VARIoT IoT vulnerabilities database

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a sufficient source of entropy for renderer processes, which might make it easier for remote attackers to defeat cryptographic protection mechanisms in third-party components via unspecified vectors. Google Chrome is prone to a security vulnerability. The impact of this issue is currently unknown. We will update this BID as more information emerges. Versions prior to Chrome 28.0.1500.71 are vulnerable. NOTE: This issue was previously covered in BID 61041 (Google Chrome Prior to 28.0.1500.71 Multiple Security Vulnerabilities) but has been given its own record for better documentation. Google Chrome is a web browser developed by Google (Google). The vulnerability stems from the fact that the program does not determine an entropy value with sufficient resources for the renderer process. A remote attacker can exploit this vulnerability to crack the encryption protection mechanism through third-party components

Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the PCM processing code. By providing a malformed audio sample through ActionScript3, an attacker can cause an integer overflow. Adobe Flash Player is prone to an integer-overflow vulnerability. Note: This issue was previously covered in BID 61038 (Adobe Flash Player APSB13-17 Multiple Remote Code Execution Vulnerabilities), but has been moved to its own record for better documentation. Failed attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. The vulnerability stems from the fact that the program does not correctly process the PCM data when resampling the PCM buffer provided by the user. It is also possible to take control of the affected system. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310" References ========== [ 1 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 2 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 3 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 4 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 5 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 6 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 7 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 8 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 9 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 10 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 11 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 12 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 13 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 14 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 15 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 16 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 17 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 18 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 19 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 20 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 21 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 22 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 23 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 24 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 25 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 26 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 27 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 28 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 29 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 30 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 31 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 32 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 33 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 34 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 35 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 36 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 37 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 38 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 39 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 40 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 41 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 42 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 43 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 44 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 45 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 46 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 47 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 48 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 49 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 50 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 51 ] CVE-2012-5274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274 [ 52 ] CVE-2012-5275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275 [ 53 ] CVE-2012-5276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276 [ 54 ] CVE-2012-5277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277 [ 55 ] CVE-2012-5278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278 [ 56 ] CVE-2012-5279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279 [ 57 ] CVE-2012-5280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280 [ 58 ] CVE-2012-5676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676 [ 59 ] CVE-2012-5677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677 [ 60 ] CVE-2012-5678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678 [ 61 ] CVE-2013-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504 [ 62 ] CVE-2013-0630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630 [ 63 ] CVE-2013-0633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633 [ 64 ] CVE-2013-0634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634 [ 65 ] CVE-2013-0637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637 [ 66 ] CVE-2013-0638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638 [ 67 ] CVE-2013-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639 [ 68 ] CVE-2013-0642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642 [ 69 ] CVE-2013-0643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643 [ 70 ] CVE-2013-0644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644 [ 71 ] CVE-2013-0645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645 [ 72 ] CVE-2013-0646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646 [ 73 ] CVE-2013-0647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647 [ 74 ] CVE-2013-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648 [ 75 ] CVE-2013-0649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649 [ 76 ] CVE-2013-0650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650 [ 77 ] CVE-2013-1365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365 [ 78 ] CVE-2013-1366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366 [ 79 ] CVE-2013-1367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367 [ 80 ] CVE-2013-1368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368 [ 81 ] CVE-2013-1369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369 [ 82 ] CVE-2013-1370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370 [ 83 ] CVE-2013-1371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371 [ 84 ] CVE-2013-1372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372 [ 85 ] CVE-2013-1373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373 [ 86 ] CVE-2013-1374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374 [ 87 ] CVE-2013-1375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375 [ 88 ] CVE-2013-1378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378 [ 89 ] CVE-2013-1379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379 [ 90 ] CVE-2013-1380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380 [ 91 ] CVE-2013-2555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555 [ 92 ] CVE-2013-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728 [ 93 ] CVE-2013-3343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343 [ 94 ] CVE-2013-3344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344 [ 95 ] CVE-2013-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345 [ 96 ] CVE-2013-3347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347 [ 97 ] CVE-2013-3361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361 [ 98 ] CVE-2013-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362 [ 99 ] CVE-2013-3363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363 [ 100 ] CVE-2013-5324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:1035-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1035.html Issue date: 2013-07-10 CVE Names: CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-17, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 982749 - CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 flash-plugin: Multiple code execution flaws (APSB13-17) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.297-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.297-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.297-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.297-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3344.html https://www.redhat.com/security/data/cve/CVE-2013-3345.html https://www.redhat.com/security/data/cve/CVE-2013-3347.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-17.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR3RcFXlSAg2UNWIIRAibqAJ4ueutMxMCpS7cVyM01x68cJzonJwCgwGMI wOssXF1MQp0avKW9aWq5yP8= =2PBY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors. Note: This issue was previously covered in BID 61038 (Adobe Flash Player APSB13-17 Multiple Remote Code Execution Vulnerabilities), but has been moved to its own record for better documentation. Failed attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310" References ========== [ 1 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 2 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 3 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 4 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 5 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 6 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 7 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 8 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 9 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 10 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 11 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 12 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 13 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 14 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 15 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 16 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 17 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 18 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 19 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 20 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 21 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 22 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 23 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 24 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 25 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 26 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 27 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 28 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 29 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 30 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 31 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 32 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 33 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 34 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 35 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 36 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 37 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 38 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 39 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 40 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 41 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 42 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 43 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 44 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 45 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 46 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 47 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 48 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 49 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 50 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 51 ] CVE-2012-5274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274 [ 52 ] CVE-2012-5275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275 [ 53 ] CVE-2012-5276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276 [ 54 ] CVE-2012-5277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277 [ 55 ] CVE-2012-5278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278 [ 56 ] CVE-2012-5279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279 [ 57 ] CVE-2012-5280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280 [ 58 ] CVE-2012-5676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676 [ 59 ] CVE-2012-5677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677 [ 60 ] CVE-2012-5678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678 [ 61 ] CVE-2013-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504 [ 62 ] CVE-2013-0630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630 [ 63 ] CVE-2013-0633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633 [ 64 ] CVE-2013-0634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634 [ 65 ] CVE-2013-0637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637 [ 66 ] CVE-2013-0638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638 [ 67 ] CVE-2013-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639 [ 68 ] CVE-2013-0642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642 [ 69 ] CVE-2013-0643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643 [ 70 ] CVE-2013-0644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644 [ 71 ] CVE-2013-0645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645 [ 72 ] CVE-2013-0646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646 [ 73 ] CVE-2013-0647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647 [ 74 ] CVE-2013-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648 [ 75 ] CVE-2013-0649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649 [ 76 ] CVE-2013-0650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650 [ 77 ] CVE-2013-1365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365 [ 78 ] CVE-2013-1366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366 [ 79 ] CVE-2013-1367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367 [ 80 ] CVE-2013-1368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368 [ 81 ] CVE-2013-1369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369 [ 82 ] CVE-2013-1370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370 [ 83 ] CVE-2013-1371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371 [ 84 ] CVE-2013-1372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372 [ 85 ] CVE-2013-1373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373 [ 86 ] CVE-2013-1374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374 [ 87 ] CVE-2013-1375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375 [ 88 ] CVE-2013-1378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378 [ 89 ] CVE-2013-1379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379 [ 90 ] CVE-2013-1380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380 [ 91 ] CVE-2013-2555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555 [ 92 ] CVE-2013-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728 [ 93 ] CVE-2013-3343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343 [ 94 ] CVE-2013-3344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344 [ 95 ] CVE-2013-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345 [ 96 ] CVE-2013-3347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347 [ 97 ] CVE-2013-3361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361 [ 98 ] CVE-2013-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362 [ 99 ] CVE-2013-3363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363 [ 100 ] CVE-2013-5324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:1035-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1035.html Issue date: 2013-07-10 CVE Names: CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-17, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 982749 - CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 flash-plugin: Multiple code execution flaws (APSB13-17) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.297-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.297-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.297-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.297-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3344.html https://www.redhat.com/security/data/cve/CVE-2013-3345.html https://www.redhat.com/security/data/cve/CVE-2013-3347.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-17.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR3RcFXlSAg2UNWIIRAibqAJ4ueutMxMCpS7cVyM01x68cJzonJwCgwGMI wOssXF1MQp0avKW9aWq5yP8= =2PBY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player is prone to an unspecified memory-corruption vulnerability. Note: This issue was previously covered in BID 61038 (Adobe Flash Player APSB13-17 Multiple Remote Code Execution Vulnerabilities), but has been moved to its own record for better documentation. Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310" References ========== [ 1 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 2 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 3 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 4 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 5 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 6 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 7 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 8 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 9 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 10 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 11 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 12 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 13 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 14 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 15 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 16 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 17 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 18 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 19 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 20 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 21 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 22 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 23 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 24 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 25 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 26 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 27 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 28 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 29 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 30 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 31 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 32 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 33 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 34 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 35 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 36 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 37 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 38 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 39 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 40 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 41 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 42 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 43 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 44 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 45 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 46 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 47 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 48 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 49 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 50 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 51 ] CVE-2012-5274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274 [ 52 ] CVE-2012-5275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275 [ 53 ] CVE-2012-5276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276 [ 54 ] CVE-2012-5277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277 [ 55 ] CVE-2012-5278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278 [ 56 ] CVE-2012-5279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279 [ 57 ] CVE-2012-5280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280 [ 58 ] CVE-2012-5676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676 [ 59 ] CVE-2012-5677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677 [ 60 ] CVE-2012-5678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678 [ 61 ] CVE-2013-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504 [ 62 ] CVE-2013-0630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630 [ 63 ] CVE-2013-0633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633 [ 64 ] CVE-2013-0634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634 [ 65 ] CVE-2013-0637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637 [ 66 ] CVE-2013-0638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638 [ 67 ] CVE-2013-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639 [ 68 ] CVE-2013-0642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642 [ 69 ] CVE-2013-0643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643 [ 70 ] CVE-2013-0644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644 [ 71 ] CVE-2013-0645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645 [ 72 ] CVE-2013-0646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646 [ 73 ] CVE-2013-0647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647 [ 74 ] CVE-2013-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648 [ 75 ] CVE-2013-0649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649 [ 76 ] CVE-2013-0650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650 [ 77 ] CVE-2013-1365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365 [ 78 ] CVE-2013-1366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366 [ 79 ] CVE-2013-1367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367 [ 80 ] CVE-2013-1368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368 [ 81 ] CVE-2013-1369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369 [ 82 ] CVE-2013-1370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370 [ 83 ] CVE-2013-1371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371 [ 84 ] CVE-2013-1372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372 [ 85 ] CVE-2013-1373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373 [ 86 ] CVE-2013-1374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374 [ 87 ] CVE-2013-1375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375 [ 88 ] CVE-2013-1378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378 [ 89 ] CVE-2013-1379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379 [ 90 ] CVE-2013-1380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380 [ 91 ] CVE-2013-2555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555 [ 92 ] CVE-2013-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728 [ 93 ] CVE-2013-3343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343 [ 94 ] CVE-2013-3344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344 [ 95 ] CVE-2013-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345 [ 96 ] CVE-2013-3347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347 [ 97 ] CVE-2013-3361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361 [ 98 ] CVE-2013-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362 [ 99 ] CVE-2013-3363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363 [ 100 ] CVE-2013-5324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:1035-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1035.html Issue date: 2013-07-10 CVE Names: CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-17, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 982749 - CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 flash-plugin: Multiple code execution flaws (APSB13-17) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.297-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.297-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.297-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.297-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3344.html https://www.redhat.com/security/data/cve/CVE-2013-3345.html https://www.redhat.com/security/data/cve/CVE-2013-3347.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-17.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR3RcFXlSAg2UNWIIRAibqAJ4ueutMxMCpS7cVyM01x68cJzonJwCgwGMI wOssXF1MQp0avKW9aWq5yP8= =2PBY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password. HP StoreVirtual products using LeftHand OS are prone to an unauthorized-access vulnerability. A remote attacker can exploit this issue to gain unauthorized access to the affected device. This may aid in further attacks. HP StoreVirtual Storage is a set of virtual storage devices supported by LeftHand OS of Hewlett-Packard (HP), which provides functions such as updating data centers, reducing SAN costs and eliminating failure points. LeftHand OS (aka SAN iQ) is an operating system used on this device. The vulnerability is caused by remote attacks. Password to gain the root authority of the user. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03825537 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03825537 Version: 2 HPSBST02896 rev.2 - HP StoreVirtual Storage, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-07-17 Last Updated: 2013-07-17 Potential Security Impact: Remote unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with the HP StoreVirtual Storage. All HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer. This functionality cannot be disabled today. HP StoreVirtual products are storage appliances that use a custom operating system, LeftHand OS, which is not accessible to the end user. Limited access is available to the user via the HP StoreVirtual Command-Line Interface (CLiQ) however root access is blocked. Root access may be requested by HP Support in some cases to help customers resolve complex support issues. To facilitate these cases, a challenge-response-based one-time password utility is employed by HP Support to gain root access to systems when the customer has granted permission and network access to the system. The one-time password utility protects the root access by preventing repeated access to the system with the same pass phrase. Root access to the LeftHand OS does not provide access to the user data being stored on the system. References: CVE-2013-2352 (SSRT101257) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This issue effects LeftHand OS (a.k.a. SAN iQ) software versions 10.5 and earlier. HP StoreVirtual device HP P4300 HP P4500 HP P4300 G2 HP P4500 G2 HP P4800 G2 HP P4900 G2 HP P4000 VSA HP StoreVirtual 4130 HP StoreVirtual 4330 HP StoreVirtual 4530 HP StoreVirtual 4630 HP StoreVirtual 4730 HP StoreVirtual VSA LeftHand NSM2060 LeftHand NSM2120 Dell PowerEdge 2950 HP DL320S IBM System x3650 LeftHand NSM2060 G2 LeftHand NSM2120 G2 LeftHand VSA BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-2352 (AV:N/AC:L/Au:N/C:N/I:C/A:C) 9.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Joshua Small for reporting this issue to security-alert@hp.com RESOLUTION HP has provided patches to resolve this vulnerability. Please see the table below to determine which patch applies to the StoreVirtual version being used. Installation of patch 25051-00 will fail if 9.5 Patch Set 05 is not present Note: HP Support may still request root access to customer systems in order to resolve certain support issues. Patches and release notes may be downloaded using the 9.5 or later CMC. Go to http://www.hp.com/go/hpsc Select your specific product. If you have a HP P4x00 G2 or HP StoreVirtual 4000 product select 'HP StoreVirtual 4000 Storage'. Select 'Drivers, Software & Firmware' under 'Download Options' in the left menu. Select your specific product. Select your language. Click 'Cross operating system (BIOS, Firmware, Diagnostics, etc.)' Click 'Patch' or scroll down to the Patch table j. In the Description column of the Patch table, click the title of the patch: To download the file, click the 'Download' button. To read the release notes, click the 'Release Notes' tab. HISTORY Version:1 (rev.1) - 9 July 2013 Initial release Version:2 (rev.2) - 17 July 2013 Documented the released patches, added LeftHand NSM2120 Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlHnM80ACgkQ4B86/C0qfVlJvACfYidpkJWgTf29SPsi6ABOpm0y oo0AoNyRilCrIZTF6+a3pOqr4epkrCRX =PHV+ -----END PGP SIGNATURE-----

