str0ke at milw0rm.com Mon Apr 20 20:09:52 2009 From: str0ke at milw0rm.com (str0ke) Date: Mon, 20 Apr 2009 15:09:52 -0500 Subject: [VIM] Twitter In-Reply-To: References: <49ECD537.4070205@milw0rm.com> Message-ID: <49ECD690.4010007@milw0rm.com> hahha, sounds like the perfect list for me. security curmudgeon wrote: > http://attrition.org/news/content/09-04-17.001.html > > Attrition.org: We Twitter, Therefore We Suck > > -- > > But, you don't want to follow us =) We don't really talk about > vulnerabilities on it, and most of what we do is meant to inflame, or show > how silly 99% of twitter is. > > On Mon, 20 Apr 2009, str0ke wrote: > > : Who all twitters here? Wouldn't mind grabbing a few extra following > : users to my list that talk about current vulnerabilities. > : > : /str0ke > : > > From coley at linus.mitre.org Thu Apr 23 17:20:21 2009 From: coley at linus.mitre.org (Steven M. Christey) Date: Thu, 23 Apr 2009 13:20:21 -0400 (EDT) Subject: [VIM] milw0rm availability Message-ID: str0ke, Is it just me, or has milw0rm.com connectivity been up-and-down lately? If so, then do you expect the problem to continue? You're often the only source of raw information for an issue, so CVE uses it heavily. Thanks, Steve From str0ke at milw0rm.com Thu Apr 23 20:02:28 2009 From: str0ke at milw0rm.com (str0ke) Date: Thu, 23 Apr 2009 15:02:28 -0500 Subject: [VIM] milw0rm availability In-Reply-To: References: Message-ID: <49F0C954.5050001@milw0rm.com> Steven M. Christey wrote: > str0ke, > > Is it just me, or has milw0rm.com connectivity been up-and-down lately? If > so, then do you expect the problem to continue? You're often the only > source of raw information for an issue, so CVE uses it heavily. > > Thanks, > Steve > >From Denial of Service attacks, to hardware acting up, to double the traffic. Its a little tough right now. Once I get new hardware in I should be good to go, then again times are tough and not sure how long its going to be until that occurs. Probably a month or so hopefully. /str0ke