VARIoT IoT vulnerabilities database
| VAR-201311-0453 | No CVE | ABB MicroSCADA 'wserver.exe' Remote code execution vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver. Authentication is not required to exploit this vulnerability.The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component user-supplied data directly to a CreateProcessA call. By supplying a UNC path to a controlled binary a remote attacker can execute arbitrary code under the context of the vulnerable process. ABB MicroSCADA wserver.exe The \"CreateProcessA()\" function fails to properly filter the input submitted by the user to the parameter, allowing the remote attacker to exploit the vulnerability to send a specially crafted request to the TCP port 12221 to trigger a stack-based buffer overflow, which can crash the application or Execute arbitrary code in the SYSTEM context. ABB MicroSCADA is a set of substation monitoring software developed by ABB in Switzerland for power transmission and distribution systems. The software includes a human-machine interface (MMI) and flexible application engineering tools, and provides functions such as monitoring, event alarms, and trend graph statistics.
There is a code execution vulnerability in ABB MicroSCADA that originates from a program that does not properly filter input submitted by users
| VAR-201311-0488 | No CVE | Multiple Cross-Site Request Forgery Vulnerabilities in ADB Discus DRG A125G |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
ADB Discus DRG A125G wlbasic.wl and wladv.wl have cross-site request forgery vulnerabilities that allow remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context. Discus DRG A125G is a wireless router product from Swiss ADB company.
Cross-site request forgery vulnerability exists in ADB Discus DRG A125G router. A remote attacker could use this vulnerability to perform unauthorized operations and take control of an affected device
| VAR-201311-0448 | No CVE | TP-LINK TL-WR740N/TL-WR740ND 'WlanSecurityRpm.htm' Cross-Site Request Forgery Vulnerability |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
TP-LINK TL-WR740N/TL-WR740ND 'WlanSecurityRpm.htm' has a cross-site request forgery vulnerability that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. TP-LINK TL-WR740N and TL-WR740ND are wireless router products of China TP-LINK company.
There is a cross-site request forgery vulnerability in TP-Link TL-WR740N and TL-WR740ND using 3.16.6 Build 130529 firmware, which originates from the program's incorrect verification of HTTP requests. A remote attacker could use this vulnerability to perform unauthorized operations, and other forms of attack may also exist. Other attacks are also possible.
TP-Link TL-WR740N/TL-WR740ND running firmware 3.16.6 Build 130529 are vulnerable; other versions may also be affected
| VAR-201311-0449 | No CVE | ADB Discus DRG A125G 'wlbasic.html' Password Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Discus DRG A125G is a wireless router product from Swiss ADB company.
An information disclosure vulnerability exists in Discus DRG A125G. Attackers can use this vulnerability to obtain sensitive information that can help launch further attacks.
Discus DRG A125G is vulnerable; other versions may also be affected
| VAR-201311-0452 | No CVE | ABB Test Signal Viewer CWGraph3D ActiveX Control Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB RobotStudio Tools. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the cw3dgrph.ocx ActiveX control. The ImportStyle method allows an attacker to load a specially crafted .cwx file from a remote network share. Following this call, the attacker can invoke the ExportStyle method to save the file to an arbitrary location through the use of a directory traversal vulnerability. A remote attacker can abuse this to execute arbitrary code under the context of the user. ABB is a leader in power and automation technology among the world's top 500 companies. The attacker constructs a malicious WEB page to induce the user to parse, and can write arbitrary files to any position of the system. ABB Test Signal Viewer is a software product of Swiss ABB company, which is mainly used to optimize and adjust the axis speed of ABB robots, and grasp the robot operating conditions. Failed exploit attempts will likely result in denial-of-service conditions
| VAR-201311-0406 | No CVE | SAP NetWeaver Remote code execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP NetWeaver Portal has a vulnerability in handling GET requests sent through ConfigServlet, allowing remote attackers to execute arbitrary operating system commands using specially crafted requests
| VAR-201311-0516 | No CVE | Unknown vulnerabilities in multiple TRENDnet products |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
There are unspecified security vulnerabilities in multiple TRENDnet products, and no detailed vulnerability details are available. The telnet service for vulnerability related TRENDnet products.
The impact of this issue is currently unknown. We will update this BID when more information emerges
| VAR-201311-0197 | CVE-2013-5997 | D-Link DES-3800 Series vulnerable to denial-of-service (DoS) |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in the SSH implementation on D-Link Japan DES-3800 devices with firmware before R4.50B58 allows remote authenticated users to cause a denial of service (device hang) via unknown vectors, a different vulnerability than CVE-2013-5998. DES-3800 Series provided by D-Link Japan contains a denial-of-service (DoS) vulnerability due to an issue in the implementation of SSH. Note that this vulnerability is different from JVN#28812735. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user who can login using SSH may cause the product to stop responding. The D-Link DES-3800 is a three-layer 100M network managed switch. D-Link DES-3800 Series are prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause the device to stop responding, denying service to legitimate users
| VAR-201311-0198 | CVE-2013-5998 | D-Link DES-3800 Series vulnerable to denial-of-service (DoS) |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Web manager implementation on D-Link Japan DES-3800 devices with firmware before R4.50B58 allows remote attackers to cause a denial of service (device hang) via unknown vectors, a different vulnerability than CVE-2013-5997. DES-3800 Series provided by D-Link Japan contains a denial-of-service (DoS) vulnerability due to an issue in the Web manager function. Note that this vulnerability is different from JVN#65312543. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may cause the product to stop responding. The D-Link DES-3800 is a three-layer 100M network managed switch. D-Link DES-3800 Series are prone to a denial-of-service vulnerability
| VAR-201311-0232 | CVE-2013-6694 | Cisco IOS IPSec MTU Remote Denial of Service Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The vulnerability is caused by the failure to correctly process some ICMP packets. Cisco IOS is prone to a remote denial-of-service vulnerability.
