VARIoT IoT vulnerabilities database

Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027. Vendors have confirmed this vulnerability Bug ID CSCuq79027 It is released as.Crafted by a remotely authenticated administrator HTTPS Any via request SQL The command may be executed. Cisco Secure ACS is a central management platform for Cisco network devices that controls device authentication and authorization. An attacker could exploit this vulnerability to compromise an application, accessing or modifying data. This issue is tracked by Cisco Bug ID CSCuq79027. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCul48736. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A denial of service vulnerability exists in Cisco IOS Software that could allow an attacker to reinstall a device and deny service to a legitimate user. Cisco IOS Software is prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCul48736. Measurement, Aggregation, and Correlation Engine (MACE) is one of the functions for measuring and analyzing network packets

Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and SSL outage) via multiple crafted HTTP requests, aka Bug ID CSCue05458. Cisco Adaptive Security Appliance (ASA) Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition. This issue is tracked by Cisco Bug ID CSCue05458

Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). Huawei Ascend P7 (Sophia-L09) is a popular smartphone. Huawei Ascend P7 (Sophia-L09) is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue will allow an attacker to cause a denial-of-service condition

Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors. Advantech EKI-1200 Gateway is Advantech's EKI-1200 series Modbus data gateway product, which is mainly used to integrate Modbus/RTU and Modbus/ASCI serial devices into a two-way gateway based on TCP/IP network. An unknown buffer overflow vulnerability exists in the Advantech EKI-1200 Series. Advantech EKI-1200 Series is prone to an unspecified buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely result in denial-of-service conditions

The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This issue is being tracked by Cisco bug ID CSCur59696. The vulnerability is caused by the program not handling IOS Shell commands correctly

Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071. Cisco IOS of object-group of ACL There is a vulnerability in the functionality that prevents access restrictions due to race conditions. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS has a security bypass vulnerability that allows remote attackers to bypass security restrictions and perform unauthorized operations. Cisco IOS is prone to a security-bypass vulnerability. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCun21071

The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174. Vendors have confirmed this vulnerability Bug ID CSCun74174 It is released as.By a remotely authenticated user device-recovery By using the authentication, there is a possibility of obtaining the same authority as the help desk. The Cisco TelePresence IX5000 Series is the industry's first three-screen product to support H.265. An unauthorized access vulnerability exists in the Cisco TelePresence IX5000 Series that could allow an attacker to gain unauthorized access. TelePresence IX5000 Series is prone to an unauthorized-access vulnerability. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCus74174. The solution provides components such as audio and video space, which can provide remote participants with a face-to-face virtual meeting room effect. A remote attacker can exploit this vulnerability to obtain the HelpDesk-equivalent permission

Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. CUPS cupsRasterReadPixels is prone to a buffer overflow vulnerability because it fails to perform adequate boundary checks. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: cups security update Advisory ID: RHSA-2015:1123-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1123.html Issue date: 2015-06-17 CVE Names: CVE-2014-9679 CVE-2015-1158 CVE-2015-1159 ===================================================================== 1. Summary: Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158) A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. An attacker could create a specially-crafted image file, which when passed via the cups Raster filter, could cause the cups filter to crash. (CVE-2014-9679) Red Hat would like to thank the CERT/CC for reporting CVE-2015-1158 and CVE-2015-1159 issues. All cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1191588 - CVE-2014-9679 cups: cupsRasterReadPixels buffer overflow 1221641 - CVE-2015-1158 cups: incorrect string reference counting (VU#810572) 1221642 - CVE-2015-1159 cups: cross-site scripting flaw in CUPS web UI (VU#810572) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: cups-1.4.2-67.el6_6.1.src.rpm i386: cups-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-lpd-1.4.2-67.el6_6.1.i686.rpm x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-php-1.4.2-67.el6_6.1.i686.rpm x86_64: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: cups-1.4.2-67.el6_6.1.src.rpm x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: cups-1.4.2-67.el6_6.1.src.rpm i386: cups-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-lpd-1.4.2-67.el6_6.1.i686.rpm ppc64: cups-1.4.2-67.el6_6.1.ppc64.rpm cups-debuginfo-1.4.2-67.el6_6.1.ppc.rpm cups-debuginfo-1.4.2-67.el6_6.1.ppc64.rpm cups-devel-1.4.2-67.el6_6.1.ppc.rpm cups-devel-1.4.2-67.el6_6.1.ppc64.rpm cups-libs-1.4.2-67.el6_6.1.ppc.rpm cups-libs-1.4.2-67.el6_6.1.ppc64.rpm cups-lpd-1.4.2-67.el6_6.1.ppc64.rpm s390x: cups-1.4.2-67.el6_6.1.s390x.rpm cups-debuginfo-1.4.2-67.el6_6.1.s390.rpm cups-debuginfo-1.4.2-67.el6_6.1.s390x.rpm cups-devel-1.4.2-67.el6_6.1.s390.rpm cups-devel-1.4.2-67.el6_6.1.s390x.rpm cups-libs-1.4.2-67.el6_6.1.s390.rpm cups-libs-1.4.2-67.el6_6.1.s390x.rpm cups-lpd-1.4.2-67.el6_6.1.s390x.rpm x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-php-1.4.2-67.el6_6.1.i686.rpm ppc64: cups-debuginfo-1.4.2-67.el6_6.1.ppc64.rpm cups-php-1.4.2-67.el6_6.1.ppc64.rpm s390x: cups-debuginfo-1.4.2-67.el6_6.1.s390x.rpm cups-php-1.4.2-67.el6_6.1.s390x.rpm x86_64: cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: cups-1.4.2-67.el6_6.1.src.rpm i386: cups-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-lpd-1.4.2-67.el6_6.1.i686.rpm x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-php-1.4.2-67.el6_6.1.i686.rpm x86_64: cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: cups-1.6.3-17.el7_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: cups-1.6.3-17.el7_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: cups-1.6.3-17.el7_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm ppc64: cups-1.6.3-17.el7_1.1.ppc64.rpm cups-client-1.6.3-17.el7_1.1.ppc64.rpm cups-debuginfo-1.6.3-17.el7_1.1.ppc.rpm cups-debuginfo-1.6.3-17.el7_1.1.ppc64.rpm cups-devel-1.6.3-17.el7_1.1.ppc.rpm cups-devel-1.6.3-17.el7_1.1.ppc64.rpm cups-libs-1.6.3-17.el7_1.1.ppc.rpm cups-libs-1.6.3-17.el7_1.1.ppc64.rpm cups-lpd-1.6.3-17.el7_1.1.ppc64.rpm s390x: cups-1.6.3-17.el7_1.1.s390x.rpm cups-client-1.6.3-17.el7_1.1.s390x.rpm cups-debuginfo-1.6.3-17.el7_1.1.s390.rpm cups-debuginfo-1.6.3-17.el7_1.1.s390x.rpm cups-devel-1.6.3-17.el7_1.1.s390.rpm cups-devel-1.6.3-17.el7_1.1.s390x.rpm cups-libs-1.6.3-17.el7_1.1.s390.rpm cups-libs-1.6.3-17.el7_1.1.s390x.rpm cups-lpd-1.6.3-17.el7_1.1.s390x.rpm x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: cups-1.6.3-17.ael7b_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.ael7b_1.1.noarch.rpm ppc64le: cups-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-client-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-debuginfo-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-devel-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-libs-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-lpd-1.6.3-17.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: cups-debuginfo-1.6.3-17.el7_1.1.ppc64.rpm cups-ipptool-1.6.3-17.el7_1.1.ppc64.rpm s390x: cups-debuginfo-1.6.3-17.el7_1.1.s390x.rpm cups-ipptool-1.6.3-17.el7_1.1.s390x.rpm x86_64: cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: cups-debuginfo-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-ipptool-1.6.3-17.ael7b_1.1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: cups-1.6.3-17.el7_1.1.src.rpm noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9679 https://access.redhat.com/security/cve/CVE-2015-1158 https://access.redhat.com/security/cve/CVE-2015-1159 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVgeHcXlSAg2UNWIIRAh1nAJ98EaDYp4J/i4NRT5iKDxSHRt5fVgCeOhjy Z4wgeyBJzfNJJ63iLHjIPPg= =T7rG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain &#039;@SYSTEM&#039; group privilege with cupsd (CVE-2014-3537). It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation (CVE-2014-5029, CVE-2014-5030, CVE-2014-5031). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9679 http://advisories.mageia.org/MGASA-2014-0193.html http://advisories.mageia.org/MGASA-2014-0313.html http://advisories.mageia.org/MGASA-2015-0067.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 0d1f31885b6c118b63449f2fdd821666 mbs2/x86_64/cups-1.7.0-8.1.mbs2.x86_64.rpm b5337600a386f902763653796a2cefdf mbs2/x86_64/cups-common-1.7.0-8.1.mbs2.x86_64.rpm 7b1513d85b5f22cd90bed23a35e44f51 mbs2/x86_64/cups-filesystem-1.7.0-8.1.mbs2.noarch.rpm c25fa9b9bba101274984fa2b7a62f7a3 mbs2/x86_64/lib64cups2-1.7.0-8.1.mbs2.x86_64.rpm df24a6b84fdafffaadf961ab4aa3640b mbs2/x86_64/lib64cups2-devel-1.7.0-8.1.mbs2.x86_64.rpm 5c172624c992de8ebb2bf8a2b232ee3a mbs2/SRPMS/cups-1.7.0-8.1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVF6q1mqjQ0CJFipgRAuxXAKDq8A/WlNzp54yRN7xnKy8ZBaRZQwCfSAh0 n7hHPzmYVzh2wFP6PffIl0E= =ykhv -----END PGP SIGNATURE----- . For the stable distribution (wheezy), this problem has been fixed in version 1.5.3-5+deb7u5. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 1.7.5-11. We recommend that you upgrade your cups packages. ============================================================================ Ubuntu Security Notice USN-2520-1 February 26, 2015 cups vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: CUPS could be made to crash or run programs if it processed a specially crafted file. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: cups 1.7.5-3ubuntu3.1 Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.5 Ubuntu 12.04 LTS: cups 1.5.3-0ubuntu8.6 Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.14 In general, a standard system update will make all the necessary changes

