VARIoT IoT vulnerabilities database

Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LibraryFileUploadServlet servlet. An attacker could leverage this to execute arbitrary code as SYSTEM. Lexmark Markvision Enterprise is a web-based network device management software from Lexmark. This software is mainly used to manage network devices such as printers, such as providing some printer drivers for Unix systems. Failed attacks may cause a denial-of-service condition

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC STEP 7 TIA Portal is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Versions prior to SIMATIC STEP 7 TIA Portal V13 SP1 are vulnerable. The software provides PLC programming, design option packages, advanced drive technology and more

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC STEP 7 is prone to a a security-bypass vulnerability. Attackers can exploit this issue to perform unauthorized actions with elevated privileges. Versions prior to SIMATIC STEP 7 V13 SP1 are vulnerable. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers from Siemens, Germany. The software provides PLC programming, design option packages, advanced drive technology and more

The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. An information disclosure vulnerability exists in Siemens SIMATIC WinCC V13 SP1 that could allow an attacker to obtain sensitive information through man-in-the-middle attacks. Versions prior to Siemens SIMATIC WinCC TIA Portal V13 SP1 are vulnerable. The vulnerability stems from the fact that the program does not properly encrypt the certificate in transmission. A remote attacker could exploit this vulnerability by sniffing the network and performing a decryption attack to obtain clear text certificates

Information disclosure vulnerability in Netatmo Indoor Module firmware 100 and earlier. Successful exploits may allow an attacker to gain access to sensitive information that may aid in further attacks. Netatmo Indoor Module is an indoor environment monitoring equipment produced by French company Netatmo. Summary During initial setup, the weather station will submit its complete configuration unencrypted to the manufacturer cloud service. This configuration includes confidential information like the user's Wifi password. The problem has been fixed by removing this configuration dump from current firmware versions. CVE: CVE-2015-1600. Additional Details: https://isc.sans.edu/forums/diary/Did+You+Remove+That+Debug+Code+Netatmo+Weather+Station+Sending+WPA+Passphrase+in+the+Clear/19327/ Manufacturers web site: www.netatmo.com Patch: Affected systems will download updated firmware automatically from Netatmo's cloud service

Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface. The D-Link DIR-645 is a D-Link router that regulates wireless transmit power. Ax. D-Link DIR-645 has command injection and buffer overflow vulnerabilities that allow malicious applications to perform buffer overflow attacks, execute arbitrary commands, and inject arbitrary commands through the HNAP interface. D-Link DIR-645 is prone to a command-injection and a stack-based buffer-overflow vulnerability. Ax with firmware 1.04b12 and earlier. The vulnerability stems from the fact that the program does not adequately filter the input submitted by the user when processing the GetDeviceSettings request

Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A denial of service vulnerability exists in Cisco IOS Software that could allow an attacker to reinstall a device and deny service to a legitimate user. Cisco IOS Software is prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCuj96752. Measurement, Aggregation, and Correlation Engine (MACE) is one of the functions for measuring and analyzing network packets

Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027. Vendors have confirmed this vulnerability Bug ID CSCuq79027 It is released as.Crafted by a remotely authenticated administrator HTTPS Any via request SQL The command may be executed. Cisco Secure ACS is a central management platform for Cisco network devices that controls device authentication and authorization. An attacker could exploit this vulnerability to compromise an application, accessing or modifying data. This issue is tracked by Cisco Bug ID CSCuq79027. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCul48736. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A denial of service vulnerability exists in Cisco IOS Software that could allow an attacker to reinstall a device and deny service to a legitimate user. Cisco IOS Software is prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCul48736. Measurement, Aggregation, and Correlation Engine (MACE) is one of the functions for measuring and analyzing network packets

Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and SSL outage) via multiple crafted HTTP requests, aka Bug ID CSCue05458. Cisco Adaptive Security Appliance (ASA) Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition. This issue is tracked by Cisco Bug ID CSCue05458

Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). Huawei Ascend P7 (Sophia-L09) is a popular smartphone. Huawei Ascend P7 (Sophia-L09) is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue will allow an attacker to cause a denial-of-service condition

Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors. Advantech EKI-1200 Gateway is Advantech's EKI-1200 series Modbus data gateway product, which is mainly used to integrate Modbus/RTU and Modbus/ASCI serial devices into a two-way gateway based on TCP/IP network. An unknown buffer overflow vulnerability exists in the Advantech EKI-1200 Series. Advantech EKI-1200 Series is prone to an unspecified buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely result in denial-of-service conditions

The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This issue is being tracked by Cisco bug ID CSCur59696. The vulnerability is caused by the program not handling IOS Shell commands correctly

Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071. Cisco IOS of object-group of ACL There is a vulnerability in the functionality that prevents access restrictions due to race conditions. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS has a security bypass vulnerability that allows remote attackers to bypass security restrictions and perform unauthorized operations. Cisco IOS is prone to a security-bypass vulnerability. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCun21071

