VARIoT IoT vulnerabilities database

Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779. The problem is Bug ID CSCuc79779 It is a problem.Arbitrary commands could be executed by a third party via a crafted session. Cisco Prime LAN Management Solution Virtual Appliance is prone to a remote command-execution vulnerability. Remote attackers can exploit this issue to execute arbitrary commands with the privileges of the root user. This may facilitate a complete compromise of an affected device. This issue being tracked by Cisco Bug ID CSCuc79779. The solution configures, manages, monitors and maintains the network. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: CiscoWorks Prime LAN Management Solution (LMS) Command Injection Vulnerability SECUNIA ADVISORY ID: SA51814 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51814/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51814 RELEASE DATE: 2013-01-10 DISCUSS ADVISORY: http://secunia.com/advisories/51814/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51814/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51814 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CiscoWorks Prime LAN Management Solution (LMS), which can be exploited by malicious people to compromise a vulnerable system. SOLUTION: Update to version 4.2.3 or apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco (cisco-sa-20130109-lms): http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess HMI/SCADA has an unidentified cross-site script. Advantech WebAccess HMI/SCADA is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Advantech WebAccess HMI/SCADA 7.0 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment

Schmid Watson Management Console is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the affected application. Information harvested may aid in launching further attacks. Schmid Watson Management Console 4.11.2.G is vulnerable; other versions may also be affected.

Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic parameter to html/index_main.htm in (1) help/sm/en/Output/wwhelp/wwhimpl/js/, (2) help/sm/es/Output/wwhelp/wwhimpl/js/, (3) help/sm/ja/Output/wwhelp/wwhimpl/js/, (4) help/sm/de/Output/wwhelp/wwhimpl/js/, (5) help/sm/fr/Output/wwhelp/wwhimpl/js/, (6) help/sm/zh/Output/wwhelp/wwhimpl/js/, (7) help/hip/en/msgguide/wwhelp/wwhimpl/js/, or (8) help/hip/en/msgguide/wwhelp/wwhimpl/common/. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Dell OpenManage Server Administrator (OMSA) is a system management solution of Dell (Dell). The solution supports online diagnosis, system operation detection, equipment management, etc. The vulnerability is caused by the program not properly validating the input passed to help/sm/en/Output/wwhelp/wwhimpl/js/html/index_main before returning it to the user. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Dell OpenManage Server Administrator "topic" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA51764 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51764/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51764 RELEASE DATE: 2013-01-09 DISCUSS ADVISORY: http://secunia.com/advisories/51764/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51764/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51764 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Dell OpenManage Server Administrator, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "topic" parameter to e.g. help/sm/en/Output/wwhelp/wwhimpl/js/html/index_main.htm is not properly sanitised before being returned to the user. SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Tenable Network Security. ORIGINAL ADVISORY: US-CERT VU#950172: http://www.kb.cert.org/vuls/id/950172 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

BT Home Hub is a wireless Internet router for home use. A buffer overflow vulnerability exists in BT Home Hub. A sufficient boundary check was not performed due to the data provided to the user. An attacker can exploit the vulnerability to escalate permissions and execute arbitrary code with root privileges, which can cause the affected application to crash. BT Home Hub is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer. Failed exploit attempts will likely crash the affected application

Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. There is an HTML injection vulnerability in Advantech WebAccess HMI/SCADA. Because the program fails to properly filter user-supplied input, an attacker can exploit the vulnerability to execute HTML or JavaScript code in the context of the affected site, stealing cookie-based authentication credentials and controlling how the site is presented to the user. Advantech WebAccess HMI/SCADA is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Advantech WebAccess HMI/SCADA 7.0-2012.12.05 is vulnerable; other versions may also be affected. 450 Products. Advantech WebAccess HMI/SCADA presence HTML Inject holes

Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player Contains a buffer overflow vulnerability. This vulnerability APSB13-01 This is a different vulnerability than other buffer overflow vulnerabilities listed on the list.An attacker could execute arbitrary code. Adobe Flash Player and AIR are prone to a remote buffer-overflow vulnerability due to a failure to properly bounds check user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:0149-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0149.html Issue date: 2013-01-09 CVE Names: CVE-2013-0630 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This vulnerability is detailed in the Adobe Security bulletin APSB13-01, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.261-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.261-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.261-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.261-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.261-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.261-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.261-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.261-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.261-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.261-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0630.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-01.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ7UnNXlSAg2UNWIIRAoG6AKDDqTMMobAcxWJzy8F/Vk35630sKQCfea4O 09fBfKdT3bZ3AYLA8xe1Ls0= =Pmm1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51825 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51825/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51825 RELEASE DATE: 2013-01-11 DISCUSS ADVISORY: http://secunia.com/advisories/51825/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51825/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51825 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA51771 2) A use-after-free error exists when handling SVG layouts. 3) An error when handling URLs can be exploited to bypass the same origin policy. 4) A use-after-free error exists when handling certain DOM objects. 5) An unspecified error exists when handling certain filenames. 6) An integer overflow error exists when handling audio IPC. 7) A use-after-free error exists when seeking video. 8) An integer overflow error exists when handling JavaScript in PDF files. 9) An out-of-bounds read error exists when seeking video. 10) An out-of-bounds stack access error exists in v8. 11) An integer overflow error exists in shared memory allocation. NOTE: This vulnerability affects Windows only. 12) An unspecified error can be exploited to bypass the sandbox for worker processes. NOTE: This security issue affects Mac only. 13) A use-after-free error exists when handling certain fields in PDF files. 14) Some out-of-bounds read errors exist when handling images in PDF files. 15) A bad cast error exists in PDF root handling. 16) An unspecified error can be exploited to corrupt database metadata and access certain files. 17) A use-after-free error exists when printing. 18) An out-of-bounds read error exists when printing. 19) An out-of-bounds read error exists when handling glyph. 20) An unspecified error exists within v8 garbage collection. 21) An unspecified error exists within extension tab handling. The vulnerabilities are reported in versions prior to 24.0.1312.52. SOLUTION: Upgrade to version 24.0.1312.52. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Atte Kettunen, OUSPG 3) Erling A Ellingsen and Subodh Iyengar, Facebook 4) Jose A. Vazquez 5) Justin Schuh, Google Chrome Security Team 6, 11) Chris Evans, Google Chrome Security Team 7, 9) Inferno, Google Chrome Security Team 8, 13, 14, 15) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team 10) Andreas Rossberg, Chromium development community 12) Julien Tinnes, Google Chrome Security Team 16) Juri Aedla, Google Chrome Security Team 17, 18, 19, 20) Cris Neckar, Google Chrome Security Team 21) Tom Nielsen ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: September 14, 2013 Bugs: #437808, #442084, #446984, #452104, #456132, #457066, #459368, #461598, #465534, #469870, #473038, #476328, #484512 ID: 201309-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in execution of arbitrary code. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310" References ========== [ 1 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 2 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 3 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 4 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 5 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 6 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 7 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 8 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 9 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 10 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 11 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 12 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 13 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 14 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 15 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 16 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 17 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 18 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 19 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 20 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 21 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 22 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 23 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 24 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 25 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 26 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 27 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 28 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 29 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 30 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 31 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 32 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 33 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 34 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 35 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 36 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 37 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 38 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 39 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 40 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 41 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 42 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 43 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 44 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 45 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 46 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 47 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 48 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 49 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 50 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 51 ] CVE-2012-5274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274 [ 52 ] CVE-2012-5275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275 [ 53 ] CVE-2012-5276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276 [ 54 ] CVE-2012-5277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277 [ 55 ] CVE-2012-5278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278 [ 56 ] CVE-2012-5279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279 [ 57 ] CVE-2012-5280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280 [ 58 ] CVE-2012-5676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676 [ 59 ] CVE-2012-5677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677 [ 60 ] CVE-2012-5678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678 [ 61 ] CVE-2013-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504 [ 62 ] CVE-2013-0630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630 [ 63 ] CVE-2013-0633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633 [ 64 ] CVE-2013-0634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634 [ 65 ] CVE-2013-0637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637 [ 66 ] CVE-2013-0638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638 [ 67 ] CVE-2013-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639 [ 68 ] CVE-2013-0642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642 [ 69 ] CVE-2013-0643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643 [ 70 ] CVE-2013-0644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644 [ 71 ] CVE-2013-0645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645 [ 72 ] CVE-2013-0646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646 [ 73 ] CVE-2013-0647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647 [ 74 ] CVE-2013-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648 [ 75 ] CVE-2013-0649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649 [ 76 ] CVE-2013-0650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650 [ 77 ] CVE-2013-1365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365 [ 78 ] CVE-2013-1366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366 [ 79 ] CVE-2013-1367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367 [ 80 ] CVE-2013-1368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368 [ 81 ] CVE-2013-1369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369 [ 82 ] CVE-2013-1370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370 [ 83 ] CVE-2013-1371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371 [ 84 ] CVE-2013-1372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372 [ 85 ] CVE-2013-1373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373 [ 86 ] CVE-2013-1374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374 [ 87 ] CVE-2013-1375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375 [ 88 ] CVE-2013-1378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378 [ 89 ] CVE-2013-1379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379 [ 90 ] CVE-2013-1380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380 [ 91 ] CVE-2013-2555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555 [ 92 ] CVE-2013-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728 [ 93 ] CVE-2013-3343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343 [ 94 ] CVE-2013-3344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344 [ 95 ] CVE-2013-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345 [ 96 ] CVE-2013-3347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347 [ 97 ] CVE-2013-3361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361 [ 98 ] CVE-2013-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362 [ 99 ] CVE-2013-3363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363 [ 100 ] CVE-2013-5324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system

Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php. A remote attacker can use directory-traversal sequences to retrieve arbitrary files in the context of the affected application. Google Doc Embedder 2.4.6 is vulnerable; other versions may also be affected. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers. Google Doc Embedder is one of the plugins that can embed MS Office, PDF and other file systems into web pages. The vulnerability is caused by the libs/pdf.php script not adequately filtering the 'file' parameter. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: WordPress Google Doc Embedder Plugin Arbitrary File Disclosure Vulnerability SECUNIA ADVISORY ID: SA50832 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50832/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50832 RELEASE DATE: 2013-01-03 DISCUSS ADVISORY: http://secunia.com/advisories/50832/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50832/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50832 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Charlie Eriksen has discovered a vulnerability in the Google Doc Embedder plugin for WordPress, which can be exploited by malicious people to disclose sensitive information. Input passed to the "file" parameter in wp-content/plugins/google-document-embedder/libs/pdf.php (when "fn" is set to a valid value) is not properly verified before being used to display files. The vulnerability is confirmed in version 2.4.6. SOLUTION: Update to version 2.5.4. PROVIDED AND/OR DISCOVERED BY: Charlie Eriksen via Secunia OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Aastra 6753i is a versatile IP phone. Each time the Aastra 6753i reboots, it downloads the configuration file .tuz from TFTP and contains the encrypted SIP account username and password. The Aastra 6753i IP Phone uses a slightly modified 3DES algorithm in ECB mode, allowing an attacker to modify the phone settings by modifying the configuration file. Anacrypt is prone to an information-disclosure vulnerability. Successful exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks. Versions prior to Anacrypt 1.04 are vulnerable. Note: This issue was previously titled 'Aastra 6753i '.tuz' Configuraton File Information Disclosure Vulnerability'. The title and technical details have been changed to better reflect the underlying component affected. Aastra IP telephone encrypted .tuz configuration file leakage ------------------------------------------------------------- Affected products ================= Aastra 6753i IP Telephone Firmware Version 3.2.2.56 Firmware Release Code SIP Boot Version 2.5.2.1010 Background ========== "The 6753i from Aastra offers powerful features and flexibility in a standards based, carrier-grade basic level IP telephone. With a sleek and elegant design and 3 line LCD display, the 6753i is fully interoperable with leading IP Telephony platforms, offering advanced XML capability to access custom applications and support for up to 9 calls simultaneously. Part of the Aastra family of IP telephones, the 6753i is ideally suited for light to regular telephone requirements." Description =========== Aastra downloads its configuration files over TFTP on every reboot. The .tuz format has a simple header and 3DES encrypted payload: Offset | Length | Comment ----------------------------------------------------------------------------- 0 | 16 | Always 55 42 43 7f 80 f8 5c 98 0f fc af 26 9e da 16 8d 16 | 1 | A byte that indicates how many padding bytes are in the | | last 3DES block. The padding consists of zeroes. Typically configuration files are encrypted using the same key. This means that when we compare the encrypted .tuz files from two similarly configured phones we can see where the differences are in the payload. Suppose we have two users, "John Doe" and "Jane Doe", and that the name happens to be aligned exactly to the 64-bit 3DES block. We can now observe that the ciphertext differs only by 64 bits: ... 0007450 7c ce ff 07 05 51 9f b7 0007460 19 40 e0 b1 a0 f4 13 78 -0007470 83 f2 14 f3 8c 4d cb c6 +0007470 6d 57 f6 74 8c fd 4d 39 0007520 c5 34 0e 2a 3b 6b da 1c 0007530 5f 69 fe c3 b8 0f 37 0a ... If we copy this block from John's encrypted configuration file to Jane's configuration file then Jane's phone will suddenly show John's name in its LCD display, SIP traffic and HTTP interface. Now it gets interesting: We can actually copy any 64-bit block to the offset where the name of the user is shown and the phone will happily decrypt it for us! Exploit ======= Available on request. Has decrypted a 4605-byte configuration file in 9 hours (each reboot gives you only 8 bytes and rebooting takes around 60 seconds). When you know the offset of the admin password you can selectively decrypt only that and attack similarly configured phones without having to decrypt complete configuration file. Timeline ======== 2012-02-01 Discovered the vulnerability while adjusting firewall rules to let the phones access TFTP. 2012-02-02 Contacted Aastra via their contact box: http://www.aastra.fi/Yhteydenottolomake.htm 2012-02-03 Contacted Aastra via trixbox forum: http://liveweb.archive.org/http://fonality.com/trixbox/forums/vendor-forums-certified/aastra-endpoints/security-contact-aastra 2012-02-03 Received confirmation from Aastra that the information has been forwarded to the head of engineering. 2012-04-25 Contacted Aastra informed them that details will be disclosed in 2013