This issue is being tracked by Cisco Bug ID CSCul29918
| VAR-201311-0106 | CVE-2013-4164 | Ruby Heap-based buffer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. Ruby is prone to a heap-based buffer overflow vulnerability because it fails to adequate boundary checks on user-supplied input.
An attacker can exploit this issue to execute arbitrary code in the context of the application using the affected function. Failed exploit attempts will likely crash the application.
Following versions are vulnerable:
Ruby 1.8
Ruby 1.9 prior to 1.9.3-p484
Ruby 2.0 prior to 2.0.0-p353
Ruby 2.1 prior to 2.1.0 preview2. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2013-1821
Ben Murphy discovered that unrestricted entity expansion in REXML
can lead to a Denial of Service by consuming all host memory.
CVE-2013-4073
William (B.J.) Snow Orvis discovered a vulnerability in the hostname
checking in Ruby's SSL client that could allow man-in-the-middle
attackers to spoof SSL servers via a crafted certificate issued by a
trusted certification authority.
For the oldstable distribution (squeeze), these problems have been fixed in
version 1.8.7.302-2squeeze2.
For the stable distribution (wheezy), these problems have been fixed in
version 1.8.7.358-7.1+deb7u1.
For the unstable distribution (sid), these problems have been fixed in
version 1.8.7.358-9.
We recommend that you upgrade your ruby1.8 packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: ruby security update
Advisory ID: RHSA-2013:1767-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1767.html
Issue date: 2013-11-26
CVE Names: CVE-2013-4164
=====================================================================
1. Summary:
Updated ruby packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.2, 6.3, and 6.4 Extended Update Support.
The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Compute Node EUS (v. 6.2) - x86_64
Red Hat Enterprise Linux Compute Node EUS (v. 6.3) - x86_64
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2) - x86_64
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64
Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64
Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64
3. Description:
Ruby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to perform system management
tasks.
A buffer overflow flaw was found in the way Ruby parsed floating point
numbers from their text representation. (CVE-2013-4164)
All ruby users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1033460 - CVE-2013-4164 ruby: heap overflow in floating point parsing
6. Package List:
Red Hat Enterprise Linux Compute Node EUS (v. 6.2):
Source:
ruby-1.8.7.352-13.el6_2.src.rpm
x86_64:
ruby-1.8.7.352-13.el6_2.x86_64.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm
ruby-irb-1.8.7.352-13.el6_2.x86_64.rpm
ruby-libs-1.8.7.352-13.el6_2.i686.rpm
ruby-libs-1.8.7.352-13.el6_2.x86_64.rpm
Red Hat Enterprise Linux Compute Node EUS (v. 6.3):
Source:
ruby-1.8.7.352-13.el6_3.src.rpm
x86_64:
ruby-1.8.7.352-13.el6_3.x86_64.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm
ruby-devel-1.8.7.352-13.el6_3.i686.rpm
ruby-devel-1.8.7.352-13.el6_3.x86_64.rpm
ruby-irb-1.8.7.352-13.el6_3.x86_64.rpm
ruby-libs-1.8.7.352-13.el6_3.i686.rpm
ruby-libs-1.8.7.352-13.el6_3.x86_64.rpm
ruby-rdoc-1.8.7.352-13.el6_3.x86_64.rpm
Red Hat Enterprise Linux HPC Node EUS (v. 6.4):
Source:
ruby-1.8.7.352-13.el6_4.src.rpm
x86_64:
ruby-1.8.7.352-13.el6_4.x86_64.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm
ruby-devel-1.8.7.352-13.el6_4.i686.rpm
ruby-devel-1.8.7.352-13.el6_4.x86_64.rpm
ruby-irb-1.8.7.352-13.el6_4.x86_64.rpm
ruby-libs-1.8.7.352-13.el6_4.i686.rpm
