Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Thu, 9 Feb 2012 04:28:10 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1628928592&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1628928592.1328761690.1328761690.1328761690.1%3B%2B__utmz%3D32867617.1328761690.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/109583/ZDI-12-031.txt http://packetstormsecurity.org/files/109583/ZDI-12-031.txt http://packetstormsecurity.org/files/109583/Zero-Day-Initiative-Advisory-12-031.html Wed, 08 Feb 2012 22:42:19 GMT Zero Day Initiative Advisory 12-031 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Server. Authentication is not required to exploit this vulnerability. The flaw exists within the mod_ipp apache module component of the iprint-server, which listens by default on 631/tcp. During the handling of get-printer-attributes requests containing a attributes-natural-language attribute cause a validation routine to be hit. When validating this parameter the contents of the attribute are copied, without validation, to a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process. http://packetstormsecurity.org/files/109582/ZDI-12-030.txt http://packetstormsecurity.org/files/109582/ZDI-12-030.txt http://packetstormsecurity.org/files/109582/Zero-Day-Initiative-Advisory-12-030.html Wed, 08 Feb 2012 22:42:03 GMT Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to TestCompatibilityRecordMode() which allows a remote attacker to reliably corrupt controlled memory regions. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser. http://packetstormsecurity.org/files/109578/torcs132-overflow.txt http://packetstormsecurity.org/files/109578/torcs132-overflow.txt http://packetstormsecurity.org/files/109578/TORCS-1.3.2-Buffer-Overflow.html Wed, 08 Feb 2012 22:32:01 GMT TORCS versions 1.3.2 and below XML buffer overflow /SAFESEH evasion exploit. http://packetstormsecurity.org/files/109577/haveged-1.4.tar.gz http://packetstormsecurity.org/files/109577/haveged-1.4.tar.gz http://packetstormsecurity.org/files/109577/Haveged-1.4.html Wed, 08 Feb 2012 22:29:37 GMT haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM. http://packetstormsecurity.org/files/109576/ZDI-12-029.txt http://packetstormsecurity.org/files/109576/ZDI-12-029.txt http://packetstormsecurity.org/files/109576/Zero-Day-Initiative-Advisory-12-029.html Wed, 08 Feb 2012 22:28:41 GMT Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser. http://packetstormsecurity.org/files/109575/RHSA-2012-0104-01.txt http://packetstormsecurity.org/files/109575/RHSA-2012-0104-01.txt http://packetstormsecurity.org/files/109575/Red-Hat-Security-Advisory-2012-0104-01.html Wed, 08 Feb 2012 22:27:15 GMT Red Hat Security Advisory 2012-0104-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect. http://packetstormsecurity.org/files/109574/RHSA-2012-0105-01.txt http://packetstormsecurity.org/files/109574/RHSA-2012-0105-01.txt http://packetstormsecurity.org/files/109574/Red-Hat-Security-Advisory-2012-0105-01.html Wed, 08 Feb 2012 22:26:45 GMT Red Hat Security Advisory 2012-0105-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. http://packetstormsecurity.org/files/109573/RHSA-2012-0103-01.txt http://packetstormsecurity.org/files/109573/RHSA-2012-0103-01.txt http://packetstormsecurity.org/files/109573/Red-Hat-Security-Advisory-2012-0103-01.html Wed, 08 Feb 2012 22:22:37 GMT Red Hat Security Advisory 2012-0103-01 - SquirrelMail is a standards-based webmail package written in PHP. A cross-site scripting flaw was found in the way SquirrelMail performed the sanitization of HTML style tag content. A remote attacker could use this flaw to send a specially-crafted Multipurpose Internet Mail Extensions message that, when opened by a victim, would lead to arbitrary web script execution in the context of their SquirrelMail session. Multiple cross-site scripting flaws were found in SquirrelMail. A remote attacker could possibly use these flaws to execute arbitrary web script in the context of a victim's SquirrelMail session. http://packetstormsecurity.org/files/109567/trixd00r-0.0.1.tar.gz http://packetstormsecurity.org/files/109567/trixd00r-0.0.1.tar.gz