VARIoT IoT vulnerabilities database

Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL. McAfee Email and Web Security Appliance and Email Gateway are prone to a cross-site scripting vulnerability, a directory-traversal vulnerability, and a security-bypass vulnerability. A remote attacker could leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Exploiting the security-bypass vulnerability allows attackers to bypass security restrictions and obtain sensitive information or perform unauthorized actions. Exploiting the directory-traversal issue allows attackers to use directory-traversal strings to download arbitrary files in the context of the affected application. The solution offers incoming threat protection, outgoing encryption, data loss prevention, and more. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA50408 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50408/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50408 RELEASE DATE: 2012-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/50408/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50408/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50408 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in McAfee Email and Web Security Appliance and Email Gateway, which can be exploited by malicious users to disclose certain sensitive information and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks. 1) An unspecified error within the authentication mechanism can be exploited to gain administrative privileges. 2) Certain input passed to the web interface is not properly verified before being used to download files. This can be exploited to download arbitrary files from local resources via directory traversal sequences. 3) Certain unspecified input is not properly sanitised before being returned to the user. The vulnerabilities are reported in the following products: * McAfee Email Gateway (MEG) versions 7.0.0 and 7.0.1. * McAfee Email and Web Security (EWS) versions 5.6 Patch 3 and prior * McAfee Email and Web Security (EWS) versions 5.5 Patch 6 and prior SOLUTION: Apply patches if available (please see the vendor's advisory for more information). PROVIDED AND/OR DISCOVERED BY: The vendor credits Tenable Network Security. ORIGINAL ADVISORY: https://kc.mcafee.com/corporate/index?page=content&id=SB10026 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. A remote attacker could leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Exploiting the security-bypass vulnerability allows attackers to bypass security restrictions and obtain sensitive information or perform unauthorized actions. Exploiting the directory-traversal issue allows attackers to use directory-traversal strings to download arbitrary files in the context of the affected application. The solution offers incoming threat protection, outgoing encryption, data loss prevention, and more. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA50408 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50408/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50408 RELEASE DATE: 2012-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/50408/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50408/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50408 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in McAfee Email and Web Security Appliance and Email Gateway, which can be exploited by malicious users to disclose certain sensitive information and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks. 1) An unspecified error within the authentication mechanism can be exploited to gain administrative privileges. 2) Certain input passed to the web interface is not properly verified before being used to download files. This can be exploited to download arbitrary files from local resources via directory traversal sequences. 3) Certain unspecified input is not properly sanitised before being returned to the user. The vulnerabilities are reported in the following products: * McAfee Email Gateway (MEG) versions 7.0.0 and 7.0.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Tenable Network Security. ORIGINAL ADVISORY: https://kc.mcafee.com/corporate/index?page=content&id=SB10026 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session. The Korenix JetPort Series is an intelligent RS-232 or RS-/422/485 serial to Ethernet device networking server. ORing Industrial DIN-Rail serial-device servers are also similar to such devices. Korenix Jetport 5600 series products are prone to a remote authentication-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: JetPort 5600 Hardcoded Credentials Security Issue SECUNIA ADVISORY ID: SA51083 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51083/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51083 RELEASE DATE: 2012-10-24 DISCUSS ADVISORY: http://secunia.com/advisories/51083/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51083/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51083 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in JetPort 5600, which can be exploited by malicious people to compromise a vulnerable device. The security issue is reported in versions prior to 2.01. SOLUTION: Update to version 2.01. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Reid Wightman, Digital Bond. ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-02.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI. ( Dot dot ) including URI Any file may be read through, or any directory may be listed. IOServer is an industrial control software running on windows. The WEB interface contained in the IOServer fails to properly filter the URL submitted by the user. To successfully exploit the vulnerability you need to enable \"XML Server\". ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: IOServer Web Interface Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA50297 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50297/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50297 RELEASE DATE: 2012-08-21 DISCUSS ADVISORY: http://secunia.com/advisories/50297/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50297/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50297 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: hinge has reported a vulnerability in IOServer, which can be exploited by malicious people to disclose certain sensitive information. Input appended to the URL is not properly sanitised before being used to display files. The vulnerability is reported in versions prior to 1.0.19.0. SOLUTION: Update to version 1.0.19.0. PROVIDED AND/OR DISCOVERED BY: hinge ORIGINAL ADVISORY: http://www.foofus.net/?page_id=616 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player and AIR are prone to a remote integer-overflow vulnerability. NOTE: This issue was previously covered in BID 55136 (Adobe Flash Player and AIR APSB12-19 Multiple Remote Vulnerabilities) but has been assigned its own record for better documentation. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:1203-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1203.html Issue date: 2012-08-23 CVE Names: CVE-2012-1535 CVE-2012-4163 CVE-2012-4164 CVE-2012-4165 CVE-2012-4166 CVE-2012-4167 CVE-2012-4168 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed on the Adobe security pages APSB12-18 and APSB12-19, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 848180 - CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18) 850528 - flash-plugin: multiple code execution flaws (APSB12-19) 850529 - CVE-2012-4168 flash-plugin: cross-domain information leak flaw (APSB12-19) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.238-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.238-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.238-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.238-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1535.html https://www.redhat.com/security/data/cve/CVE-2012-4163.html https://www.redhat.com/security/data/cve/CVE-2012-4164.html https://www.redhat.com/security/data/cve/CVE-2012-4165.html https://www.redhat.com/security/data/cve/CVE-2012-4166.html https://www.redhat.com/security/data/cve/CVE-2012-4167.html https://www.redhat.com/security/data/cve/CVE-2012-4168.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-18.html http://www.adobe.com/support/security/bulletins/apsb12-19.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQNmAUXlSAg2UNWIIRAourAJ4tMQhcFeDncAU0C/fbNbaxGMRyagCgsq2j ct6jiyuGVLQQctxa3ujpthE= =RTPh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04039150 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04039150 Version: 1 HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-03-10 Last Updated: 2014-03-10 Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in execution of arbitrary code, Denial of Service (DoS), or disclosure of information. HP Systems Insight Manager (SIM) prior to v7.3 for Linux and Windows (CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375, CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555) HP Systems Insight Manager (SIM) prior to v7.2 for Linux and Windows (CVE-2012-4168, CVE-2012-4167, CVE-2012-4165, CVE-2012-4164, CVE-2012-4163, CVE-2012-1535) BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1535 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2012-4163 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4164 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4165 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4167 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4168 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-0646 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0650 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1371 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1375 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1378 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1379 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1380 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2555 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made Systems Insight Manager (SIM) v7.3 available for Linux and Windows to resolve the vulnerabilities. Information and downloads for HP SIM can be found at the following locations: http://h18013.www1.hp.com/products/servers/management/hpsim/download.html Insight Management DVD: http://h18013.www1.hp.com/products/servers/management/fpdownload.html HISTORY Version:1 (rev.1) - 10 March 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.238" References ========== [ 1 ] CVE-2012-1535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1535 [ 2 ] CVE-2012-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4163 [ 3 ] CVE-2012-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4164 [ 4 ] CVE-2012-4165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4165 [ 5 ] CVE-2012-4166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4166 [ 6 ] CVE-2012-4167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4167 [ 7 ] CVE-2012-4168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4168 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4164 and CVE-2012-4165. Adobe Flash Player Any code that could be executed or service disruption ( Memory corruption ) There is a vulnerability that becomes a condition. This vulnerability CVE-2012-4164 and CVE-2012-4165 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Other attacks are also possible. NOTE: This issue was previously covered in BID 55136 (Adobe Flash Player and AIR APSB12-19 Multiple Remote Vulnerabilities) but has been assigned its own record for better documentation. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:1203-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1203.html Issue date: 2012-08-23 CVE Names: CVE-2012-1535 CVE-2012-4163 CVE-2012-4164 CVE-2012-4165 CVE-2012-4166 CVE-2012-4167 CVE-2012-4168 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed on the Adobe security pages APSB12-18 and APSB12-19, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 848180 - CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18) 850528 - flash-plugin: multiple code execution flaws (APSB12-19) 850529 - CVE-2012-4168 flash-plugin: cross-domain information leak flaw (APSB12-19) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.238-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.238-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.238-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.238-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1535.html https://www.redhat.com/security/data/cve/CVE-2012-4163.html https://www.redhat.com/security/data/cve/CVE-2012-4164.html https://www.redhat.com/security/data/cve/CVE-2012-4165.html https://www.redhat.com/security/data/cve/CVE-2012-4166.html https://www.redhat.com/security/data/cve/CVE-2012-4167.html https://www.redhat.com/security/data/cve/CVE-2012-4168.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-18.html http://www.adobe.com/support/security/bulletins/apsb12-19.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQNmAUXlSAg2UNWIIRAourAJ4tMQhcFeDncAU0C/fbNbaxGMRyagCgsq2j ct6jiyuGVLQQctxa3ujpthE= =RTPh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04039150 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04039150 Version: 1 HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-03-10 Last Updated: 2014-03-10 Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) running on Linux and Windows. HP Systems Insight Manager (SIM) prior to v7.3 for Linux and Windows (CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375, CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555) HP Systems Insight Manager (SIM) prior to v7.2 for Linux and Windows (CVE-2012-4168, CVE-2012-4167, CVE-2012-4165, CVE-2012-4164, CVE-2012-4163, CVE-2012-1535) BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1535 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2012-4163 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4164 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4165 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4167 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4168 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-0646 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0650 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1371 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1375 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1378 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1379 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1380 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2555 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made Systems Insight Manager (SIM) v7.3 available for Linux and Windows to resolve the vulnerabilities. Information and downloads for HP SIM can be found at the following locations: http://h18013.www1.hp.com/products/servers/management/hpsim/download.html Insight Management DVD: http://h18013.www1.hp.com/products/servers/management/fpdownload.html HISTORY Version:1 (rev.1) - 10 March 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.238" References ========== [ 1 ] CVE-2012-1535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1535 [ 2 ] CVE-2012-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4163 [ 3 ] CVE-2012-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4164 [ 4 ] CVE-2012-4165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4165 [ 5 ] CVE-2012-4166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4166 [ 6 ] CVE-2012-4167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4167 [ 7 ] CVE-2012-4168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4168 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163 and CVE-2012-4164. This vulnerability is CVE-2012-4163 and CVE-2012-4164 This is a different vulnerability.Arbitrary code execution or denial of service by an attacker ( Memory corruption ) May be in a state. Adobe Flash Player and AIR are prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code, cause denial-of-service conditions, or gain access to sensitive information. Other attacks are also possible. NOTE: This issue was previously covered in BID 55136 (Adobe Flash Player and AIR APSB12-19 Multiple Remote Vulnerabilities) but has been assigned its own record for better documentation. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:1203-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1203.html Issue date: 2012-08-23 CVE Names: CVE-2012-1535 CVE-2012-4163 CVE-2012-4164 CVE-2012-4165 CVE-2012-4166 CVE-2012-4167 CVE-2012-4168 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed on the Adobe security pages APSB12-18 and APSB12-19, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 848180 - CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18) 850528 - flash-plugin: multiple code execution flaws (APSB12-19) 850529 - CVE-2012-4168 flash-plugin: cross-domain information leak flaw (APSB12-19) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.238-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.238-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.238-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.238-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1535.html https://www.redhat.com/security/data/cve/CVE-2012-4163.html https://www.redhat.com/security/data/cve/CVE-2012-4164.html https://www.redhat.com/security/data/cve/CVE-2012-4165.html https://www.redhat.com/security/data/cve/CVE-2012-4166.html https://www.redhat.com/security/data/cve/CVE-2012-4167.html https://www.redhat.com/security/data/cve/CVE-2012-4168.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-18.html http://www.adobe.com/support/security/bulletins/apsb12-19.