ruby-libs-1.8.7.352-13.el6_4.x86_64.rpm
ruby-rdoc-1.8.7.352-13.el6_4.x86_64.rpm
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2):
Source:
ruby-1.8.7.352-13.el6_2.src.rpm
x86_64:
ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm
ruby-devel-1.8.7.352-13.el6_2.i686.rpm
ruby-devel-1.8.7.352-13.el6_2.x86_64.rpm
ruby-docs-1.8.7.352-13.el6_2.x86_64.rpm
ruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm
ruby-ri-1.8.7.352-13.el6_2.x86_64.rpm
ruby-static-1.8.7.352-13.el6_2.x86_64.rpm
ruby-tcltk-1.8.7.352-13.el6_2.x86_64.rpm
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) :
Source:
ruby-1.8.7.352-13.el6_3.src.rpm
x86_64:
ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm
ruby-docs-1.8.7.352-13.el6_3.x86_64.rpm
ruby-ri-1.8.7.352-13.el6_3.x86_64.rpm
ruby-static-1.8.7.352-13.el6_3.x86_64.rpm
ruby-tcltk-1.8.7.352-13.el6_3.x86_64.rpm
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4):
Source:
ruby-1.8.7.352-13.el6_4.src.rpm
x86_64:
ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm
ruby-docs-1.8.7.352-13.el6_4.x86_64.rpm
ruby-ri-1.8.7.352-13.el6_4.x86_64.rpm
ruby-static-1.8.7.352-13.el6_4.x86_64.rpm
ruby-tcltk-1.8.7.352-13.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.2):
Source:
ruby-1.8.7.352-13.el6_2.src.rpm
i386:
ruby-1.8.7.352-13.el6_2.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm
ruby-devel-1.8.7.352-13.el6_2.i686.rpm
ruby-irb-1.8.7.352-13.el6_2.i686.rpm
ruby-libs-1.8.7.352-13.el6_2.i686.rpm
ruby-rdoc-1.8.7.352-13.el6_2.i686.rpm
ppc64:
ruby-1.8.7.352-13.el6_2.ppc64.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.ppc.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.ppc64.rpm
ruby-devel-1.8.7.352-13.el6_2.ppc.rpm
ruby-devel-1.8.7.352-13.el6_2.ppc64.rpm
ruby-irb-1.8.7.352-13.el6_2.ppc64.rpm
ruby-libs-1.8.7.352-13.el6_2.ppc.rpm
ruby-libs-1.8.7.352-13.el6_2.ppc64.rpm
ruby-rdoc-1.8.7.352-13.el6_2.ppc64.rpm
s390x:
ruby-1.8.7.352-13.el6_2.s390x.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.s390.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.s390x.rpm
ruby-devel-1.8.7.352-13.el6_2.s390.rpm
ruby-devel-1.8.7.352-13.el6_2.s390x.rpm
ruby-irb-1.8.7.352-13.el6_2.s390x.rpm
ruby-libs-1.8.7.352-13.el6_2.s390.rpm
ruby-libs-1.8.7.352-13.el6_2.s390x.rpm
ruby-rdoc-1.8.7.352-13.el6_2.s390x.rpm
x86_64:
ruby-1.8.7.352-13.el6_2.x86_64.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm
ruby-devel-1.8.7.352-13.el6_2.i686.rpm
ruby-devel-1.8.7.352-13.el6_2.x86_64.rpm
ruby-irb-1.8.7.352-13.el6_2.x86_64.rpm
ruby-libs-1.8.7.352-13.el6_2.i686.rpm
ruby-libs-1.8.7.352-13.el6_2.x86_64.rpm
ruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.3):
Source:
ruby-1.8.7.352-13.el6_3.src.rpm
i386:
ruby-1.8.7.352-13.el6_3.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm
ruby-devel-1.8.7.352-13.el6_3.i686.rpm
ruby-irb-1.8.7.352-13.el6_3.i686.rpm
ruby-libs-1.8.7.352-13.el6_3.i686.rpm
ruby-rdoc-1.8.7.352-13.el6_3.i686.rpm
ppc64:
ruby-1.8.7.352-13.el6_3.ppc64.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.ppc.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.ppc64.rpm
ruby-devel-1.8.7.352-13.el6_3.ppc.rpm
ruby-devel-1.8.7.352-13.el6_3.ppc64.rpm
ruby-irb-1.8.7.352-13.el6_3.ppc64.rpm
ruby-libs-1.8.7.352-13.el6_3.ppc.rpm
ruby-libs-1.8.7.352-13.el6_3.ppc64.rpm
ruby-rdoc-1.8.7.352-13.el6_3.ppc64.rpm
s390x:
ruby-1.8.7.352-13.el6_3.s390x.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.s390.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.s390x.rpm
ruby-devel-1.8.7.352-13.el6_3.s390.rpm
ruby-devel-1.8.7.352-13.el6_3.s390x.rpm
ruby-irb-1.8.7.352-13.el6_3.s390x.rpm
ruby-libs-1.8.7.352-13.el6_3.s390.rpm