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate. Fortinet FortiClient is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Fortinet FortiClient for Android and iOS is the American Fortinet ( Fortinet ) company based on a set of Android and iOS Platform's endpoint security solution. The program works with FortiGate Available when a firewall device is connected IPsec and SSL Features like encryption, WAN optimization, endpoint compliance, and two-factor authentication. The following versions are affected: Based on Android platform Fortinet FortiClient 5.2.3.091 version, based on iOS platform Fortinet FortiClient 5.2.028 Version

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Hitachi Device Manager and other products are Hitachi's products. Online help is one of the online help systems. A remote attacker could use this vulnerability to inject arbitrary web scripts or HTML. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks

Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php. The Google Doc Embedder plugin for WordPress is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Google Doc Embedder Plugin 2.5.18 is vulnerable; other versions may also be affected. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers. Google Doc Embedder is one of the plugins that can embed MS Office, PDF and other file systems into web pages. The vulnerability stems from the fact that the wp-admin/options-general.php script does not sufficiently filter the 'profile' parameter in the gde-settings page

The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS Software is prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCul65003. The vulnerability is caused by the incorrect management of the session-object structure in the program

The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuj42444. This case " Cross frame scripting (XFS)" Vulnerability related to the problem. Cisco Prime Infrastructure is prone to a cross-frame scripting vulnerability. Successful exploits will allow attackers to bypass the same-origin policy and perform unauthorized actions; other attacks are possible. This issue is being tracked by Cisco Bug ID CSCuj42444. There is a security vulnerability in the web interface of Cisco PI 2.1 and earlier versions. The vulnerability is caused by the program not properly restricting the use of IFRAME elements

Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868. Vendors have confirmed this vulnerability Bug ID CSCun21868 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCun21868

Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun21869. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID CSCun21869. Cisco Prime Infrastructure (PI) is a set of Cisco (Cisco) wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technology

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808. Cisco Prime Security Manager (PRSM) Contains a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuo94808. The platform can add multiple ASA CX devices to PRSM's device inventory and apply security policies to their devices. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. Trane ComfortLink II is a set of connection control components used in home intelligence systems by Trane Company, UK. A privilege access vulnerability exists in Trane ComfortLink II using firmware version 2.0.2, which originated from the program installing a user certificate with a hard-coded password. TRANE COMFORTLINK II is prone to a security-bypass vulnerability. Trane ComfortLink II 2.0.2 is vulnerable; other versions may also be affected

An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution. Trane ComfortLink II is a set of connection control components used in home intelligence systems by Trane Company, UK. Trane ComfortLink II is prone to a remote code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. Trane ComfortLink II 2.0.2 is vulnerable; other versions may also be affected

SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username. SIPhone Enterprise PBX is an enterprise-class switch product