Bugtraq (bugtraq) Mailing List

iSEC Partners Security Advisory - 2008-002-lenovornr - Lenovo Rescue and Recovery 4.20

Fri, 10 Oct 2008 15:24:59 -0700

Posted by Chris Clark on Oct 10

iSEC Partners Security Advisory - 2008-002-lenovornr
https://www.isecpartners.com
--------------------------------------------

Lenovo Rescue and Recovery Local Kernel Overflow

Vendor: Lenovo
Vendor URL: http://www.lenovo.com
Versions affected: 4.20
Systems Affected: Windows XP, Windows...

[LC-2008-04] Nokia Browser Array Sort Denial Of Service Vulnerability

10 Oct 2008 16:04:01 -0000

Posted by luca.carettoni_at_ikkisoft.com on Oct 10

('binary' encoding is not supported, stored as-is) ====================================================
Security Research Advisory

Vulnerability name: Nokia Browser Array Sort Denial Of Service Vulnerability
Advisory number: LC-2008-04
Advisory URL: http://www.ikkisoft.com

...

Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection

Fri, 10 Oct 2008 09:35:33 +0100

Posted by ProCheckUp Research on Oct 10

Hi 3APA3A,

That's a good question, and here is my answer from the draft version of
an upcoming paper I'm working on:

"
Gaining SNMP write access to a device is already a compromise on its own
and usually considered a potential high risk security issue. Therefore,
one could argue that...

Re[2]: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection

Fri, 10 Oct 2008 10:28:43 +0400

Posted by Vladimir 3APA3A Dubrovin on Oct 10

Dear lee.e.rian_at_census.gov,

Why do you think you can't do it with SNMP? An examples are settings DNS
server option via DHCP (or DNS domain name for proxy server
autodiscovery protocol) or even configuring a VPN tunnel for all
traffic. I'm not sure about...

[USN-651-1] Ruby vulnerabilities

Thu, 9 Oct 2008 21:25:50 -0500

Posted by Jamie Strandboge on Oct 9

===========================================================
Ubuntu Security Notice USN-651-1 October 10, 2008
ruby1.8 vulnerabilities
CVE-2008-2376, CVE-2008-3443, CVE-2008-3655, CVE-2008-3656,
CVE-2008-3657, CVE-2008-3790, CVE-2008-3905
...

ZDI-08-067: Apple CUPS 1.3.7 (HP-GL2 filter) Remote Code Execution Vulnerability

Thu, 9 Oct 2008 22:21:04 -0400

Posted by zdi-disclosures_at_3com.com on Oct 9

ZDI-08-067: Apple CUPS 1.3.7 (HP-GL/2 filter) Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-067
October 9, 2008

-- CVE ID:
CVE-2008-3641

-- Affected Vendors:
Apple

-- Affected Products:
Apple OS X

-- TippingPoint(TM) IPS...

[SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure

Thu, 09 Oct 2008 23:46:19 +0100

Posted by Mark Thomas on Oct 09

CVE-2008-3271: Tomcat information disclosure vulnerability

Severity: Low

Vendor:
The Apache Software Foundation

Versions Affected:
Tomcat 4.1.0 to 4.1.31
Tomcat 5.5.0
Tomcat 6.0.x is not affected
The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected

Description:
Bug...

Re: News Manager Remote SQL Injection Vulnerability

Thu, 9 Oct 2008 18:20:30 -0400

Posted by packet_at_packetstormsecurity.org on Oct 9

Discovered over a year ago.

http://packetstormsecurity.org/0705-exploits/prenews-sql.txt 0bae5b1d6f9d99c6749403341807f0d8 Pre News Manager version 1.0 suffers from a remote SQL injection vulnerability.  Homepage: http://www.cyber-security.org/.

On Thu, Oct 09, 2008 at 12:21:25PM...

CA ARCserve Backup Multiple Vulnerabilities

Thu, 9 Oct 2008 17:57:05 -0400

Posted by Williams James K on Oct 9

Title: CA ARCserve Backup Multiple Vulnerabilities

CA Advisory Date: 2008-10-09

Reported By:
Haifei Li of Fortinet's FortiGuard Global Security Research Team
Vulnerability Research Team of Assurent Secure Technologies, a
TELUS Company
Greg Linares...

Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection

Thu, 9 Oct 2008 17:24:27 -0400

Posted by lee.e.rian_at_census.gov on Oct 9

-----"Vladimir '3APA3A' Dubrovin" <3APA3A_at_SECURITY.NNOV.RU> wrote: -----

>What can you achieve with script injection you can not achieve
>with SNMP write access?

I don't know what you can actually achieve, but in addition to whatever you
can do to/with the box...

Re: Motorola Timbuktus Internet Locator Service real-time data exposed to public.

Thu, 9 Oct 2008 10:04:02 -0600

Posted by therese.vanryne_at_motorola.com on Oct 9

('binary' encoding is not supported, stored as-is) Thank you for revisiting this issue. Unfortunately your first message didn't make it to the right parties due to the then-recent acquisition of Netopia by Motorola.

We take security seriously and have added in password protection to fix this...

Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection

Thu, 9 Oct 2008 22:20:45 +0400

Posted by Vladimir 3APA3A Dubrovin on Oct 9

Dear ProCheckUp Research,

What can you achieve with script injection you can not achieve with
SNMP write access?

--Thursday, October 9, 2008, 5:02:44 PM, you wrote to bugtraq_at_securityfocus.com:

PR> $ snmpset -v1 -c public 192.168.1.100 sysName.0 s
...

[ GLSA 200810-02 ] Portage: Untrusted search path local root vulnerability

Thu, 9 Oct 2008 19:36:48 +0200

Posted by Robert Buchholz on Oct 9

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200810-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
...

Re: Token Kidnapping Windows 2003 PoC exploit

Thu, 9 Oct 2008 06:25:41 -0600

Posted by groovydude_at_mywasteofbandwidth.com on Oct 9

('binary' encoding is not supported, stored as-is) Has a patch been previously released by Microsoft for this?
Received on Oct 09 2008

[security bulletin] HPSBMA02374 SSRT080046 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)

Thu, 09 Oct 2008 05:25:01 -0700

Posted by security-alert_at_hp.com on Oct 09

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01567813
Version: 1

HPSBMA02374 SSRT080046 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date:...