ruby-libs-1.8.7.352-13.el6_3.s390x.rpm
ruby-rdoc-1.8.7.352-13.el6_3.s390x.rpm
x86_64:
ruby-1.8.7.352-13.el6_3.x86_64.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm
ruby-devel-1.8.7.352-13.el6_3.i686.rpm
ruby-devel-1.8.7.352-13.el6_3.x86_64.rpm
ruby-irb-1.8.7.352-13.el6_3.x86_64.rpm
ruby-libs-1.8.7.352-13.el6_3.i686.rpm
ruby-libs-1.8.7.352-13.el6_3.x86_64.rpm
ruby-rdoc-1.8.7.352-13.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.4):
Source:
ruby-1.8.7.352-13.el6_4.src.rpm
i386:
ruby-1.8.7.352-13.el6_4.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm
ruby-devel-1.8.7.352-13.el6_4.i686.rpm
ruby-irb-1.8.7.352-13.el6_4.i686.rpm
ruby-libs-1.8.7.352-13.el6_4.i686.rpm
ruby-rdoc-1.8.7.352-13.el6_4.i686.rpm
ppc64:
ruby-1.8.7.352-13.el6_4.ppc64.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.ppc.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.ppc64.rpm
ruby-devel-1.8.7.352-13.el6_4.ppc.rpm
ruby-devel-1.8.7.352-13.el6_4.ppc64.rpm
ruby-irb-1.8.7.352-13.el6_4.ppc64.rpm
ruby-libs-1.8.7.352-13.el6_4.ppc.rpm
ruby-libs-1.8.7.352-13.el6_4.ppc64.rpm
ruby-rdoc-1.8.7.352-13.el6_4.ppc64.rpm
s390x:
ruby-1.8.7.352-13.el6_4.s390x.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.s390.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.s390x.rpm
ruby-devel-1.8.7.352-13.el6_4.s390.rpm
ruby-devel-1.8.7.352-13.el6_4.s390x.rpm
ruby-irb-1.8.7.352-13.el6_4.s390x.rpm
ruby-libs-1.8.7.352-13.el6_4.s390.rpm
ruby-libs-1.8.7.352-13.el6_4.s390x.rpm
ruby-rdoc-1.8.7.352-13.el6_4.s390x.rpm
x86_64:
ruby-1.8.7.352-13.el6_4.x86_64.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm
ruby-devel-1.8.7.352-13.el6_4.i686.rpm
ruby-devel-1.8.7.352-13.el6_4.x86_64.rpm
ruby-irb-1.8.7.352-13.el6_4.x86_64.rpm
ruby-libs-1.8.7.352-13.el6_4.i686.rpm
ruby-libs-1.8.7.352-13.el6_4.x86_64.rpm
ruby-rdoc-1.8.7.352-13.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.2):
Source:
ruby-1.8.7.352-13.el6_2.src.rpm
i386:
ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm
ruby-devel-1.8.7.352-13.el6_2.i686.rpm
ruby-docs-1.8.7.352-13.el6_2.i686.rpm
ruby-rdoc-1.8.7.352-13.el6_2.i686.rpm
ruby-ri-1.8.7.352-13.el6_2.i686.rpm
ruby-static-1.8.7.352-13.el6_2.i686.rpm
ruby-tcltk-1.8.7.352-13.el6_2.i686.rpm
ppc64:
ruby-debuginfo-1.8.7.352-13.el6_2.ppc.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.ppc64.rpm
ruby-devel-1.8.7.352-13.el6_2.ppc.rpm
ruby-devel-1.8.7.352-13.el6_2.ppc64.rpm
ruby-docs-1.8.7.352-13.el6_2.ppc64.rpm
ruby-rdoc-1.8.7.352-13.el6_2.ppc64.rpm
ruby-ri-1.8.7.352-13.el6_2.ppc64.rpm
ruby-static-1.8.7.352-13.el6_2.ppc64.rpm
ruby-tcltk-1.8.7.352-13.el6_2.ppc64.rpm
s390x:
ruby-debuginfo-1.8.7.352-13.el6_2.s390.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.s390x.rpm
ruby-devel-1.8.7.352-13.el6_2.s390.rpm
ruby-devel-1.8.7.352-13.el6_2.s390x.rpm
ruby-docs-1.8.7.352-13.el6_2.s390x.rpm
ruby-rdoc-1.8.7.352-13.el6_2.s390x.rpm
ruby-ri-1.8.7.352-13.el6_2.s390x.rpm
ruby-static-1.8.7.352-13.el6_2.s390x.rpm
ruby-tcltk-1.8.7.352-13.el6_2.s390x.rpm
x86_64:
ruby-debuginfo-1.8.7.352-13.el6_2.i686.rpm
ruby-debuginfo-1.8.7.352-13.el6_2.x86_64.rpm
ruby-devel-1.8.7.352-13.el6_2.i686.rpm
ruby-devel-1.8.7.352-13.el6_2.x86_64.rpm
ruby-docs-1.8.7.352-13.el6_2.x86_64.rpm
ruby-rdoc-1.8.7.352-13.el6_2.x86_64.rpm
ruby-ri-1.8.7.352-13.el6_2.x86_64.rpm
ruby-static-1.8.7.352-13.el6_2.x86_64.rpm
ruby-tcltk-1.8.7.352-13.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.3):
Source:
ruby-1.8.7.352-13.el6_3.src.rpm
i386:
ruby-debuginfo-1.8.7.352-13.el6_3.i686.rpm
ruby-docs-1.8.7.352-13.el6_3.i686.rpm
ruby-ri-1.8.7.352-13.el6_3.i686.rpm
ruby-static-1.8.7.352-13.el6_3.i686.rpm
ruby-tcltk-1.8.7.352-13.el6_3.i686.rpm
ppc64:
