The Exploit Database:  November 16, 2009

Samba 3.0.10 - 3.3.5/Php 5.2.11 - 5.2
HP Power Manager Administration Buffer Overflow Exploit
http://exploits.offensive-security.com/

Including the Linux kernel pipe.c local file escalation bug:
http://exploits.offensive-security.com/record.php?id=9392

****
Weak-Net Linux 3 Lite (CD Security Distro)

WeakNet Linux Assistant 3 (Lite)

"A must-have for anyone interested in Security or Forensics, this CD-sized
distro contains all the tools you need to test your skills and excel in the
field of INFOSEC." - Johnny Long (iHackCharities.org)
http://weaknetlabs.com/linux/

****

SSLv3 TLS Renegotiation Injection

Recently, Thursday 11/5/09, a few folks over on the IETF mailing
list<http://www.ietf.org/mail-archive/web/tls/current/threads.html#03948>went
public with a limited
Man-in-the-Middle attack <http://extendedsubset.com/?p=8> on SSLv3 and TLS.
There has been quite<http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221600523>a
bit of
press <http://www.pcmag.com/article2/0,2817,2355432,00.asp>
coverage<http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=221600478>on
this issue's severity. However, the way this attack can be used
is proving to be more
<http://seclists.org/fulldisclosure/2009/Nov/139>dangerous in specific
contexts than at first thought. This vulnerability
affects almost every SSL/TLS implementation: IIS (5|6|7), Apache mod_ssl <
2.2.14, OpenSSL < 0.9.8l, GnuTLS < 2.8.5, Mozilla NSS < 3.12.4, and
certainly more. Any products using these libraries as their underlying
secure transport layer are also vulnerable to this content injection
vulnerability. This vulnerability has been assigned
CVE-2009-3555<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555>by
Mitre and I'm sure they will continue to update their listing with
newly
affected packages as they are found.

http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/11/13/ssl-tls-renegotiation-content-injection.aspx

Script example from Offensive-Security:
http://exploits.offensive-security.com/record.php?id=9447

****

Twitter Horror XSS on Twitter:

In the last months, Twitter provided the security community with an amazing
saga, being repeatedly plagued by almost any vulnerability known to mankind
and pitilessly pointed as unable to protect its users' privacy: there has
been so much hype about the "Twitter affair" that no worm, esoteric
injection or other new oddity could add more spice on it.
But you should agree with me that this time Twitter has taken the cake.
I'll be short: *Twitter fails to perform validation in any parameter on any
URL!*

http://sites.google.com/site/tentacoloviola/twitterhorror

****

Be sure to catch Brian Fields presentation on MetaSploit at JCL Cowden on
December 1, 2009 @18:30:
http://plug.phoenix.az.us/node/2115

-- 
www.it-clowns.com