http://packetstormsecurity.org/files/109567/trixd00r-0.0.1.html Wed, 08 Feb 2012 22:19:13 GMT trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP. The client is used to send magic packets to trigger the server and get a shell. http://packetstormsecurity.org/files/109566/VFU-script.rar http://packetstormsecurity.org/files/109566/VFU-script.rar http://packetstormsecurity.org/files/109566/Viper-FakeUpdate-Script.html Wed, 08 Feb 2012 22:12:22 GMT This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit. http://packetstormsecurity.org/files/109565/ZDI-12-028.txt http://packetstormsecurity.org/files/109565/ZDI-12-028.txt http://packetstormsecurity.org/files/109565/Zero-Day-Initiative-Advisory-12-028.html Wed, 08 Feb 2012 22:10:11 GMT Zero Day Initiative Advisory 12-028 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within BB FlashBack Recorder.dll. The Filename property is vulnerable to directory traversal via the Start() method. PauseAndSave() is also vulnerable to directory traversal via its nextfilename parameter. InsertMarker() and InsertSoundToFBRAtMarker() have parameters that are vulnerable to script injection and can be combined with the previously mentioned vulnerabilities to achieve remote arbitrary code execution. http://packetstormsecurity.org/files/109564/cliki-xss.txt http://packetstormsecurity.org/files/109564/cliki-xss.txt http://packetstormsecurity.org/files/109564/CLiki-Cross-Site-Scripting.html Wed, 08 Feb 2012 22:08:34 GMT CLiki suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/files/109563/HPSBMU02742-SSRT100740.txt http://packetstormsecurity.org/files/109563/HPSBMU02742-SSRT100740.txt http://packetstormsecurity.org/files/109563/HP-Security-Bulletin-HPSBMU02742-SSRT100740.html Wed, 08 Feb 2012 21:52:41 GMT HP Security Bulletin HPSBMU02742 SSRT100740 - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. The vulnerability could be exploited remotely resulting in unauthorized disclosure of information. Revision 1 of this advisory. http://packetstormsecurity.org/files/109562/ZDI-12-027.txt http://packetstormsecurity.org/files/109562/ZDI-12-027.txt http://packetstormsecurity.org/files/109562/Zero-Day-Initiative-Advisory-12-027.html Wed, 08 Feb 2012 21:48:12 GMT Zero Day Initiative Advisory 12-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc function exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by first setting the 'Text' member of the object. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system. http://packetstormsecurity.org/files/109561/zenphoto-sqlxssexec.txt http://packetstormsecurity.org/files/109561/zenphoto-sqlxssexec.txt http://packetstormsecurity.org/files/109561/ZENphoto-1.4.2-Code-Execution-XSS-SQL-Injection.html Wed, 08 Feb 2012 21:46:26 GMT ZENphoto version 1.4.2 suffers from PHP code execution, cross site scripting and remote SQL injection vulnerabilities. http://packetstormsecurity.org/files/109560/clubhack-magazine-feb2012.pdf http://packetstormsecurity.org/files/109560/clubhack-magazine-feb2012.pdf http://packetstormsecurity.org/files/109560/ClubHACK-Magazine-Issue-25.html Wed, 08 Feb 2012 21:43:04 GMT ClubHACK Magazine Issue 25 - Topics covered include Exploiting Remote Systems Without Being Online, Firewall 101, Introduction To Skipfish, and more. http://packetstormsecurity.org/files/109559/android-xdomain.txt http://packetstormsecurity.org/files/109559/android-xdomain.txt http://packetstormsecurity.org/files/109559/Android-Webkit-XSS-Cross-Domain-Issues.html Wed, 08 Feb 2012 21:38:35 GMT Android suffers from multiple cross site scripting, cross domain, auto file download and cross protocol vulnerabilities. http://packetstormsecurity.org/files/109558/ZDI-12-026.txt http://packetstormsecurity.org/files/109558/ZDI-12-026.txt http://packetstormsecurity.org/files/109558/Zero-Day-Initiative-Advisory-12-026.html Wed, 08 Feb 2012 21:38:05 GMT Zero Day Initiative Advisory 12-026 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Render() method exposed by the ExportHTML.dll ActiveX control. This method causes a file to be written to an arbitrary path specified by the second argument (Output). The contents of the file can be controlled by manipulating the