ruby-debuginfo-1.8.7.352-13.el6_3.ppc64.rpm
ruby-docs-1.8.7.352-13.el6_3.ppc64.rpm
ruby-ri-1.8.7.352-13.el6_3.ppc64.rpm
ruby-static-1.8.7.352-13.el6_3.ppc64.rpm
ruby-tcltk-1.8.7.352-13.el6_3.ppc64.rpm
s390x:
ruby-debuginfo-1.8.7.352-13.el6_3.s390x.rpm
ruby-docs-1.8.7.352-13.el6_3.s390x.rpm
ruby-ri-1.8.7.352-13.el6_3.s390x.rpm
ruby-static-1.8.7.352-13.el6_3.s390x.rpm
ruby-tcltk-1.8.7.352-13.el6_3.s390x.rpm
x86_64:
ruby-debuginfo-1.8.7.352-13.el6_3.x86_64.rpm
ruby-docs-1.8.7.352-13.el6_3.x86_64.rpm
ruby-ri-1.8.7.352-13.el6_3.x86_64.rpm
ruby-static-1.8.7.352-13.el6_3.x86_64.rpm
ruby-tcltk-1.8.7.352-13.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.4):
Source:
ruby-1.8.7.352-13.el6_4.src.rpm
i386:
ruby-debuginfo-1.8.7.352-13.el6_4.i686.rpm
ruby-docs-1.8.7.352-13.el6_4.i686.rpm
ruby-ri-1.8.7.352-13.el6_4.i686.rpm
ruby-static-1.8.7.352-13.el6_4.i686.rpm
ruby-tcltk-1.8.7.352-13.el6_4.i686.rpm
ppc64:
ruby-debuginfo-1.8.7.352-13.el6_4.ppc64.rpm
ruby-docs-1.8.7.352-13.el6_4.ppc64.rpm
ruby-ri-1.8.7.352-13.el6_4.ppc64.rpm
ruby-static-1.8.7.352-13.el6_4.ppc64.rpm
ruby-tcltk-1.8.7.352-13.el6_4.ppc64.rpm
s390x:
ruby-debuginfo-1.8.7.352-13.el6_4.s390x.rpm
ruby-docs-1.8.7.352-13.el6_4.s390x.rpm
ruby-ri-1.8.7.352-13.el6_4.s390x.rpm
ruby-static-1.8.7.352-13.el6_4.s390x.rpm
ruby-tcltk-1.8.7.352-13.el6_4.s390x.rpm
x86_64:
ruby-debuginfo-1.8.7.352-13.el6_4.x86_64.rpm
ruby-docs-1.8.7.352-13.el6_4.x86_64.rpm
ruby-ri-1.8.7.352-13.el6_4.x86_64.rpm
ruby-static-1.8.7.352-13.el6_4.x86_64.rpm
ruby-tcltk-1.8.7.352-13.el6_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-4164.html
https://access.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFSlPJkXlSAg2UNWIIRAmGVAJ0ftFXiZwwEQYrgDr4bmR7n7pvbtQCbB8VQ
Q2wQW0K2XmUcezCSz0pyQ2M=
=Cisx
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-04-22-1 Security Update 2014-002
Security Update 2014-002 is now available and addresses the
following:
CFNetwork HTTPProtocol
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
Impact: An attacker in a privileged network position can obtain web
site credentials
Description: Set-Cookie HTTP headers would be processed even if the
connection closed before the header line was complete. An attacker
could strip security settings from the cookie by forcing the
connection to close before the security settings were sent, and then
obtain the value of the unprotected cookie. This issue was addressed
by ignoring incomplete HTTP header lines.
CVE-ID
CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris
CoreServicesUIAgent
Available for: OS X Mavericks v10.9.2
Impact: Visiting a maliciously crafted website or URL may result in
an unexpected application termination or arbitrary code execution
Description: A format string issue existed in the handling of URLs.
This issue was addressed through additional validation of URLs. This
issue does not affect systems prior to OS X Mavericks.
CVE-ID
CVE-2014-1315 : Lukasz Pilorz of runic.pl, Erik Kooistra
FontParser
Available for: OS X Mountain Lion v10.8.5
Impact: Opening a maliciously crafted PDF file may result in an
unexpected application termination or arbitrary code execution
Description: A buffer underflow existed in the handling of fonts in
PDF files. This issue was addressed through additional bounds
checking. This issue does not affect OS X Mavericks systems.
CVE-ID
CVE-2013-5170 : Will Dormann of CERT/CC
Heimdal Kerberos
Available for: OS X Mavericks v10.9.2
Impact: A remote attacker may be able to cause a denial of service
Description: A reachable abort existed in the handling of ASN.1
data. This issue was addressed through additional validation of ASN.1
data.
