From venkat_kantha at securityfocus.com Mon Oct 1 17:17:50 2012 From: venkat_kantha at securityfocus.com (venkat) Date: Tue, 02 Oct 2012 03:47:50 +0530 Subject: [VIM] OPTIMA PLC Multiple Denial of Service Vulnerabilities In-Reply-To: <31DC5E04-B4FD-492A-A8CB-33D2C8D1752E@tenable.com> References: <31DC5E04-B4FD-492A-A8CB-33D2C8D1752E@tenable.com> Message-ID: <506A168E.4030907@securityfocus.com> Hey George, Both BIDs are covering similar issues, however we couldn't conclude that both are exactly same issues. BID 50658 was written for this CERT advisory: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-03.pdf and BID 55712 for this advisory: http://www.us-cert.gov/control_systems/pdf/ICSA-12-271-02.pdf. If both these advisories were discussing about the same vulnerabilities, then ideally they should get the 2011 CVEs as these vulnerabilities were first disclosed in 2011, which is not the case. Maybe someone from CERT can clear this confusion better. Thanks Venkat On 27/09/12 23:56, George A. Theall wrote: > Venkat or Rob, can you explain what the differences are between the newly issued BID 55712 and 50658, from last year? Both concern null pointer and endless loop vulnerabilities in Optima APIFTP Server discovered by Luigi Auriemma. > > > George > From jericho at attrition.org Fri Oct 5 23:20:07 2012 From: jericho at attrition.org (security curmudgeon) Date: Fri, 5 Oct 2012 23:20:07 -0500 (CDT) Subject: [VIM] BID 590 / 3237 dupes? Message-ID: http://www.securityfocus.com/bid/590 http://www.securityfocus.com/bid/3237 Looks like the first was created for the disclosure, and the second for the IBM advisory came out? From theall at tenable.com Tue Oct 9 21:01:25 2012 From: theall at tenable.com (George A. Theall) Date: Tue, 9 Oct 2012 22:01:25 -0400 Subject: [VIM] Open Realty 'select_users_lang' Parameter Local File Include Vulnerability Message-ID: Venkat / Rob: what's the difference between BIDs 55834 and 42546? Both appear to cover a local file inclusion issue in Open Realty involving the 'select_users_lang' parameter and 'index.php' script. George -- theall at tenable.com From jericho at attrition.org Fri Oct 19 22:08:39 2012 From: jericho at attrition.org (security curmudgeon) Date: Fri, 19 Oct 2012 22:08:39 -0500 (CDT) Subject: [VIM] BID 4641 / 21267 dupes Message-ID: http://www.securityfocus.com/bid/4641 http://www.victime.com/centre.php?page=http://www.url.com/script.php http://www.securityfocus.com/bid/21267 http://www.example.com/(path)/centre.php?page=http://attacker From theall at tenable.com Fri Oct 26 18:57:39 2012 From: theall at tenable.com (George A. Theall) Date: Fri, 26 Oct 2012 19:57:39 -0400 Subject: [VIM] Oracle VM VirtualBox Local Denial of Service Vulnerability Message-ID: BID 56045 concerns a local DoS vulnerability in VirtualBox 3.2, 4.0, and 4.1. It references Oracle's CPU for October 2012 / CVE-2012-3221. I believe this is a duplicate of BID 5547 since that references a blog post at http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/ which was updated 10 days ago and now references Oracle's CPU and the same CVE. Venkat / Rob? George -- theall at tenable.com From jericho at attrition.org Fri Oct 26 19:32:21 2012 From: jericho at attrition.org (security curmudgeon) Date: Fri, 26 Oct 2012 19:32:21 -0500 (CDT) Subject: [VIM] Oracle VM VirtualBox Local Denial of Service Vulnerability In-Reply-To: References: Message-ID: On Fri, 26 Oct 2012, George A. Theall wrote: : BID 56045 concerns a local DoS vulnerability in VirtualBox 3.2, 4.0, and : 4.1. It references Oracle's CPU for October 2012 / CVE-2012-3221. : : I believe this is a duplicate of BID 5547 since that references a blog : post at : http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/ : which was updated 10 days ago and now references Oracle's CPU and the : same CVE. BID 55471 it appears (figure a typo =) From theall at tenable.com Fri Oct 26 19:35:58 2012 From: theall at tenable.com (George A. Theall) Date: Fri, 26 Oct 2012 20:35:58 -0400 Subject: [VIM] Oracle VM VirtualBox Local Denial of Service Vulnerability In-Reply-To: References: Message-ID: <6C171B31-2985-433F-9133-5D41DB0B342D@tenable.com> On Oct 26, 2012, at 8:32 PM, security curmudgeon wrote: > > On Fri, 26 Oct 2012, George A. Theall wrote: > > : BID 56045 concerns a local DoS vulnerability in VirtualBox 3.2, 4.0, and > : 4.1. It references Oracle's CPU for October 2012 / CVE-2012-3221. > : > : I believe this is a duplicate of BID 5547 since that references a blog > : post at > : http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/ > : which was updated 10 days ago and now references Oracle's CPU and the > : same CVE. > > BID 55471 it appears (figure a typo =) Indeed, sorry about that. Note that there are two corresponding OSVDB entries as well -- 85356 and 86384. George -- theall at tenable.com From jericho at attrition.org Fri Oct 26 19:48:12 2012 From: jericho at attrition.org (security curmudgeon) Date: Fri, 26 Oct 2012 19:48:12 -0500 (CDT) Subject: [VIM] Oracle VM VirtualBox Local Denial of Service Vulnerability In-Reply-To: <6C171B31-2985-433F-9133-5D41DB0B342D@tenable.com> References: <6C171B31-2985-433F-9133-5D41DB0B342D@tenable.com> Message-ID: On Fri, 26 Oct 2012, George A. Theall wrote: : > BID 55471 it appears (figure a typo =) : : Indeed, sorry about that. : : Note that there are two corresponding OSVDB entries as well -- 85356 and : 86384. Yep, was just consolidating. We are using 86384 as the entry, since it is linked into the Oracle CPU. Thanks! .b From venkat_kantha at securityfocus.com Mon Oct 29 13:44:39 2012 From: venkat_kantha at securityfocus.com (venkat) Date: Tue, 30 Oct 2012 00:14:39 +0530 Subject: [VIM] Oracle VM VirtualBox Local Denial of Service Vulnerability In-Reply-To: References: Message-ID: <508ECE97.5040007@securityfocus.com> Hi George, Yeah, we have noticed this few days back when halfdog posted in oss-security mailing list (http://marc.info/?l=oss-security&m=135057992514783&w=2), but couldn't find any official confirmation/reply or CVE mitre page reflecting this. So, we have decided to wait and retain both the BIDs for now. Regards Venkat On 27/10/12 05:27, George A. Theall wrote: > BID 56045 concerns a local DoS vulnerability in VirtualBox 3.2, 4.0, and 4.1. It references Oracle's CPU for October 2012 / CVE-2012-3221. > > I believe this is a duplicate of BID 5547 since that references a blog post at http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/ which was updated 10 days ago and now references Oracle's CPU and the same CVE. > > Venkat / Rob? > > George >