The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174. Vendors have confirmed this vulnerability Bug ID CSCun74174 It is released as.By a remotely authenticated user device-recovery By using the authentication, there is a possibility of obtaining the same authority as the help desk. The Cisco TelePresence IX5000 Series is the industry's first three-screen product to support H.265. An unauthorized access vulnerability exists in the Cisco TelePresence IX5000 Series that could allow an attacker to gain unauthorized access. TelePresence IX5000 Series is prone to an unauthorized-access vulnerability. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCus74174. The solution provides components such as audio and video space, which can provide remote participants with a face-to-face virtual meeting room effect. A remote attacker can exploit this vulnerability to obtain the HelpDesk-equivalent permission

Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. CUPS cupsRasterReadPixels is prone to a buffer overflow vulnerability because it fails to perform adequate boundary checks. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: cups security update Advisory ID: RHSA-2015:1123-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1123.html Issue date: 2015-06-17 CVE Names: CVE-2014-9679 CVE-2015-1158 CVE-2015-1159 ===================================================================== 1. Summary: Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158) A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. An attacker could create a specially-crafted image file, which when passed via the cups Raster filter, could cause the cups filter to crash. (CVE-2014-9679) Red Hat would like to thank the CERT/CC for reporting CVE-2015-1158 and CVE-2015-1159 issues. All cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1191588 - CVE-2014-9679 cups: cupsRasterReadPixels buffer overflow 1221641 - CVE-2015-1158 cups: incorrect string reference counting (VU#810572) 1221642 - CVE-2015-1159 cups: cross-site scripting flaw in CUPS web UI (VU#810572) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: cups-1.4.2-67.el6_6.1.src.rpm i386: cups-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-lpd-1.4.2-67.el6_6.1.i686.rpm x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-php-1.4.2-67.el6_6.1.i686.rpm x86_64: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: cups-1.4.2-67.el6_6.1.src.rpm x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: cups-1.4.2-67.el6_6.1.src.rpm i386: cups-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-lpd-1.4.2-67.el6_6.1.i686.rpm ppc64: cups-1.4.2-67.el6_6.1.ppc64.rpm cups-debuginfo-1.4.2-67.el6_6.1.ppc.rpm cups-debuginfo-1.4.2-67.el6_6.1.ppc64.rpm cups-devel-1.4.2-67.el6_6.1.ppc.rpm cups-devel-1.4.2-67.el6_6.1.ppc64.rpm cups-libs-1.4.2-67.el6_6.1.ppc.rpm cups-libs-1.4.2-67.el6_6.1.ppc64.rpm cups-lpd-1.4.2-67.el6_6.1.ppc64.rpm s390x: cups-1.4.2-67.el6_6.1.s390x.rpm cups-debuginfo-1.4.2-67.el6_6.1.s390.rpm cups-debuginfo-1.4.2-67.el6_6.1.s390x.rpm cups-devel-1.4.2-67.el6_6.1.s390.rpm cups-devel-1.4.2-67.el6_6.1.s390x.rpm cups-libs-1.4.2-67.el6_6.1.s390.rpm cups-libs-1.4.2-67.el6_6.1.s390x.rpm cups-lpd-1.4.2-67.el6_6.1.s390x.rpm x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-php-1.4.2-67.el6_6.1.i686.rpm ppc64: cups-debuginfo-1.4.2-67.el6_6.1.ppc64.rpm cups-php-1.4.2-67.el6_6.1.ppc64.rpm s390x: cups-debuginfo-1.4.2-67.el6_6.1.s390x.rpm cups-php-1.4.2-67.el6_6.1.s390x.rpm x86_64: cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: cups-1.4.2-67.el6_6.1.src.rpm i386: cups-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-lpd-1.4.2-67.el6_6.1.i686.rpm x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-php-1.4.2-67.el6_6.1.i686.rpm x86_64: cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: cups-1.6.3-17.el7_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: cups-1.6.3-17.el7_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: cups-1.6.3-17.el7_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm ppc64: cups-1.6.3-17.el7_1.1.ppc64.rpm cups-client-1.6.3-17.el7_1.1.ppc64.rpm cups-debuginfo-1.6.3-17.el7_1.1.ppc.rpm cups-debuginfo-1.6.3-17.el7_1.1.ppc64.rpm cups-devel-1.6.3-17.el7_1.1.ppc.rpm cups-devel-1.6.3-17.el7_1.1.ppc64.rpm cups-libs-1.6.3-17.el7_1.1.ppc.rpm cups-libs-1.6.3-17.el7_1.1.ppc64.rpm cups-lpd-1.6.3-17.el7_1.1.ppc64.rpm s390x: cups-1.6.3-17.el7_1.1.s390x.rpm cups-client-1.6.3-17.el7_1.1.s390x.rpm cups-debuginfo-1.6.3-17.el7_1.1.s390.rpm cups-debuginfo-1.6.3-17.el7_1.1.s390x.rpm cups-devel-1.6.3-17.el7_1.1.s390.rpm cups-devel-1.6.3-17.el7_1.1.s390x.rpm cups-libs-1.6.3-17.el7_1.1.s390.rpm cups-libs-1.6.3-17.el7_1.1.s390x.rpm cups-lpd-1.6.3-17.el7_1.1.s390x.rpm x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: cups-1.6.3-17.ael7b_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.ael7b_1.1.noarch.rpm ppc64le: cups-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-client-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-debuginfo-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-devel-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-libs-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-lpd-1.6.3-17.