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQNmAUXlSAg2UNWIIRAourAJ4tMQhcFeDncAU0C/fbNbaxGMRyagCgsq2j ct6jiyuGVLQQctxa3ujpthE= =RTPh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04039150 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04039150 Version: 1 HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-03-10 Last Updated: 2014-03-10 Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) running on Linux and Windows. HP Systems Insight Manager (SIM) prior to v7.3 for Linux and Windows (CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375, CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555) HP Systems Insight Manager (SIM) prior to v7.2 for Linux and Windows (CVE-2012-4168, CVE-2012-4167, CVE-2012-4165, CVE-2012-4164, CVE-2012-4163, CVE-2012-1535) BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1535 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2012-4163 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4164 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4165 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4167 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4168 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-0646 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0650 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1371 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1375 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1378 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1379 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1380 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2555 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made Systems Insight Manager (SIM) v7.3 available for Linux and Windows to resolve the vulnerabilities. Information and downloads for HP SIM can be found at the following locations: http://h18013.www1.hp.com/products/servers/management/hpsim/download.html Insight Management DVD: http://h18013.www1.hp.com/products/servers/management/fpdownload.html HISTORY Version:1 (rev.1) - 10 March 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.238" References ========== [ 1 ] CVE-2012-1535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1535 [ 2 ] CVE-2012-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4163 [ 3 ] CVE-2012-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4164 [ 4 ] CVE-2012-4165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4165 [ 5 ] CVE-2012-4166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4166 [ 6 ] CVE-2012-4167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4167 [ 7 ] CVE-2012-4168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4168 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. Tor (The Onion Router) is an implementation of the second generation of onion routing, which allows users to communicate anonymously over the Internet. Tor has a remote vulnerability in its implementation. Multiple denial-of-service vulnerabilities. 2. An information-disclosure vulnerability. 3. An out-of-bounds memory-access vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:132 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : tor Date : April 10, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated tor package fixes security vulnerabilities: Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected (CVE-2011-2768). Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values (CVE-2011-2769). routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack (CVE-2012-3519). Tor before 0.2.2.39, when waiting for a client to renegotiate, allowed it to add bytes to the input buffer, allowing a crash to be caused remotely (tor-5934, tor-6007). The version of Tor shipped in MBS1 did not have correctly formed systemd unit and thus failed to start. This updated version corrects this problem and restores working behaviour. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5573 https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0184 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0276 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0356 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 8cadc920e4452cd2a3551a3cb01d9fcf mbs1/x86_64/tor-0.2.2.39-1.mbs1.x86_64.rpm 7cbba7170bc4f9e6ee8409398437570c mbs1/SRPMS/tor-0.2.2.39-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVsDmqjQ0CJFipgRAm9IAJ9tYUVrI7u2V+7yJGNLn2OVMdOzcACgyrhf PUIroe88x4NDpj7AUyd2YP8= =x4YG -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Tor: Multiple vulnerabilities Date: January 08, 2013 Bugs: #432188, #434882, #444804 ID: 201301-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Tor, allowing attackers to cause Denial of Service or obtain sensitive information. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Tor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.3.25" References ========== [ 1 ] CVE-2012-3517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3517 [ 2 ] CVE-2012-3518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3518 [ 3 ] CVE-2012-3519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3519 [ 4 ] CVE-2012-4419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4419 [ 5 ] CVE-2012-4922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4922 [ 6 ] CVE-2012-5573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5573 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201301-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. plural Siemens Since the product uses a hard-coded private key, there are vulnerabilities that allow the server to be impersonated and network traffic to be decrypted.Man-in-the-middle attacks (man-in-the-middle attack) Is installed in the user's environment ROS By using the private key in the file, the server can be spoofed and network traffic can be decrypted. According to the report, SSL keys can be extracted from ROS binary files using publicly available software. RuggedCom Inc is the world's leading manufacturer of high-performance network and communications equipment for industrial environments. The Rugged operating system has a hard-coded RSA private key for SSL / TLS communication. The POC code for this vulnerability has been released by Justin W. Clarke of Cylance Inc. According to a report, this vulnerability can be used for SSL between end users and RuggedCom network devices The communication is decrypted. Rugged Operating System is prone to an information-disclosure vulnerability. There is a vulnerability in Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS before 1.14.5, ROX II OS before 2.3.0, and RuggedMax OS before 4.2.1.4621.22

