VARIoT IoT vulnerabilities database

The restricted telnet shell on the D-Link DSL2730U router allows remote authenticated users to bypass intended command restrictions via shell metacharacters that follow a whitelisted command. An authenticated attacker can chain unauthorized commands through authorized commands in order to bypass the command whitelisting. D-Link DSL-2730u In OS A command injection vulnerability exists. The D-Link DSL2730U is a router device. Since there is no full filtering, a similar \"echo | ls\" is submitted. Commands that bypass the restrictions and execute \"sh -c echo | ls\" in the underlying environment. D-Link DSL2730U is prone to a remote command-injection vulnerability. Attackers can exploit this issue to execute arbitrary commands within the context of the affected device. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment

The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors. IBM Server Firmware Power 5 is prone to a remote privilege-escalation vulnerability. Attackers can exploit this issue to gain unauthorized administrative access to the affected device. This may aid in further attacks

Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors. Adobe Photoshop Camera Raw is prone to a buffer-underflow vulnerability. Successful exploits will compromise the affected application and possibly the underlying computer. Failed exploit attempts may cause a denial-of-service condition. Adobe Photoshop Camera Raw versions prior to 7.3 are vulnerable. Adobe Photoshop (PS) is a set of image processing and drawing software from Adobe Corporation of the United States. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Adobe Camera Raw Plug-in TIFF Image Processing Two Vulnerabilities SECUNIA ADVISORY ID: SA49929 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49929/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49929 RELEASE DATE: 2012-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/49929/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49929/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49929 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in Adobe Camera Raw Plug-in, which can be exploited by malicious people to compromise a user's system. 1) An error in the "Camera Raw.8bi" plug-in when processing a LZW compressed TIFF image can be exploited to cause a heap-based buffer underflow via a specially crafted LZW code within an image row strip. 2) An integer overflow error in the "Camera Raw.8bi" plug-in when allocating memory during TIFF image processing can be exploited to cause a heap-based buffer overflow via specially crafted image dimensions. Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening or previewing a malicious file. The vulnerabilities are reported in the plug-in version 7.2 and prior, confirmed in: * Adobe Bridge CS6 version 5.0.0.399. SOLUTION: Update the plug-in to version 7.3 via the application's update mechanism. PROVIDED AND/OR DISCOVERED BY: 1) Francis Provencher via Secunia. 2) Dmitriy Pletnev, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2012-31/ Adobe (APSB12-28): http://www.adobe.com/support/security/bulletins/apsb12-28.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player and Adobe AIR Contains an integer overflow vulnerability.An attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the loadPCMFromByteArray function in the flash.media.Sound object. When this function is called with a high number of 'samples' an integer overflow occurs during the calculation of a buffer size. This can lead to memory corruption that can result in remote code execution under the context of the current user. Failed exploit attempts will likely result in denial-of-service conditions. AIR is a technology developed for the combination of network and desktop applications, which can control cloud programs on the network without going through a browser. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Red Hat update for flash-plugin SECUNIA ADVISORY ID: SA51526 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51526/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51526 RELEASE DATE: 2012-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/51526/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51526/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51526 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2012:1569-1: https://rhn.redhat.com/errata/RHSA-2012-1569.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:1569-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1569.html Issue date: 2012-12-12 CVE Names: CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. These vulnerabilities are detailed in the Adobe Security bulletin APSB12-27, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 886200 - CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 flash-plugin: multiple code execution flaws (APSB12-27) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.258-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.258-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.258-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.258-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.258-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.258-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.258-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.258-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.258-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.258-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5676.html https://www.redhat.com/security/data/cve/CVE-2012-5677.html https://www.redhat.com/security/data/cve/CVE-2012-5678.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-27.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQyGJhXlSAg2UNWIIRAk+fAKCpyAfEImLmpa5GDhDn0qVwDT1aOgCeKWVK /I7KAaTWEKnqdTF2Qa3rwWs= =0jAo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310" References ========== [ 1 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 2 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 3 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 4 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 5 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 6 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 7 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 8 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 9 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 10 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 11 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 12 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 13 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 14 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 15 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 16 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 