object members 'CssLocation', 'LayoutStyle' and 'EmbedCss'. The CssLocation member can be directed to a UNC path containing a file to be included in the file generated by the call to Render(). These behaviors can be exploited by an attacker to execute arbitrary code on the target system. http://packetstormsecurity.org/files/109557/ZDI-12-025.txt http://packetstormsecurity.org/files/109557/ZDI-12-025.txt http://packetstormsecurity.org/files/109557/Zero-Day-Initiative-Advisory-12-025.html Wed, 08 Feb 2012 21:37:45 GMT Zero Day Initiative Advisory 12-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the indexd.exe handles rpc calls with opcode 0x1 for program 0x0005F3D9. While processing this message a user supplied string is copied into a fixed size stack buffer. This can result in a buffer overflow which can lead to remote code execution under the context of the current process. http://packetstormsecurity.org/files/109556/ZDI-12-024.txt http://packetstormsecurity.org/files/109556/ZDI-12-024.txt http://packetstormsecurity.org/files/109556/Zero-Day-Initiative-Advisory-12-024.html Wed, 08 Feb 2012 21:37:31 GMT Zero Day Initiative Advisory 12-024 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uncsp_ViewReportsHomepage stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the uncsp_ViewReportsHomepage stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request--which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function. http://packetstormsecurity.org/files/109555/ZDI-12-023.txt http://packetstormsecurity.org/files/109555/ZDI-12-023.txt http://packetstormsecurity.org/files/109555/Zero-Day-Initiative-Advisory-12-023.html Wed, 08 Feb 2012 21:36:49 GMT Zero Day Initiative Advisory 12-023 - This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the App_Code.dll service listening by default on TCP ports 34444 and 34443 (SSL). The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of CA Total Defense Suite UNC Management Web Service to easily decrypt the credentials. http://packetstormsecurity.org/files/109554/ZDI-12-022.txt http://packetstormsecurity.org/files/109554/ZDI-12-022.txt http://packetstormsecurity.org/files/109554/Zero-Day-Initiative-Advisory-12-022.html Wed, 08 Feb 2012 21:36:35 GMT Zero Day Initiative Advisory 12-022 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExportReport stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the ExportReport stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request--which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function. http://packetstormsecurity.org/files/109553/ZDI-12-021.txt http://packetstormsecurity.org/files/109553/ZDI-12-021.txt http://packetstormsecurity.org/files/109553/Zero-Day-Initiative-Advisory-12-021.html Wed, 08 Feb 2012 21:36:22 GMT Zero Day Initiative Advisory 12-021 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within 2d.x3d, which is Adobe Reader's code responsible for processing BMP files. When passing a negative size parameter in the 'colors' field, a series of signed comparisons will be averted, and the overly large size parameter is passed to a memcpy(). This will cause a heap-based buffer overflow, allowing an attacker to execute code under the context of the user. http://packetstormsecurity.org/files/109552/dlinksharecenter-exec.txt http://packetstormsecurity.org/files/109552/dlinksharecenter-exec.txt http://packetstormsecurity.org/files/109552/D-Link-ShareCenter-Remote-Code-Execution.html Wed, 08 Feb 2012 16:21:07 GMT This advisory expands on a previously known authentication bypass issue in D-Link ShareCenter products. It documents how the vulnerability can also be leveraged to execute arbitrary commands. http://packetstormsecurity.org/files/109551/ZSL-2012-5071.txt http://packetstormsecurity.org/files/109551/ZSL-2012-5071.txt http://packetstormsecurity.org/files/109551/SciTools-Understand-2.6-DLL-Loading-Code-Execution.html Wed, 08 Feb 2012 16:18:14 GMT A vulnerability in SciTools Understand version 2.6 is caused due to the application loading libraries (wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening an Understand Project file (.UDB) located on a remote WebDAV or SMB share.