CVE-ID
CVE-2014-1316 : Joonas Kuorilehto of Codenomicon
ImageIO
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
Impact: Viewing a maliciously crafted JPEG image may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue existed in ImageIO's handling
of JPEG images. This issue was addressed through improved bounds
checking. This issue does not affect systems prior to OS X Mavericks.
CVE-ID
CVE-2014-1319 : Cristian Draghici of Modulo Consulting, Karl Smith of
NCC Group
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
Impact: A malicious application can take control of the system
Description: A validation issue existed in the handling of a pointer
from userspace. This issue was addressed through additional
validation of pointers.
CVE-ID
CVE-2014-1318 : Ian Beer of Google Project Zero working with HP's
Zero Day Initiative
IOKit Kernel
Available for: OS X Mavericks v10.9.2
Impact: A local user can read kernel pointers, which can be used to
bypass kernel address space layout randomization
Description: A set of kernel pointers stored in an IOKit object
could be retrieved from userland. This issue was addressed through
removing the pointers from the object.
CVE-ID
CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's
Zero Day Initiative
Kernel
Available for: OS X Mavericks v10.9.2
Impact: A local user can read a kernel pointer, which can be used to
bypass kernel address space layout randomization
Description: A kernel pointer stored in a XNU object could be
retrieved from userland. This issue was addressed through removing
the pointer from the object.
CVE-ID
CVE-2014-1322 : Ian Beer of Google Project Zero
Power Management
Available for: OS X Mavericks v10.9.2
Impact: The screen might not lock
Description: If a key was pressed or the trackpad touched just after
the lid was closed, the system might have tried to wake up while
going to sleep, which would have caused the screen to be unlocked.
This issue was addressed by ignoring keypresses while going to sleep.
This issue does not affect systems prior to OS X Mavericks.
CVE-ID
CVE-2014-1321 : Paul Kleeberg of Stratis Health Bloomington MN,
Julian Sincu at the Baden-Wuerttemberg Cooperative State University
(DHBW Stuttgart), Gerben Wierda of R&A, Daniel Luz
Ruby
Available for: OS X Mavericks v10.9.2
Impact: Running a Ruby script that handles untrusted YAML tags may
lead to an unexpected application termination or arbitrary code
execution
Description: An integer overflow issue existed in LibYAML's handling
of YAML tags. This issue was addressed through additional validation
of YAML tags. This issue does not affect systems prior to OS X
Mavericks.
CVE-ID
CVE-2013-6393
Ruby
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
Impact: Running a Ruby script that uses untrusted input to create a
Float object may lead to an unexpected application termination or
arbitrary code execution
Description: A heap-based buffer overflow issue existed in Ruby when
converting a string to a floating point value. This issue was
addressed through additional validation of floating point values.
CVE-ID
CVE-2013-4164
Security - Secure Transport
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
Impact: An attacker with a privileged network position may capture
data or change the operations performed in sessions protected by SSL
Description: In a 'triple handshake' attack, it was possible for an
attacker to establish two connections which had the same encryption
keys and handshake, insert the attacker's data in one connection, and
renegotiate so that the connections may be forwarded to each other.
To prevent attacks based on this scenario, Secure Transport was
changed so that, by default, a renegotiation must present the same
server certificate as was presented in the original connection. This
issue does not affect Mac OS X 10.7 systems and earlier.
CVE-ID
CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and
Alfredo Pironti of Prosecco at Inria Paris
WindowServer
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
Impact: Maliciously crafted applications can execute arbitrary code
outside the sandbox
Description: WindowServer sessions could be created by sandboxed
applications. This issue was addressed by disallowing sandboxed
applications from creating WindowServer sessions.