17 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 18 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 19 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 20 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 21 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 22 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 23 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 24 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 25 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 26 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 27 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 28 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 29 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 30 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 31 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 32 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 33 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 34 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 35 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 36 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 37 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 38 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 39 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 40 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 41 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 42 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 43 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 44 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 45 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 46 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 47 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 48 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 49 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 50 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 51 ] CVE-2012-5274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274 [ 52 ] CVE-2012-5275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275 [ 53 ] CVE-2012-5276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276 [ 54 ] CVE-2012-5277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277 [ 55 ] CVE-2012-5278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278 [ 56 ] CVE-2012-5279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279 [ 57 ] CVE-2012-5280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280 [ 58 ] CVE-2012-5676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676 [ 59 ] CVE-2012-5677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677 [ 60 ] CVE-2012-5678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678 [ 61 ] CVE-2013-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504 [ 62 ] CVE-2013-0630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630 [ 63 ] CVE-2013-0633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633 [ 64 ] CVE-2013-0634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634 [ 65 ] CVE-2013-0637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637 [ 66 ] CVE-2013-0638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638 [ 67 ] CVE-2013-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639 [ 68 ] CVE-2013-0642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642 [ 69 ] CVE-2013-0643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643 [ 70 ] CVE-2013-0644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644 [ 71 ] CVE-2013-0645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645 [ 72 ] CVE-2013-0646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646 [ 73 ] CVE-2013-0647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647 [ 74 ] CVE-2013-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648 [ 75 ] CVE-2013-0649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649 [ 76 ] CVE-2013-0650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650 [ 77 ] CVE-2013-1365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365 [ 78 ] CVE-2013-1366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366 [ 79 ] CVE-2013-1367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367 [ 80 ] CVE-2013-1368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368 [ 81 ] CVE-2013-1369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369 [ 82 ] CVE-2013-1370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370 [ 83 ] CVE-2013-1371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371 [ 84 ] CVE-2013-1372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372 [ 85 ] CVE-2013-1373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373 [ 86 ] CVE-2013-1374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374 [ 87 ] CVE-2013-1375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375 [ 88 ] CVE-2013-1378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378 [ 89 ] CVE-2013-1379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379 [ 90 ] CVE-2013-1380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380 [ 91 ] CVE-2013-2555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555 [ 92 ] CVE-2013-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728 [ 93 ] CVE-2013-3343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343 [ 94 ] CVE-2013-3344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344 [ 95 ] CVE-2013-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345 [ 96 ] CVE-2013-3347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347 [ 97 ] CVE-2013-3361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361 [ 98 ] CVE-2013-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362 [ 99 ] CVE-2013-3363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363 [ 100 ] CVE-2013-5324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player and AIR are prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code, cause denial-of-service conditions, and potentially allowing an attacker to take control of the affected system. AIR is a technology developed for the combination of network and desktop applications, which can control cloud programs on the network without going through a browser. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:1569-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1569.html Issue date: 2012-12-12 CVE Names: CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB12-27, listed in the References section. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 886200 - CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 flash-plugin: multiple code execution flaws (APSB12-27) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.258-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.258-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.258-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.258-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.258-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.258-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.258-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.258-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.258-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.258-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5676.html https://www.redhat.com/security/data/cve/CVE-2012-5677.html https://www.redhat.com/security/data/cve/CVE-2012-5678.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-27.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQyGJhXlSAg2UNWIIRAk+fAKCpyAfEImLmpa5GDhDn0qVwDT1aOgCeKWVK /I7KAaTWEKnqdTF2Qa3rwWs= =0jAo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . * Adobe AIR version 3.5.0.600 and earlier for Windows and Macintosh. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310" References ========== [ 1 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 2 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 3 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 4 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 5 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 6 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 7 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 8 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 9 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 10 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 11 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 12 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 13 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 14 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 15 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 16 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 17 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 18 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 19 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 20 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 21 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 22 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 23 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 24 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 25 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 26 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 27 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 28 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 29 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 30 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 31 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 32 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 33 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 34 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 35 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 36 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 37 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 38 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 39 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 40 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 41 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 42 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 43 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 44 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 45 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 46 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 47 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 48 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 49 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 50 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 51 ] CVE-2012-5274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274 [ 52 ] CVE-2012-5275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275 [ 53 ] CVE-2012-5276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276 [ 54 ] CVE-2012-5277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277 [ 55 ] CVE-2012-5278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278 [ 56 ] CVE-2012-5279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279 [ 57 ] CVE-2012-5280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280 [ 58 ] CVE-2012-5676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676 [ 59 ] CVE-2012-5677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677 [ 60 ] CVE-2012-5678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678 [ 61 ] CVE-2013-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504 [ 62 ] CVE-2013-0630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630 [ 63 ] CVE-2013-0633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633 [ 64 ] CVE-2013-0634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634 [ 65 ] CVE-2013-0637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637 [ 66 ] CVE-2013-0638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638 [ 67 ] CVE-2013-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639 [ 68 ] CVE-2013-0642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642 [ 69 ] CVE-2013-0643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643 [ 70 ] CVE-2013-0644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644 [ 71 ] CVE-2013-0645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645 [ 72 ] CVE-2013-0646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646 [ 73 ] CVE-2013-0647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647 [ 74 ] CVE-2013-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648 [ 75 ] CVE-2013-0649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649 [ 76 ] CVE-2013-0650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650 [ 77 ] CVE-2013-1365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365 [ 78 ] CVE-2013-1366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366 [ 79 ] CVE-2013-1367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367 [ 80 ] CVE-2013-1368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368 [ 81 ] CVE-2013-1369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369 [ 82 ] CVE-2013-1370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370 [ 83 ] CVE-2013-1371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371 [ 84 ] CVE-2013-1372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372 [ 85 ] CVE-2013-1373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373 [ 86 ] CVE-2013-1374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374 [ 87 ] CVE-2013-1375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375 [ 88 ] CVE-2013-1378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378 [ 89 ] CVE-2013-1379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379 [ 90 ] CVE-2013-1380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380 [ 91 ] CVE-2013-2555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555 [ 92 ] CVE-2013-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728 [ 93 ] CVE-2013-3343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343 [ 94 ] CVE-2013-3344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344 [ 95 ] CVE-2013-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345 [ 96 ] CVE-2013-3347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347 [ 97 ] CVE-2013-3361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361 [ 98 ] CVE-2013-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362 [ 99 ] CVE-2013-3363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363 [ 100 ] CVE-2013-5324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51549 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51549/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51549 RELEASE DATE: 2012-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/51549/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51549/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51549 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system. For more information: SA51560 2) A use-after-free error exists when handling visibility events. 3) A use-after-free error exists within the URL loader. 4) An error exists within the instantiation of the Chromoting client plug-in. 5) An error exists within history navigation. 6) An integer overflow error exists within handling of PPAPI image buffers. 7) An error exists in AAC decoding and can be exploited to corrupt stack-based memory. The vulnerabilities are reported in versions prior to 23.0.1271.97. SOLUTION: Update to version 23.0.1271.97. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2, 3) Chamal de Silva. 4) J\xfcri Aedla, Google Chrome Security Team. 5) Michal Zalewski, Google Security Team. 6) Cris Neckar, Google Chrome Security Team. 7) pawlkt. ORIGINAL ADVISORY: Google: http://googlechromereleases.blogspot.dk/2012/12/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player and Adobe AIR Contains a buffer overflow vulnerability.An attacker could execute arbitrary code. Adobe Flash Player and AIR are prone to a remote buffer-overflow vulnerability due to a failure to properly bounds check user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. AIR is a technology developed for the combination of network and desktop applications, which can control cloud programs on the network without going through a browser. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:1569-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1569.html Issue date: 2012-12-12 CVE Names: CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. These vulnerabilities are detailed in the Adobe Security bulletin APSB12-27, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2012-5676, CVE-2012-5677, CVE-2012-5678) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.258. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 886200 - CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 flash-plugin: multiple code execution flaws (APSB12-27) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.258-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.258-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.258-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.258-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.258-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.258-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.258-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.258-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.258-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.258-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5676.html https://www.redhat.com/security/data/cve/CVE-2012-5677.html https://www.redhat.com/security/data/cve/CVE-2012-5678.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-27.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQyGJhXlSAg2UNWIIRAk+fAKCpyAfEImLmpa5GDhDn0qVwDT1aOgCeKWVK /I7KAaTWEKnqdTF2Qa3rwWs= =0jAo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . * Adobe AIR version 3.5.0.600 and earlier for Windows and Macintosh. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310" References ========== [ 1 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 2 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 3 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 4 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 5 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 6 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 7 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 8 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 9 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 10 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 11 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 12 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 13 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 14 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 15 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 16 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 17 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 18 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 19 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 20 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 21 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 22 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 23 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 24 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 25 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 26 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 27 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 28 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 29 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 30 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 31 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 32 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 33 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 34 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 35 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 36 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 37 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 38 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 39 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 40 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 41 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 42 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 43 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 44 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 45 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 46 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 