The Exploit Database:  November 16, 2009<br><br>Samba 3.0.10 - 3.3.5/Php 5.2.11 - 5.2<br>HP Power Manager Administration Buffer Overflow Exploit<br><a href="http://exploits.offensive-security.com/">http://exploits.offensive-security.com/</a><br>
<br>Including the Linux kernel pipe.c local file escalation bug:<br><a href="http://exploits.offensive-security.com/record.php?id=9392">http://exploits.offensive-security.com/record.php?id=9392</a><br><br>****<br>Weak-Net Linux 3 Lite (CD Security Distro)<br>
<p class="style12">WeakNet Linux Assistant 3 (Lite)</p>
    <p class="style19">
&quot;A must-have for anyone interested in Security or Forensics, this
CD-sized distro contains all the tools you need to test your skills and
excel in the field of INFOSEC.&quot; - Johnny Long (iHackCharities.org)</p><a href="http://weaknetlabs.com/linux/">http://weaknetlabs.com/linux/</a><br><br>****<br><br>SSLv3 TLS Renegotiation Injection<br><br>Recently, Thursday 11/5/09, a few folks over on the <a href="http://www.ietf.org/mail-archive/web/tls/current/threads.html#03948">IETF mailing list</a> went public with a <a href="http://extendedsubset.com/?p=8">limited Man-in-the-Middle attack</a> on SSLv3 and TLS. There has been <a href="http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221600523">quite</a> a bit of <a href="http://www.pcmag.com/article2/0,2817,2355432,00.asp">press</a> <a href="http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=221600478">coverage</a> on this issue&#39;s severity. However, the way this attack can be used is proving to be <a href="http://seclists.org/fulldisclosure/2009/Nov/139">more</a>
dangerous in specific contexts than at first thought. This
vulnerability affects almost every SSL/TLS implementation: IIS (5|6|7),
Apache mod_ssl &lt; 2.2.14, OpenSSL &lt; 0.9.8l, GnuTLS &lt; 2.8.5,
Mozilla NSS &lt; 3.12.4, and certainly more. Any products using these
libraries as their underlying secure transport layer are also
vulnerable to this content injection vulnerability. This vulnerability
has been assigned <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">CVE-2009-3555</a> by Mitre and I&#39;m sure they will continue to update their listing with newly affected packages as they are found. <br>
<br><a href="http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/11/13/ssl-tls-renegotiation-content-injection.aspx">http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/11/13/ssl-tls-renegotiation-content-injection.aspx</a><br>
<br>Script example from Offensive-Security:  <a href="http://exploits.offensive-security.com/record.php?id=9447">http://exploits.offensive-security.com/record.php?id=9447</a><br clear="all"><br>****<br><br>Twitter Horror XSS on Twitter:<br>
<br>In the last months, Twitter provided the security community with an amazing saga, being <span>repeatedly</span>
plagued by almost any vulnerability known to mankind and pitilessly
pointed as unable to protect its users&#39; privacy: there has been so much
hype about the &quot;Twitter affair&quot; that no worm, esoteric injection or
other new oddity could add more spice on it.<br>But you should agree with me that this time Twitter has taken the cake.<br>I&#39;ll be short: <strong>Twitter fails to perform validation in any parameter on any URL!</strong>
<br><br><a href="http://sites.google.com/site/tentacoloviola/twitterhorror">http://sites.google.com/site/tentacoloviola/twitterhorror</a><br><br>****<br><br>Be sure to catch Brian Fields presentation on MetaSploit at JCL Cowden on December 1, 2009 @18:30:<br>
<a href="http://plug.phoenix.az.us/node/2115">http://plug.phoenix.az.us/node/2115</a><br><br>-- <br><a href="http://www.it-clowns.com">www.it-clowns.com</a><br><br><br><br><br><br><br><br><br><br><br><br>