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: cups-debuginfo-1.6.3-17.el7_1.1.ppc64.rpm cups-ipptool-1.6.3-17.el7_1.1.ppc64.rpm s390x: cups-debuginfo-1.6.3-17.el7_1.1.s390x.rpm cups-ipptool-1.6.3-17.el7_1.1.s390x.rpm x86_64: cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: cups-debuginfo-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-ipptool-1.6.3-17.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: cups-1.6.3-17.el7_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9679 https://access.redhat.com/security/cve/CVE-2015-1158 https://access.redhat.com/security/cve/CVE-2015-1159 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVgeHcXlSAg2UNWIIRAh1nAJ98EaDYp4J/i4NRT5iKDxSHRt5fVgCeOhjy Z4wgeyBJzfNJJ63iLHjIPPg= =T7rG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain &#039;@SYSTEM&#039; group privilege with cupsd (CVE-2014-3537). It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation (CVE-2014-5029, CVE-2014-5030, CVE-2014-5031). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9679 http://advisories.mageia.org/MGASA-2014-0193.html http://advisories.mageia.org/MGASA-2014-0313.html http://advisories.mageia.org/MGASA-2015-0067.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 0d1f31885b6c118b63449f2fdd821666 mbs2/x86_64/cups-1.7.0-8.1.mbs2.x86_64.rpm b5337600a386f902763653796a2cefdf mbs2/x86_64/cups-common-1.7.0-8.1.mbs2.x86_64.rpm 7b1513d85b5f22cd90bed23a35e44f51 mbs2/x86_64/cups-filesystem-1.7.0-8.1.mbs2.noarch.rpm c25fa9b9bba101274984fa2b7a62f7a3 mbs2/x86_64/lib64cups2-1.7.0-8.1.mbs2.x86_64.rpm df24a6b84fdafffaadf961ab4aa3640b mbs2/x86_64/lib64cups2-devel-1.7.0-8.1.mbs2.x86_64.rpm 5c172624c992de8ebb2bf8a2b232ee3a mbs2/SRPMS/cups-1.7.0-8.1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVF6q1mqjQ0CJFipgRAuxXAKDq8A/WlNzp54yRN7xnKy8ZBaRZQwCfSAh0 n7hHPzmYVzh2wFP6PffIl0E= =ykhv -----END PGP SIGNATURE----- . For the stable distribution (wheezy), this problem has been fixed in version 1.5.3-5+deb7u5. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 1.7.5-11. We recommend that you upgrade your cups packages. ============================================================================ Ubuntu Security Notice USN-2520-1 February 26, 2015 cups vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: CUPS could be made to crash or run programs if it processed a specially crafted file. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: cups 1.7.5-3ubuntu3.1 Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.5 Ubuntu 12.04 LTS: cups 1.5.3-0ubuntu8.6 Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.14 In general, a standard system update will make all the necessary changes

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate. Fortinet FortiClient is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Fortinet FortiClient for Android and iOS is the American Fortinet ( Fortinet ) company based on a set of Android and iOS Platform's endpoint security solution. The program works with FortiGate Available when a firewall device is connected IPsec and SSL Features like encryption, WAN optimization, endpoint compliance, and two-factor authentication. The following versions are affected: Based on Android platform Fortinet FortiClient 5.2.3.091 version, based on iOS platform Fortinet FortiClient 5.2.028 Version

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Hitachi Device Manager and other products are Hitachi's products. Online help is one of the online help systems. A remote attacker could use this vulnerability to inject arbitrary web scripts or HTML. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks

Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php. The Google Doc Embedder plugin for WordPress is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Google Doc Embedder Plugin 2.5.18 is vulnerable; other versions may also be affected. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers. Google Doc Embedder is one of the plugins that can embed MS Office, PDF and other file systems into web pages. The vulnerability stems from the fact that the wp-admin/options-general.php script does not sufficiently filter the 'profile' parameter in the gde-settings page

The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS Software is prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCul65003. The vulnerability is caused by the incorrect management of the session-object structure in the program