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM). nginx is prone to a security vulnerability that allows attackers to perform man-in-the-middle attacks. Remote attackers can exploit this issue to gain access to sensitive information; other attacks are also possible. NGINX is a lightweight web server/reverse proxy server and e-mail (IMAP/POP3) proxy server of the American NGINX company

ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. ConnMan is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. ConnMan 1.3 is vulnerable; other versions may also be affected

The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data. SamsungDive for Android is prone to a spoofing vulnerability

The WPA2 implementation on the Belkin N900 F9K1104v1 router establishes a WPS PIN based on 6 digits of the LAN/WLAN MAC address, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading broadcast packets, a different vulnerability than CVE-2012-4366. The Belkin N900 F9K1104v1 is a wireless router product from Belkin, USA. This vulnerability is different from CVE-2012-4366. Belkin Wireless Router is prone to a security vulnerability that may allow attackers to generate a default WPS PIN. Successfully exploiting this issue may allow attackers to generate the default WPS PIN. This may lead to other attacks. Belkin N900 F9K1104v1 is vulnerable; other versions may also be affected. A vulnerability exists in the WPA2 implementation based on Belkin N900 F9K1104v1 routers

A cross-site scripting vulnerability has been found in Collaboration - Bulletin board in multiple Hitachi products.Remote users can exploit this vulnerability to execute malicious scripts.

The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support. i-GEN is a human machine interface (HMI) and SCADA software. opLYNX Central is a web-based application, and the opLYNX Central deployment is typically deployed at the Canadian Energy Agency. opLYNX is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the system. Successfully exploiting this issue may lead to further attacks. opLYNX versions prior to 2.01.9 are vulnerable. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: i-GEN opLYNX Central Application Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA51673 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51673/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51673 RELEASE DATE: 2012-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/51673/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51673/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51673 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in i-GEN opLYNX, which can be exploited by malicious people to bypass certain security restrictions. SOLUTION: Update to version 2.01.9. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Anthony Cicalla. ORIGINAL ADVISORY: ICSA-12-362-01: http://www.us-cert.gov/control_systems/pdf/ICSA-12-362-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary. The Cisco Unified IP Phone is Cisco's unified IP telephony solution. Or perform a denial of service attack due to memory coverage. Local attackers can exploit this issue to gain elevated privileges. Successful exploits will result in the complete compromise of the affected device. This issue being tracked by Cisco Bug ID CSCuc83860. The vulnerability stems from the program not properly validating unspecified system calls