D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active. The DIR-505L is a versatile mini wireless router and the DIR-826L is a dual-band Gigabit wireless cloud router. During this window, the application does not verify the session COOKIE, and the administrator can view or change the device configuration. Multiple D-Link products are prone to a remote authentication-bypass vulnerability. An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions on the affected device. This may aid in further attacks. This is not possible once a legitimate session has expired

Triangle Research International (aka Tri) Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbus/TCP packets, which allows remote attackers to cause a denial of service (networking outage) via a crafted packet to TCP port 502. The Triangle Research Nano-10 PLC is a controller for automated manufacturing. Attack, you need to manually restart to get normal functionality. Nano-10 PLC is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the affected device to crash, denying service to legitimate users. Nano-10 PLC running firmware versions prior to r81 are vulnerable. http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&amp;bugId=CSCsq24002

The firmware on Cisco Virtualization Experience Client 6000 devices sets incorrect operating-system permissions, which allows local users to gain privileges via an unspecified sequence of commands, aka Bug ID CSCuc31764. Local attackers can exploit this issue to gain elevated privileges, which may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuc31764. The administrative web interface is a web management interface running on it

The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet.". Dell Integrated Remote Access Controller (iDRAC) 6 is a system management solution including hardware and software from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. A vulnerability exists in the web interface in Dell iDRAC 6 Firewall version 1.7

The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet.". Dell Integrated Remote Access Controller ( iDRAC ) 6 is the US Dell ( Dell ) company's system management solution that includes hardware and software. The program is Dell PowerEdge The system provides functions such as remote management, crashed system recovery, and power control. Dell iDRAC6 BMC There is a loophole in the implementation

DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865 The UPnP SOAP interface does not properly filter XML parameters, allowing remote attackers to exploit and exploit arbitrary commands, including: NewInternalClient, NewInternalClient, NewInternalPort. D-Link DIR-300, DIR-600, DIR-645, DIR-845, and DIR-865 are all wireless router products from Taiwan D-Link Corporation. Multiple command injection vulnerabilities exist in multiple D-Link products. An attacker could use these vulnerabilities to execute arbitrary commands in the context of an affected device. The following devices have vulnerabilities: DIR-300 rev B firmware 2.14b01, DIR-600 firmware 2.16b01, DIR-645 firmware 1.04b01, DIR-845 firmware 1.01b02, DIR- The 865 runs firmware version 1.05b03

ASUS RT-N66U is a wireless router product. ASUS RT-N66U 3.0.0.4.270, 3.0.0.4.354 does not properly restrict access when processing certain HTTPS requests, can be exploited to gain unauthorized access, and reveals the contents of arbitrary files and directories. Successful exploitation of this vulnerability requires activation. AiCloud web service.

Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow.". NetGear RAIDiator is a direct-hanging storage device based on Linux and debian-sparc platforms. A cross-site request forgery vulnerability exists in NetGear RAIDiator. Allow remote attackers to perform certain administrative actions. Other attacks are also possible. Following are vulnerable: RAIDiator versions prior to 4.1.12 running on SPARC RAIDiator-x86 versions prior to 4.2.24. There is an eval injection vulnerability in the FrontViewWeb interface in NETGEAR ReadyNAS RAIDiator 4.1 and 4.2.23 and earlier versions. The vulnerability is caused by the frontview/lib/np_handler.pl script not filtering the input submitted by the user

Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users. NetGear RAIDiator is a direct-hanging storage device based on Linux and debian-sparc platforms. There is a command injection vulnerability in NetGear RAIDiator. An attacker can exploit the vulnerability to execute arbitrary shell commands with root privileges. Other attacks are also possible. Following are vulnerable: RAIDiator versions prior to 4.1.12 running on SPARC RAIDiator-x86 versions prior to 4.2.24

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to inject arbitrary FTP commands via unspecified vectors. Exploiting this issue could allow an attacker to execute arbitrary FTP commands in the context of the affected application. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network