CVE-ID
CVE-2014-1314 : KeenTeam working with HP's Zero Day Initiative
Note: Security Update 2014-002 for OS X Mavericks systems includes
the security content of Safari 7.0.3:
http://support.apple.com/kb/HT6181
Security Update 2014-002 may be obtained via the Apple Software
Update application, and from the Apple's Software Downloads web
site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTVqgEAAoJEPefwLHPlZEw0L8P/RIqgQPc1/RnmPBCKVnZ0QyI
8V9jV07LyXTPySL3at/sAFac148ZYqu9cSKtRWB1oAQCnC8C20EIDLBvsysmKT/a
zqLUP8ZGcd4jC4UYUleVgl4U9SXkp0L/HwpASXeRHGeUd/tN4eCBEgDfKSMdm8/s
4S70gTQPRRsQR3D8RkcOITJVFCaDFy/em3AbEJyAm7yDsDOinJdRrirRe7W1Q/p6
KBOmQYb73m0ykg08jgCjohxhTE9gpNeMeR7smN+7GsRb6XFlUOJGtnlePyLm1hN3
85e0KRnQyhTGXJ7y6MTmKzzwJ6/iVZvEeXK1IFwXEkwLLmp5uhp7wfT3DkZZSnBm
+uo5g2aSQ80+7ZR9psUQwXOn8/6cFyKbG5tHxkh8IY6qLacvHP5yBcw3gqlUNPg5
2vCNWqhL8fEqncx7K1QC8CxwLQMVw9QnolukdjOxT66+kI0F/mDGeGdf/mYkGBJF
ZECjWZsoekGq4TMu75MPn8BlwFpaLnObPi9pC+56BDhEz7f39bqBvkAaW61cQgj4
lRwlEHWNBFlO9XVkQwdmYrZoaeAAVxGG+iPt225dmXXZtWGMs5nYIzPj8GzRoNWQ
gYAGZAOBr6pGJCQmfJIy4tLKj0H9za9pxX9RqavKrZyEtTcxpUmrh91mGZiI4eo0
7hmpILk22+6xv6pWCw8D
=WWPv
-----END PGP SIGNATURE-----
.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
1294917053856fc539899d0b44ad0dbc mes5/i586/ruby-1.8.7-7p72.7mdvmes5.2.i586.rpm
3f2db72bc1631e542779316343e966c4 mes5/i586/ruby-devel-1.8.7-7p72.7mdvmes5.2.i586.rpm
39cfc6c4609fcc57176672475790b32b mes5/i586/ruby-doc-1.8.7-7p72.7mdvmes5.2.i586.rpm
0ec33b39a54d3bdf697f45da9f89e47a mes5/i586/ruby-tk-1.8.7-7p72.7mdvmes5.2.i586.rpm
fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
a931882acf32d122e07627496390d938 mes5/x86_64/ruby-1.8.7-7p72.7mdvmes5.2.x86_64.rpm
b501426a2e620f092bbb599859250cbe mes5/x86_64/ruby-devel-1.8.7-7p72.7mdvmes5.2.x86_64.rpm
ff3c3946cadf9572f9a9156ce1acc4d1 mes5/x86_64/ruby-doc-1.8.7-7p72.7mdvmes5.2.x86_64.rpm
7e11dfe3289d721f58692552d2dffe92 mes5/x86_64/ruby-tk-1.8.7-7p72.7mdvmes5.2.x86_64.rpm
fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
19f50bdda7f4d5298aad37fffcc161d2 mbs1/x86_64/ruby-1.8.7.p358-2.3.mbs1.x86_64.rpm
cb212eb9e77942130daa03bd00129647 mbs1/x86_64/ruby-devel-1.8.7.p358-2.3.mbs1.x86_64.rpm
61727a178644e24a90893fd521beaf26 mbs1/x86_64/ruby-doc-1.8.7.p358-2.3.mbs1.noarch.rpm
7c7c74b929d64434f5fac3e9a6a16eac mbs1/x86_64/ruby-tk-1.8.7.p358-2.3.mbs1.x86_64.rpm
3b57d1f0167760c15f5a2b7187f9301b mbs1/SRPMS/ruby-1.8.7.p358-2.3.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. These
issues were addressed by updating PostgreSQL to version 9.2.7.
CVE-ID
CVE-2014-0060
CVE-2014-0061
CVE-2014-0062
CVE-2014-0063
CVE-2014-0064
CVE-2014-0065
CVE-2014-0066
Mail Service
Available for: OS X Yosemite v10.10 or later
Impact: Group SACL changes for Mail may not be respected until after
a restart of the Mail service
Description: SACL settings for Mail were cached and changes to the
SACLs were not respected until after a restart of the Mail service. These
issues were addressed by switching from YAML to JSON as Profile
Manager's internal serialization format.
CVE-ID
CVE-2013-4164
CVE-2013-6393
Profile Manager
Available for: OS X Yosemite v10.10 or later
Impact: A local user may obtain passwords after setting up or
editing profiles in Profile Manager
Description: In certain circumstances, setting up or editing
profiles in Profile Manager may have logged passwords to a file. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling SSL 3.0 support in
Web Server, Calendar & Contacts Server, and Remote Administration. Relevant releases/architectures:
Management Engine - noarch, x86_64
3. Description:
Red Hat CloudForms Management Engine delivers the insight, control, and
automation enterprises need to address the challenges of managing virtual
environments, which are far more complex than physical ones. This
technology enables enterprises with existing virtual infrastructures
to improve visibility and control, and those just starting virtualization
deployments to build and operate a well-managed virtual infrastructure. (CVE-2013-4164)
It was found that Red Hat CloudForms Management Engine did not properly
sanitize user-supplied values in the ServiceController.
(CVE-2014-0057)
It was found that several number conversion helpers in Action View did not
properly escape all their parameters. An attacker could use these flaws to
perform a cross-site scripting (XSS) attack on an application that uses
data submitted by a user as parameters to the affected helpers.
(CVE-2014-0081)
A memory consumption issue was discovered in the text rendering component
of Action View. A remote attacker could use this flaw to perform a denial
of service attack by sending specially crafted queries that would result in
the creation of Ruby symbols that were never garbage collected.
(CVE-2014-0082)
Red Hat would like to thank the Ruby on Rails Project for reporting
CVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as
the original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the
original reporter of CVE-2014-0082.
This update fixes several bugs and adds multiple enhancements.
