From coley at rcf-smtp.mitre.org Thu Mar 1 14:16:03 2012 From: coley at rcf-smtp.mitre.org (Steven M. Christey) Date: Thu, 1 Mar 2012 15:16:03 -0500 (EST) Subject: [VIM] Deleted Exploit-DB entries Message-ID: I've just edited a couple future CVEs that pointed to Exploit-DB links that were posted about a week ago, but have since been yanked. In both cases, it looks like there was a previous disclosure with the same issue, so maybe Exploit-DB is removing duplicates or potentially-plagiarized reports? - Steve From theall at tenable.com Thu Mar 8 11:46:44 2012 From: theall at tenable.com (George A. Theall) Date: Thu, 8 Mar 2012 12:46:44 -0500 Subject: [VIM] CVE-2011-4061 Message-ID: Can anyone confirm if the local privilege escalation vulnerabilities in DB2 covered by CVE-2011-4061 / OSVDB 76456 and 76457 are addressed by IBM's APAR IC79970? The description in the APAR George -- theall at tenablesecurity.com From James.Williams at ca.com Thu Mar 8 14:56:40 2012 From: James.Williams at ca.com (Williams, James K) Date: Thu, 8 Mar 2012 20:56:40 +0000 Subject: [VIM] Computer Associates ARCserve D2D and ARCserve Backup Arbitrary Code Execution Vulnerability, BID 51189 Message-ID: George, thanks for bringing up that BID issue. Rob, thanks for fixing the BIDs. For reference, note that CA Japan usually republishes their own localized versions of security notices that are originally published at https://support.ca.com/. Notices are always published first and are always most current at https://support.ca.com/. Also, we do utilize CVE for vulnerability identification in all security notices, and always acquire CVE identifier(s) before publishing security notices. If you ever have questions about CA security notices or advisories, our preferred method of communication is email to vuln at ca.com. Thanks and regards, Ken Williams, Director CA Technologies Product Vulnerability Response Team CA Technologies Business Unit Operations wilja22 at ca.com -----Original Message----- ------------------------------ Message: 6 Date: Thu, 29 Dec 2011 20:41:57 -0500 From: "George A. Theall" To: Vulnerability Information Managers Subject: [VIM] Computer Associates ARCserve D2D and ARCserve Backup Arbitrary Code Execution Vulnerability, BID 51189 Message-ID: Content-Type: text/plain; charset="us-ascii" BID 51189 was created yesterday for an issue in CA ARCserve D2D / ARCserve Backup. It looks to me to be a dup of BID 48897. Yesterday's BID references an advisory from Hitachi (http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-025/index.html) which in turn references a Japanese language advisory from Computer Associates (http://www.casupport.jp/resources/info/CA20110809-01.htm). Like the earlier BID, that mentions CVE-2011-3011, which immediately should raise suspicions. And, if you use something like Yahoo's Babelfish to translate the page, you'll end up with text that's pretty close to http://seclists.org/fulldisclosure/2011/Aug/82, CA's original advisory from August referenced in 48897. Rob? George -- theall at tenablesecurity.com ------------------------------ Message: 7 Date: Tue, 03 Jan 2012 13:50:08 -0700 From: rkeith To: Vulnerability Information Managers Cc: "George A. Theall" Subject: Re: [VIM] Computer Associates ARCserve D2D and ARCserve Backup Arbitrary Code Execution Vulnerability, BID 51189 Message-ID: <4F036A00.6030905 at securityfocus.com> Content-Type: text/plain; charset=ISO-8859-1 Thanks George, Definitely an oversight on our part, the BIDs have been corrected/retired as required. Thanks, Rob On 12/29/2011 06:41 PM, George A. Theall wrote: > BID 51189 was created yesterday for an issue in CA ARCserve D2D / ARCserve Backup. It looks to me to be a dup of BID 48897. > > Yesterday's BID references an advisory from Hitachi (http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-025/index.html) which in turn references a Japanese language advisory from Computer Associates (http://www.casupport.jp/resources/info/CA20110809-01.htm). Like the earlier BID, that mentions CVE-2011-3011, which immediately should raise suspicions. And, if you use something like Yahoo's Babelfish to translate the page, you'll end up with text that's pretty close to http://seclists.org/fulldisclosure/2011/Aug/82, CA's original advisory from August referenced in 48897. > > Rob? > > > George ------------------------------ From theall at tenable.com Mon Mar 19 13:35:39 2012 From: theall at tenable.com (George A. Theall) Date: Mon, 19 Mar 2012 14:35:39 -0400 Subject: [VIM] Preprojects Pre Classified Listings 'category' Parameter SQL Injection Vulnerability Message-ID: Looks like SecurityFocus created BID 52543 today for a SQL injection in Pre Classifieds. They give as a sample PoC: http://wwww.example.com/classi/search.php?category=-1+union+all+select+version()-- which matches EDB-ID 18613. This looks to me like a dup of CVE-2007-2675 / OSVDB 35597 / BID 23795 / EDB-ID 3840: search.php?category=-1/**/union/**/select/**/pass/**/from/**/users/* search.php?category=-1/**/union/**/select/**/name/**/from/**/users/* Rob? George -- theall at tenablesecurity.com From rkeith at securityfocus.com Tue Mar 20 10:53:56 2012 From: rkeith at securityfocus.com (Rob Keith) Date: Tue, 20 Mar 2012 09:53:56 -0600 Subject: [VIM] Preprojects Pre Classified Listings 'category' Parameter SQL Injection Vulnerability In-Reply-To: References: Message-ID: <4F68A814.6060506@securityfocus.com> Yes, same issue, we'll retire the new BID. Thanks George. -Rob George A. Theall wrote: > Looks like SecurityFocus created BID 52543 today for a SQL injection in Pre Classifieds. They give as a sample PoC: > > http://wwww.example.com/classi/search.php?category=-1+union+all+select+version()-- > > which matches EDB-ID 18613. > > This looks to me like a dup of CVE-2007-2675 / OSVDB 35597 / BID 23795 / EDB-ID 3840: > > search.php?category=-1/**/union/**/select/**/pass/**/from/**/users/* > search.php?category=-1/**/union/**/select/**/name/**/from/**/users/* > > Rob? > > George -- Rob Keith Symantec