Hitachi Collaboration is a collaboration solution. Hitachi Collaboration has a cross-site scripting vulnerability. Because part of the input passed to the application lacks filtering before being returned to the user, allowing an attacker to use the vulnerability to inject arbitrary HTML and script code to obtain sensitive information or hijack user sessions. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following Hitachi Collaboration products are vulnerable: Groupmax Collaboration Portal uCosminexus Collaboration Portal Groupmax Collaboration Web Client - Forum / File Sharing uCosminexus Collaboration Portal - Forum / File Sharing Groupmax Collaboration Web Client - Mail / Schedule. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Hitachi Collaboration Products Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA51630 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51630/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51630 RELEASE DATE: 2012-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/51630/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51630/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51630 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in some Hitachi Collaboration products, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. Please see the vendor's advisory for a list of affected products. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (HS12-029): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-029/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port). An attacker sends a trait packet to port 161 (SNMP port) or port 102 (ISO-TSAP port) to initiate a denial of service attack. SIEMENS SIMATIC S7-1200 is an automation application developed by Siemens. SIEMENS SIMATIC S7-1200 has an error in processing SNMP status information. An attacker can send a special message to UDP port 161 to put the device into defect mode. Allows an attacker to exploit a vulnerability for a denial of service attack. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Note: This issue was previously discussed in BID 57023 (SIEMENS SIMATIC S7-1200 Multiple Denial of Service Vulnerabilities), but has been moved to its own record for better documentation. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Siemens SIMATIC S7-1200 Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA51628 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51628/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51628 RELEASE DATE: 2012-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/51628/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51628/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51628 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in SIMATIC S7-1200, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are reported in all 2.x and 3.x versions. SOLUTION: The vendor is currently working on a fix. No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Prof. Dr. Hartmut Pohl, softScheck GmbH 2) Arne Vidstrom, Swedish Defence Research Agency (FOI) ORIGINAL ADVISORY: SSA-724606: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port). SIEMENS SIMATIC S7-1200 is an automation application developed by Siemens. SIEMENS SIMATIC S7-1200 has an error in processing SNMP status information. An attacker can send a special message to UDP port 161 to put the device into defect mode. Allows an attacker to exploit a vulnerability for a denial of service attack. SIEMENS SIMATIC S7-1200 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Note: The issue described by SNMP status information has been moved to BID 59399 (SIEMENS SIMATIC S7-1200 CVE-2013-2780 Denial of Service Vulnerability) for better documentation. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Siemens SIMATIC S7-1200 Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA51628 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51628/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51628 RELEASE DATE: 2012-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/51628/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51628/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51628 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in SIMATIC S7-1200, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are reported in all 2.x and 3.x versions. SOLUTION: The vendor is currently working on a fix. No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Prof. Dr. Hartmut Pohl, softScheck GmbH 2) Arne Vidstrom, Swedish Defence Research Agency (FOI) ORIGINAL ADVISORY: SSA-724606: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system. CUPS is prone to an unauthorized-access vulnerability. Successful exploits may allow an attacker to gain unauthorized access to the affected application. This may aid in further attacks. Apple CUPS is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. The vulnerability stems from the incorrect execution of the Listen localhost:631 option. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:034 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : cups Date : April 5, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated cups packages fixes bugs and security vulnerabilities: During the process of CUPS socket activation code refactoring in favour of systemd capability a security flaw was found in the way CUPS service honoured Listen localhost:631 cupsd.conf configuration option. The setting was recognized properly for IPv4-enabled systems, but failed to be correctly applied for IPv6-enabled systems. The fix for now is to not enable IP-based systemd socket activation by default. This update adds a patch to correct printing problems with some USB connected printers in cups 1.5.4. Further, this update should correct possible printing problems with the following printers since the update to cups 1.5.4. Canon, Inc. PIXMA iP4200 Canon, Inc. PIXMA iP4300 Canon, Inc. MP500 Canon, Inc. MP510 Canon, Inc. MP550 Canon, Inc. MP560 Brother Industries, Ltd, HL-1430 Laser Printer Brother Industries, Ltd, HL-1440 Laser Printer Oki Data Corp. Okipage 14ex Printer Oki Data Corp. B410d Xerox Phaser 3124 All Zebra devices Additionally, patches have been added to fix printing from newer apple devices and to correct an error in the \%post script which prevented the cups service from starting when freshly installed. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6094 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0004 https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0244 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 22ad3c19cc176891f254e5790e7e7e46 mbs1/x86_64/cups-1.5.4-1.1.mbs1.x86_64.rpm 5cad70e9e106847daf5388602935be87 mbs1/x86_64/cups-common-1.5.4-1.1.mbs1.x86_64.rpm a1bca7ac4b67c7e772ceb824e1190364 mbs1/x86_64/cups-serial-1.5.4-1.1.mbs1.x86_64.rpm 264190cf1f165dfdb46faa0e7f552ba2 mbs1/x86_64/lib64cups2-1.5.4-1.1.mbs1.x86_64.rpm f49fb184abab1efa7bf9e305535cd5c7 mbs1/x86_64/lib64cups2-devel-1.5.4-1.1.mbs1.x86_64.rpm bba301db543453de3c4866889c90db7c mbs1/x86_64/php-cups-1.5.4-1.1.mbs1.x86_64.rpm c68861ca8c504c902f6b7f2fc30826ef mbs1/SRPMS/cups-1.5.4-1.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRXqHYmqjQ0CJFipgRAp+dAKD1tEIrhgBKyFkl9RxqU/b/0eL/jwCgmWRu JvVlHKsOtpeF2zU7vMblKXw= =lGWJ -----END PGP SIGNATURE-----