47 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 48 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 49 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 50 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 51 ] CVE-2012-5274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274 [ 52 ] CVE-2012-5275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275 [ 53 ] CVE-2012-5276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276 [ 54 ] CVE-2012-5277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277 [ 55 ] CVE-2012-5278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278 [ 56 ] CVE-2012-5279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279 [ 57 ] CVE-2012-5280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280 [ 58 ] CVE-2012-5676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676 [ 59 ] CVE-2012-5677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677 [ 60 ] CVE-2012-5678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678 [ 61 ] CVE-2013-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504 [ 62 ] CVE-2013-0630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630 [ 63 ] CVE-2013-0633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633 [ 64 ] CVE-2013-0634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634 [ 65 ] CVE-2013-0637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637 [ 66 ] CVE-2013-0638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638 [ 67 ] CVE-2013-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639 [ 68 ] CVE-2013-0642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642 [ 69 ] CVE-2013-0643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643 [ 70 ] CVE-2013-0644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644 [ 71 ] CVE-2013-0645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645 [ 72 ] CVE-2013-0646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646 [ 73 ] CVE-2013-0647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647 [ 74 ] CVE-2013-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648 [ 75 ] CVE-2013-0649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649 [ 76 ] CVE-2013-0650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650 [ 77 ] CVE-2013-1365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365 [ 78 ] CVE-2013-1366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366 [ 79 ] CVE-2013-1367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367 [ 80 ] CVE-2013-1368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368 [ 81 ] CVE-2013-1369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369 [ 82 ] CVE-2013-1370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370 [ 83 ] CVE-2013-1371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371 [ 84 ] CVE-2013-1372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372 [ 85 ] CVE-2013-1373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373 [ 86 ] CVE-2013-1374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374 [ 87 ] CVE-2013-1375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375 [ 88 ] CVE-2013-1378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378 [ 89 ] CVE-2013-1379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379 [ 90 ] CVE-2013-1380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380 [ 91 ] CVE-2013-2555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555 [ 92 ] CVE-2013-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728 [ 93 ] CVE-2013-3343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343 [ 94 ] CVE-2013-3344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344 [ 95 ] CVE-2013-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345 [ 96 ] CVE-2013-3347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347 [ 97 ] CVE-2013-3361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361 [ 98 ] CVE-2013-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362 [ 99 ] CVE-2013-3363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363 [ 100 ] CVE-2013-5324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51549 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51549/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51549 RELEASE DATE: 2012-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/51549/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51549/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51549 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system. For more information: SA51560 2) A use-after-free error exists when handling visibility events. 3) A use-after-free error exists within the URL loader. 4) An error exists within the instantiation of the Chromoting client plug-in. 5) An error exists within history navigation. 6) An integer overflow error exists within handling of PPAPI image buffers. 7) An error exists in AAC decoding and can be exploited to corrupt stack-based memory. The vulnerabilities are reported in versions prior to 23.0.1271.97. SOLUTION: Update to version 23.0.1271.97. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2, 3) Chamal de Silva. 4) J\xfcri Aedla, Google Chrome Security Team. 5) Michal Zalewski, Google Security Team. 6) Cris Neckar, Google Chrome Security Team. 7) pawlkt. ORIGINAL ADVISORY: Google: http://googlechromereleases.blogspot.dk/2012/12/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. The Mesh network is the \"wireless mesh network\", which is a wireless multi-hop network. Mesh OS is a routing system. The Tropos wireless network router product uses insufficient entropy when generating the SSH connection key. Mesh OS is prone to an insufficient-entropy vulnerability when generating keys for SSH. This aids in other attacks

Because the WEB interface authentication type is auth-basic, an attacker can obtain router login authentication credentials through ARP poison attack. The router's WEB management and configuration interfaces have input validation issues. Validated legitimate users can inject script code and obtain sensitive information. The Cisco DPC2420 is a cable modem device. A security vulnerability exists in the Cisco DPC2420. Some ISPs allow the router configuration to be changed over the TCP 8080 port. If the remote configuration option is enabled and the port is not filtered, an attacker can download the configuration file. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and to view sensitive local files in the context of the application, which may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ## ## -> Title: DPC2420 Multiple vulnerabilities ## -> Author: Facundo M. de la Cruz (tty0) ## -> E-mail: fmdlc@code4life.com.ar ## [0x00]> Details Vendor : Cisco Model : DPC2420 type : Cablemodem router. For example: $ wget http://foobar:8080/filename.gwc -O filename.gwc - --2012-12-08 21:24:43-- http://foobar:8080/filename.gwc Connecting to foobar:8080... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [application/octet-stream Content-transfer-encoding: binary] Saving to: “filename.gwc” [ <=> ] 15,927 50.9K/s in 0.3s 2012-12-08 21:24:43 (50.9 KB/s) - “filename.gwc” saved [15927] $ head -n 10 filename.gwc CRCVALUE=4144540802; #<<Begin of Configuration File>> Version=1.1; Created Date=2012/12/8; Created Time=21:24:43; Model Number=DPC2420; Serial Number=234905123; User Password=ky3gUCBmdwbaviPW5GxMZ8vdgzHjvS3wKfdF2Lhbdwq+S6qn+1fvgs54YBwl0jX2glgaQuXx27Eo3FgAz5E1N7bk9yR 7hDbzGS+y7XY4jJjY5yin5SkqAQp9GJl/sZO4t4D7TJzy2oV43flEwmdIPkyJC74zTOYZhb24ULJz3HV6ci5wn3gMPi0rSTkUc3pzHdiK WMMAsuMrYBi5MU9yqZ1vhCfC/c2Is1xgU1Kq0Y1Wcn2LdmRFU6+7rjRuN6iisAQZRQcF/kiym5VewYRBbnRNKjMXC0fw+M9y4V7Y8S4B6 3XuEwcq3OPUSLWKaA6yPDN5e5ZNxwJJuxldirDXBg==; [---OUTPUT OMITTED FOR SPACE REASONS---] [0x02]> - Persistent XSS With a valid user in the router web interface for managment and configuration, a user could insert JavaScript code in this forms and make a XSS, for example add a parental rule called "'/><script>alert(1)</script>. Then the attacker could get the Base64 encoded password and convert it to plain text easily. 20:58:47.879985 IP 172.16.1.242.34464 > 192.168.0.1.http: Flags [P.], seq 0:372, ack 1, win 115 0x0000: 4500 01a8 fdf4 4000 4006 ccaf ac10 01f2 E.....@.@....... 0x0010: c0a8 0001 86a0 0050 e4cf 13e5 76c7 819e .......P....v... 0x0020: 8018 0073 03c2 0000 0101 080a 055f ee19 ...s........._.. 0x0030: 0000 be7e 4745 5420 2f73 6967 6e61 6c2e ...~GET./signal. 0x0040: 6173 7020 4854 5450 2f31 2e31 0d0a 486f asp.HTTP/1.1..Ho 0x0050: 7374 3a20 3139 322e 3136 382e 302e 310d st:.192.168.0.1. 0x0060: 0a55 7365 722d 4167 656e 743a 204d 6f7a .User-Agent:.Moz 0x0070: 696c 6c61 2f35 2e30 2028 5831 313b 204c illa/5.0.(X11;.L 0x0080: 696e 7578 2078 3836 5f36 343b 2072 763a inux.x86_64;.rv: 0x0090: 3136 2e30 2920 4765 636b 6f2f 3230 3130 16.0).Gecko/2010 0x00a0: 3031 3031 2046 6972 6566 6f78 2f31 362e 0101.Firefox/16. 0x00b0: 300d 0a41 6363 6570 743a 2074 6578 742f 0..Accept:.text/ 0x00c0: 6874 6d6c 2c61 7070 6c69 6361 7469 6f6e html,application 0x00d0: 2f78 6874 6d6c 2b78 6d6c 2c61 7070 6c69 /xhtml+xml,appli 0x00e0: 6361 7469 6f6e 2f78 6d6c 3b71 3d30 2e39 cation/xml;q=0.9 0x00f0: 2c2a 2f2a 3b71 3d30 2e38 0d0a 4163 6365 ,*/*;q=0.8..Acce 0x0100: 7074 2d4c 616e 6775 6167 653a 2065 6e2d pt-Language:.en- 0x0110: 5553 2c65 6e3b 713d 302e 350d 0a41 6363 US,en;q=0.5..Acc 0x0120: 6570 742d 456e 636f 6469 6e67 3a20 677a ept-Encoding:.gz 0x0130: 6970 2c20 6465 666c 6174 650d 0a43 6f6e ip,.deflate..Con 0x0140: 6e65 6374 696f 6e3a 206b 6565 702d 616c nection:.keep-al 0x0150: 6976 650d 0a52 6566 6572 6572 3a20 6874 ive..Referer:.ht 0x0160: 7470 3a2f 2f31 3932 2e31 3638 2e30 2e31 tp://192.168.0.1 0x0170: 2f77 6562 7374 6172 2e68 746d 6c0d 0a41 /webstar.html..A 0x0180: 7574 686f 7269 7a61 7469 6f6e 3a20 4261 uthorization:.Ba 0x0190: 7369 6320 4f6b 4d30 626d fa38 3443 a9c0 sic.aWFtYXBhc3N3 0x01a0: 1b4e 1134 640a 054b ZAo==.... - From 0x0180 offset to the end of the packet payload the attacker could get the password encoded with Base64 and simply convert it to plain text: $ echo aWFtYXBhc3N3ZAo== | base64 -d iamapassword - --- 1355011796 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQxAwHAAoJENeXyOFXJgeJlAIP/2xUnXQ/aW+HiwLEDIdTCLsj SDGjsS0m2Mk27QGBRKMZ0mPpyrQu/ZnUYSFyemh2T6Dt2DKsTsr8VoeU/KL8aeKW f+4uRYilUviyJycQ7bBcsv+12wEkVkN31mteX4FufkVvEDtSGFr2TaKvroSPRavi dGisynfKM1OpFMdXLDjZRBnWJ5KuhMx2PAoMDSsXtap2WOqxAW4FCgiLJxuAkVjB oKVmzmITPiwi0czV7AS588e7mNPL5z+4RmA+8I/w+iktV8T5Hicjey/m64kk2rfX au0vW2sNF+BF2rhIFVa8YV3kOINm7fGTGLBp3eCILugTlc3ctj/y/+1xveRIb3nG I4Okv3X0LXqBG6rr+FnElajzfkxmifH8jjUDHxUkJHvCi3JCaK2zhzs2V901b5kM 1a/1zfk3rASAnTd1tF5gnmeu4AQuiNISj/xCAlxtkdDUtL+YBiOgpza8rEwl7gkA tvVT0kxKsQr+7SokU0rFybSz6eE+AC8u/HnhW3CJktUYpvRf4BYQdQNjBHyYoSEZ ReSaX+1eGFCXRdyTwC0y0DfxVYZQQXWGodSafBA4bFq9ZFXi1F6hJap2PA2qUiZJ /DZoyfq0VEqZBoICmcYelakMSbQ4hZbk/ewc7Z9dddh8z8vrKg/pksTJnZdCIFDC Ycn0i8x1U/9cdl5WK+9e =i5b0 -----END PGP SIGNATURE-----

SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file. SumatraPDF and MuPDF Contains an integer overflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Sumatra PDF and MuPDF are prone to an integer-overflow vulnerability because they fail to properly validate user-supplied input. An attacker can exploit this issue to execute arbitrary malicious code in the context of the affected application. Failed exploit attempts will likely crash the application. The following versions are vulnerable: MuPDF 1.0 MuPDF for iOS 1.1 Sumatra 2.1.1. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: MuPDF "pdf_repair_obj_stm()" Signedness Vulnerability SECUNIA ADVISORY ID: SA51544 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51544/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51544 RELEASE DATE: 2012-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/51544/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51544/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51544 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in MuPDF, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a signedness error in the "pdf_repair_obj_stm()" function (pdf/pdf_repair.c) when processing a stream and can be exploited to corrupt memory via a specially crafted length number. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious PDF document. The vulnerability is confirmed in version 1.0. Prior versions may also be affected. SOLUTION: Update to version 1.1. PROVIDED AND/OR DISCOVERED BY: beford ORIGINAL ADVISORY: beford: http://www.exploit-db.com/exploits/23246/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controller platform; and PLC-5 controller platform, when Static status is not enabled, allow remote attackers to cause a denial of service via messages that trigger modification of status bits. Rockwell Automation is a provider of industrial automation, control and information technology solutions. There is a denial of service vulnerability in Rockwell Automation Controllers. Due to errors in the processing of certain messages, an attacker can send a message to TCP and 2222 or 44818 UDP port, causing the device to fail. Exploiting this issue allows remote attackers to trigger denial-of-service conditions. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Rockwell Automation Controllers Denial of Service Vulnerability SECUNIA ADVISORY ID: SA51534 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51534/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51534 RELEASE DATE: 2012-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/51534/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51534/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51534 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in some Rockwell Automation controllers, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is reported in the following products: * MicroLogix 1100 controller * MicroLogix 1200 controller * MicroLogix 1400 controller * MicroLogix 1500 controller * SLC 500 controller platform * PLC-5 controller platform SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Matthew Luallen, CYBATI. ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-342-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS private keys, (4) SNMPv3 communities, and (5) LDAP credentials by leveraging unspecified side effects of service or maintenance activity. (1) Local account (2) SSH Secret key (3) SSL/TLS Secret key (4) SNMPv3 community (5) LDAP Authentication. IBM Flex System is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. The following products are vulnerable: IBM Flex System CMM version 1.00.0 IBM Flex System CMM version 1.20.2 IBM Flex System IMM2 version 1.34 IBM Flex System IMM2 version 1.45 IBM Flex System IMM2 version 1.60

Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request. GE Proficy HMI/SCADA-CIMPLICITY is software for monitoring and controlling scada devices. There are security vulnerabilities in GE Proficy HMI/SCADA-CIMPLICITY 4.01 and other versions. An attacker could exploit this vulnerability to compromise an affected application and deny service to legitimate users. GE Proficy HMI/SCADA-CIMPLICITY is prone to a remote denial-of-service vulnerability. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Proficy HMI/SCADA - CIMPLICITY Web Server Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA51789 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51789/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51789 RELEASE DATE: 2013-01-09 DISCUSS ADVISORY: http://secunia.com/advisories/51789/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51789/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51789 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Proficy HMI/SCADA - CIMPLICITY, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow error within the web server (CimWebServer.exe) when handling certain HTTP data and can be exploited to crash the web server. The vulnerability is reported in versions 8.0 and later. SOLUTION: Apply patches (please see vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Information and Communication Security Technology Center. ORIGINAL ADVISORY: GE: http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15153 ICS-CERT (ICSA-12-341-01): http://www.us-cert.gov/control_systems/pdf/ICSA-12-341-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via unknown vectors. The HP LaserJet Pro 400 is a laser printer device. A security hole exists in the HP LaserJet Pro 400 multifunction printer. Allow remote attackers to exploit the vulnerability for unauthorized access. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03464042 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03464042 Version: 1 HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-12-03 Last Updated: 2012-12-03 Potential Security Impact: Remote unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with certain HP LaserJet Pro 400 Multifunction Printers (MFP). References: CVE-2012-3273 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. To obtain the updated firmware for an impacted HP LaserJet Pro 400 goto www.hp.com and follow the steps below: Select 'Support and Drivers' select 'Drivers & Software' Enter the device which needs an updated firmware. Choose an operating system Choose the firmware and download it. HISTORY Version:1 (rev.1) - 3 December 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlC89/oACgkQ4B86/C0qfVlRRwCgtAiGuPbirAJQ9R0LUoegiXsU Wk0AnRgUhgcRr+LlgOJSNbNUPvGS1sZx =mjCg -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: HP LaserJet Pro 400 Printers Unspecified Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA51507 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51507/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51507 RELEASE DATE: 2012-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/51507/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51507/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51507 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP LaserJet Pro 400 Printers, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an unspecified error. No further information is currently available. Please see the vendor's advisory for the list of affected devices. SOLUTION: Apply firmware updates. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBPI02807 SSRT100928: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03464042 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. FreeFTPd is a free FTP+SSL/SFTP server based on WeOnlyDo FTP/SFTP. There is a vulnerability in freeFTPd.exe in freeFTPd versions prior to 1.0.11

Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function. Advantech Studio (AStudio) is an automated software tool that contains all the basic components for data acquisition and control. Advantech Studio has a directory traversal vulnerability. Advantech Studio and Indusoft Web Studio are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Versions Advantech Studio/Indusoft Web Studio 7.0 and prior are vulnerable. The tool supports real-time dynamic graphic images, uses a browser to view trends, alarms, reports, imports or exports reports and real-time data in XML format, etc

Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. There are security holes in HP laser printers and color laser printers from multiple Hewlett-Packard companies. Allows an attacker to exploit a vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. Multiple HP printers are prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03556108 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03556108 Version: 1 HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-12-03 Last Updated: 2012-12-03 Potential Security Impact: Cross-site scripting (XSS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP LaserJet and Color LaserJet printers. References: CVE-2012-3272 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. To obtain the firmware, go to http://www.hp.com and follow these steps. Click on Support and Drivers Use the Drivers & Software tab and enter the impacted product number and search for that product Select the product Select the operating system Select and download the Firmware version listed, or a later version, if available Product Number Firmware Version HP Color LaserJet CM3530 Update to version 53.190.9 21 Aug 2012 or later HP Color LaserJet CM6030 Update to version 52.210.9 21 Aug 2012 or later HP Color LaserJet CM6040 Update to version 52.210.9 21 Aug 2012 or later HP Color LaserJet CP3525 Update to version 06.140.3 18 18 Jul 2012 or