Documentation for these changes will be available shortly from the Red Hat
CloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the
References section
| VAR-201311-0407 | No CVE | SAP Netweaver Web Application Server J2EE SAP Portal Redirect Vulnerability |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP Web Application Server is a web application service program. The input passed to SAP Portal lacks correct validation before being used to redirect users, allowing attackers to build malicious URIs, enticing users to resolve, redirecting user communications to any WEB site, and performing phishing attacks
| VAR-201311-0408 | No CVE | SAP NetWeaver Web Application Server SHSTI_UPLOAD_XML XML External entity vulnerability |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAP NetWeaver Web Application Server has an error in the HSTI_UPLOAD_XML function when parsing XML entities, allowing restricted management commands to be sent to the gateway or message server via a specially crafted XML document containing external entity references
| VAR-201311-0233 | CVE-2013-6698 | Cisco Wireless LAN Controller Device Web Vulnerabilities that could cause clickjacking attacks in the interface |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821. This case " Cross frame scripting (XFS)" Vulnerability related to the problem. The Cisco Wireless LAN Controller is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. The vulnerability is due to insufficient protection of HTML sub-frames, allowing attackers to build malicious HTML sub-frames, enticing user parsing, and performing clickjacking or other client browser attacks.
Successful exploits will allow attackers to bypass the same-origin policy and perform unauthorized actions; other attacks are possible.
This issue is being tracked by Cisco Bug ID CSCuf77821
| VAR-201311-0234 | CVE-2013-6699 | Cisco Wireless LAN Controller Device Control and Provisioning of Wireless Access Points Service disruption in protocol implementation (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880. Vendors have confirmed this vulnerability Bug ID CSCuh81880 It is released as.Skillfully crafted by a third party to induce buffer overread CAPWAP Service disruption via packets (DoS) There is a possibility of being put into a state. The vulnerability is caused by insufficient data packet verification, which allows a remote attacker to exploit a vulnerability to send a specially crafted CAPWAP message to the Cisco WLC.
Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions.
This issue is being tracked by Cisco Bug ID CSCuh81880
| VAR-201311-0230 | CVE-2013-6692 | Cisco IOS XE Denial of service in Japan (DoS) Vulnerability |
CVSS V2: 6.3 CVSS V3: - Severity: MEDIUM |
Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS XE is prone to a remote denial-of-service vulnerability.
Successful exploits may allow an attackers to cause the affected device to reload, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCuh04949
| VAR-201311-0231 | CVE-2013-6693 | Cisco 7600 Runs on a series router Cisco IOS of MLDP Service disruption in implementations (DoS) Vulnerabilities |
CVSS V2: 5.4 CVSS V3: - Severity: MEDIUM |
The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. An attacker can exploit the vulnerability to reload the affected device.
This issue is being tracked by Cisco Bug ID CSCue22345
| VAR-201311-0065 | CVE-2013-2823 | Catapult Software DNP3 Driver Local Denial of Service Vulnerability |
CVSS V2: 4.7 CVSS V3: - Severity: MEDIUM |
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. Catapult Software DNP3 Driver is a power-related industrial control software. The Catapult Software DNP3 drivers used by GE iFIX and CIMPLICITY products fail to properly verify input, allowing local attackers to exploit vulnerabilities to bring software into an infinite loop, crashing the process, and requiring a reboot to get normal functionality.
Local attackers can exploit this issue to force the application to enter into an infinite loop, causing denial-of-service conditions
| VAR-201311-0064 | CVE-2013-2811 | GE Intelligent Platforms Used in products Catapult and GE Intelligent Platforms Proficy of DNP3 I/O Service disruption in drivers (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Catapult Software DNP3 Driver is a power-related industrial control software.
Attackers can exploit this issue to force the application to enter into an infinite loop, causing denial-of-service conditions
| VAR-201311-0399 | CVE-2013-4547 | nginx Vulnerabilities that bypass restrictions |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx is prone to a remote security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
nginx 0.8.41 through 1.5.6 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A security vulnerability exists in nginx versions 0.8.41 through 1.4.3 and 1.5.x prior to 1.5.7. The vulnerability stems from the program not properly validating request URIs containing unescaped space characters.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547
http://advisories.mageia.org/MGASA-2013-0349.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
ee03201627b548e26667eec1e5ac7dae mbs1/x86_64/nginx-1.0.15-3.1.mbs1.x86_64.rpm
6404dde21b871054a663171b5460fac8 mbs1/SRPMS/nginx-1.0.15-3.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2802-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
November 21, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : nginx
Vulnerability : restriction bypass
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-4547
Debian Bug : 730012
Ivan Fratric of the Google Security Team discovered a bug in nginx,
a web server, which might allow an attacker to bypass security
restrictions by using a specially crafted request.
The oldstable distribution (squeeze) is not affected by this problem.
For the stable distribution (wheezy), this problem has been fixed in
version 1.2.1-2.2+wheezy2.
For the unstable distribution (sid), this problem has been fixed in
version 1.4.4-1.
We recommend that you upgrade your nginx packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST
q9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO
3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6
Ddh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6
OHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f
vAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw==
=ttYS
-----END PGP SIGNATURE-----