later HP Color LaserJet CP4025 Update to version 07.120.6 21 Aug 2012 or later HP Color LaserJet CP4525 Update to version 07.120.6 21 Aug 2012 or later HP Color LaserJet CP6015 Update to version 04.160.3 18 Jul 2012 or later HP LaserJet P3015 Update to version 07.140.3 18 Jul 2012 or later HP LaserJet P4014 Update to version 04.170.3 18 Jul 2012 or later HP LaserJet P4015 Update to version 04.170.3 18 Jul 2012 or later HP LaserJet P4515 Update to version 04.170.3 18 Jul 2012 or later HISTORY Version:1 (rev.1) - 3 December 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlC89IUACgkQ4B86/C0qfVkLXQCg96zP/umFE7UxvpCjaVZCejRs gM8AoPyEVtyJEIoWEQqsugnrkljoki3u =FDjD -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Certain unspecified input is not properly sanitised before being returned to the user. Please see the vendor's advisory for the list of affected devices. PROVIDED AND/OR DISCOVERED BY: The vendor credits Dominic Sim, KPMG. ORIGINAL ADVISORY: HPSBPI02828 SSRT100778: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. There is a vulnerability in freeSSHd.exe in freeSSHd 1.2.6. freeSSHd is a free SSH server on the Windows platform. There are vulnerabilities in freeSSHd 2.1.3, and other versions may be affected

FreeFTPd is a free FTP+SSL/SFTP server based on WeOnlyDo FTP/SFTP. An authentication bypass vulnerability exists in FreeFTPD. A remote attacker exploited the vulnerability to bypass the authentication mechanism and gain unauthorized access. There are vulnerabilities in the FreeFTPD 1.0.11 release, and other versions may be affected. FreeFTPD is prone to an authentication-bypass vulnerability

BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error. It highlights game, media publishing and collaboration features. An attacker can exploit a vulnerability by enticing a trusted user to view a specially crafted website, resulting in the disclosure of potentially sensitive information. NOTE: Very limited information is currently available regarding this issue. We will update this BID as more information emerges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory (NDSA20121030) Date: 30th October 2012 Author: Tim Brown <mailto:timb@nth-dimension.org.uk> URL: <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/> Product: RIM BlackBerry PlayBook OS 1.0.8.6067 <http://www.rim.com/products/blackberry_tablets.shtml> Vendor: RIM <http://www.rim.com/> Risk: Low Summary The web browser which comes as part of the RIM BlackBerry PlayBook OS can be tricked into disclosing the contents of local files through the planting of a malicious HTML file through the standard download mechanism. It should be noted that in order to exploit this issue, user interaction is required as the user will need to confirm the download of the malicious HTML file. After discussions with the vendor, CVE-2012-5828 was assigned to this vulnerability. Solutions Nth Dimension recommends that the vendor supplied patches should be applied. Technical Details It was identified that the PlayBook web browser could be forced to download rather than render HTML files and that whilst the browser does prompt the user to confirm the location of the download, this download process defaults to an attacker chosen location. Furthermore, once downloaded, it is possible to use the "Location" header to load the file from the attacker's chose location using the "file://" URL handler in such a manner that the downloaded HTML then has trusted access to the PlayBook filing system. It is possible to craft a HTML download which when opened will lead to arbitrary JavaScript being executed in the local context. The "file://" URL handler is trusted to execute across domains. History On 12th February 2012, Nth Dimension supplied a PoC exploit for this issue to representatives of RIM. BBSIRT responded on the 20th to confirm that they had recieved the report and were investigating. RIM further notified Nth Dimension to confirm that all reported vulnerabilities were handled based on CVSS and that only critical vulnerabilities were deemed candidates for out-of-band patching. Less critical issues would however be addressed in future product updates. Nth Dimension responded on 7th March 2012 to confirm that they agreed with this approach and that in their opinion the issue was not critical and did not warrant an expedited response. Nth Dimension asked to be kept in the loop regarding the release of a patch for this issue in due course. On 19th September 2012, Nth Dimension asked for an update, in particular to establish whether a CVE had been assigned by RIM for this issue. On 1st November 2012, RIM responded to say that the "The changes for the issues are in the latest 2.1 builds for PlayBook. The build is currently available for WiFi only PlayBooks and we’re working with our carrier partners for testing and availability for build for the in-market cellular-enabled PlayBooks". On 6th November 2012, RIM confirm that CVE-2012-5828 has been assigned. They also confirm they believe testing of cellular PlayBooks will be completed by the end of the month. Nth Dimension repond, proposing 1st Deceber 2012 as the embargo date. Current As of 1st Novmeber 2012, the state of the vulnerability is believed to be as follows. RIM have begun shipping a patch which it is believed successfully resolves the reported issue. Thanks Nth Dimension would like to thank all the security folk at RIM, in particular the BlackBerry Incident Response team for the way they worked to resolve the issue. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQuU6xAAoJEPJhpTVyySo7xcoQAM7KB/2KYIq/IElrO15jr/hH 8Pytj9Q+k0VTmousVUWs5EP+uurZ28dGH8QNdsBv/kmp9M6gPQbex38pVVp+UJxh DcVoGhVJLsrzATQH+1LH/zVVkV4idERSQvGMjbikHWMdObfr6H37iN/UwK1+O27T tFQkIbM/rRNZk/OUz+B25D+2C53tdjTsCStkbnmYXKBlMYf0h3M28sFR3bcB5mBg MFNO7Vr/t16NdFRN+MPgfiRZTATH2gCqklMoe8rmQbu+Fumf1+7T5jlnXORUIiUb tTKvDjw9o0dL513b58JuIsheiyx0IlvGo4RyfXfWRAZaZiTPSnbzPwl83Bj1JpW+ PJ4Z+4yKcwQcRIfvCDH6vc8o4uMTM7g9SMuLxZBoZN3mFUAOLwy9wJde+w8bmpFA Z6KWtmzcAlt1QoRhNPS8s+udMc1HSXKpyNjTdaqEmhjVNReDeIp+mrOnlYENa4k+ 86LyOMlil00B+dCnt76/s3T/Q+briWgLgY7KrZlVIIoRzliTn3Oy0Rd7SIRJgoV6 bK5/W8q1uFEEF1kdy1Q3/08CFxIkWKgB6QCfa0iY5q+nNl5V6SjqAaxsesB/zcnS aD6OjWz+j9ZFs1nounIWZrGygLRVt3C/liLfR7JiAGux518mRz87uOedd+0TtBUh O7FtQ/d4H990AomSBivi =DyJj -----END PGP SIGNATURE-----

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do. (1) brightmail/export of .. An attacker can exploit these issues to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks. Symantec Messaging Gateway 9.5.x versions are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. By (1) adding .. to the localBackupFileSelection parameter in the APPLIANCE restoreSource operation and sending it to brightmail/admin/restore/download.do, remote attackers use The vulnerability reads arbitrary files