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4165. Reason: This candidate is a duplicate of CVE-2012-4165. Notes: All CVE users should reference CVE-2012-4165 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. ** Delete ** This project is CVE-2012-4165 Has been removed because it was found to be a duplicate of the content. CVE-2012-4165 Please refer to. Adobe Flash Player Executed any code or denial of service ( Memory corruption ) There are vulnerabilities that cause a condition. This vulnerability is CVE-2012-4163 , CVE-2012-4164 ,and CVE-2012-4165 This is a different vulnerability.Arbitrary code execution or denial of service by an attacker ( Memory corruption ) May be in a state. Adobe Flash Player and AIR are prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code, cause denial-of-service conditions, or gain access to sensitive information. Other attacks are also possible. NOTE: This issue was previously covered in BID 55136 (Adobe Flash Player and AIR APSB12-19 Multiple Remote Vulnerabilities) but has been assigned its own record for better documentation. The product enables viewing of applications, content and video across screens and browsers. Adobe Flash Player versions earlier than 11.4.402.265 based on Windows and Mac OS X systems, versions earlier than 11.2.202.238 based on Linux systems, versions earlier than 11.1.111.16 based on Android 2.x and 3.x versions, based on Android 4 Vulnerabilities exist in .x versions prior to 11.1.115.17, Adobe AIR prior to 3.4.0.2540, and Adobe AIR SDK prior to 3.4.0.2540. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:1203-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1203.html Issue date: 2012-08-23 CVE Names: CVE-2012-1535 CVE-2012-4163 CVE-2012-4164 CVE-2012-4165 CVE-2012-4166 CVE-2012-4167 CVE-2012-4168 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed on the Adobe security pages APSB12-18 and APSB12-19, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 848180 - CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18) 850528 - flash-plugin: multiple code execution flaws (APSB12-19) 850529 - CVE-2012-4168 flash-plugin: cross-domain information leak flaw (APSB12-19) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.238-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.238-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.238-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.238-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1535.html https://www.redhat.com/security/data/cve/CVE-2012-4163.html https://www.redhat.com/security/data/cve/CVE-2012-4164.html https://www.redhat.com/security/data/cve/CVE-2012-4165.html https://www.redhat.com/security/data/cve/CVE-2012-4166.html https://www.redhat.com/security/data/cve/CVE-2012-4167.html https://www.redhat.com/security/data/cve/CVE-2012-4168.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-18.html http://www.adobe.com/support/security/bulletins/apsb12-19.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQNmAUXlSAg2UNWIIRAourAJ4tMQhcFeDncAU0C/fbNbaxGMRyagCgsq2j ct6jiyuGVLQQctxa3ujpthE= =RTPh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.238" References ========== [ 1 ] CVE-2012-1535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1535 [ 2 ] CVE-2012-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4163 [ 3 ] CVE-2012-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4164 [ 4 ] CVE-2012-4165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4165 [ 5 ] CVE-2012-4166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4166 [ 6 ] CVE-2012-4167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4167 [ 7 ] CVE-2012-4168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4168 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client. (1) mod_proxy_ajp Module mod_proxy_ajp.c (2) mod_proxy_http Module mod_proxy_http.cA third party may be able to retrieve important information by reading responses to different clients. Apache HTTP Server is prone to an HTML-injection vulnerability and an information disclosure vulnerability. Attackers may leverage these issues to obtain potentially sensitive session information, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Hitachi Multiple Products Apache HTTP Server Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA51458 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51458/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51458 RELEASE DATE: 2012-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/51458/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51458/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51458 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged some vulnerabilities in multiple Hitachi products, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information see vulnerability #2 in: SA50363 See the vendor's advisory for a list of affected products and versions. SOLUTION: As a workaround the vendor recommends to disable the mod_negotiation module or remove "MultiViews" from the "Options" lines in the Directory specifications. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS12-028/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack. Tor (The Onion Router) is an implementation of the second generation of onion routing, which allows users to communicate anonymously over the Internet. Tor has a remote vulnerability in its implementation. Attackers can exploit vulnerabilities to obtain sensitive information. Multiple denial-of-service vulnerabilities. 2. An information-disclosure vulnerability. 3. An out-of-bounds memory-access vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:132 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : tor Date : April 10, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated tor package fixes security vulnerabilities: Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected (CVE-2011-2768). Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values (CVE-2011-2769). Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests (CVE-2012-3517). The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document (CVE-2012-3518). The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison (CVE-2012-4419). Tor before 0.2.2.39, when waiting for a client to renegotiate, allowed it to add bytes to the input buffer, allowing a crash to be caused remotely (tor-5934, tor-6007). Denial of Service vulnerability in Tor before 0.2.3.25, due to an error when handling SENDME cells and can be exploited to cause excessive consumption of memory resources within an entry node (SA51329, CVE-2012-5573). The version of Tor shipped in MBS1 did not have correctly formed systemd unit and thus failed to start. This updated version corrects this problem and restores working behaviour. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5573 https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0184 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0276 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0356 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 8cadc920e4452cd2a3551a3cb01d9fcf mbs1/x86_64/tor-0.2.2.39-1.mbs1.x86_64.rpm 7cbba7170bc4f9e6ee8409398437570c mbs1/SRPMS/tor-0.2.2.39-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVsDmqjQ0CJFipgRAm9IAJ9tYUVrI7u2V+7yJGNLn2OVMdOzcACgyrhf PUIroe88x4NDpj7AUyd2YP8= =x4YG -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Tor: Multiple vulnerabilities Date: January 08, 2013 Bugs: #432188, #434882, #444804 ID: 201301-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Tor, allowing attackers to cause Denial of Service or obtain sensitive information. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Tor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.3.25" References ========== [ 1 ] CVE-2012-3517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3517 [ 2 ] CVE-2012-3518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3518 [ 3 ] CVE-2012-3519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3519 [ 4 ] CVE-2012-4419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4419 [ 5 ] CVE-2012-4922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4922 [ 6 ] CVE-2012-5573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5573 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201301-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . CVE-2012-3518 Avoid an uninitialised memory read when reading a vote or consensus document that has an unrecognized flavour name. CVE-2012-3519 Try to leak less information about what relays a client is choosing to a side-channel attacker. This fixes a potential DoS issue [tor-5934, tor-6007]. For the stable distribution (squeeze), these problems have been fixed in version 0.2.2.39-1. For the unstable distribution, these problems have been fixed in version 0.2.3.22-rc-1. We recommend that you upgrade your tor packages. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Debian update for tor SECUNIA ADVISORY ID: SA50583 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50583/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50583 RELEASE DATE: 2012-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/50583/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50583/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50583 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for tor. ORIGINAL ADVISORY: DSA-2548-1: http://www.debian.org/security/2012/dsa-2548 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document. Tor is a second generation of onion routing implementation. Allows an attacker to exploit a vulnerability to crash an application. Tor is prone to multiple remote vulnerabilities, including: 1. Multiple denial-of-service vulnerabilities. 2. An information-disclosure vulnerability. 3. An out-of-bounds memory-access vulnerability. Attackers can exploit theses issues to crash the affected application, cause denial-of service conditions, or retrieve potentially sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:132 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : tor Date : April 10, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated tor package fixes security vulnerabilities: Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected (CVE-2011-2768). Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values (CVE-2011-2769). routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack (CVE-2012-3519). Tor before 0.2.2.39, when waiting for a client to renegotiate, allowed it to add bytes to the input buffer, allowing a crash to be caused remotely (tor-5934, tor-6007). Denial of Service vulnerability in Tor before 0.2.3.25, due to an error when handling SENDME cells and can be exploited to cause excessive consumption of memory resources within an entry node (SA51329, CVE-2012-5573). The version of Tor shipped in MBS1 did not have correctly formed systemd unit and thus failed to start. This updated version corrects this problem and restores working behaviour. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5573 https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0184 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0276 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0356 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 8cadc920e4452cd2a3551a3cb01d9fcf mbs1/x86_64/tor-0.2.2.39-1.mbs1.x86_64.rpm 7cbba7170bc4f9e6ee8409398437570c mbs1/SRPMS/tor-0.2.2.39-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZVsDmqjQ0CJFipgRAm9IAJ9tYUVrI7u2V+7yJGNLn2OVMdOzcACgyrhf PUIroe88x4NDpj7AUyd2YP8= =x4YG -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Tor: Multiple vulnerabilities Date: January 08, 2013 Bugs: #432188, #434882, #444804 ID: 201301-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Tor, allowing attackers to cause Denial of Service or obtain sensitive information. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Tor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.3.25" References ========== [ 1 ] CVE-2012-3517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3517 [ 2 ] CVE-2012-3518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3518 [ 3 ] CVE-2012-3519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3519 [ 4 ] CVE-2012-4419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4419 [ 5 ] CVE-2012-4922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4922 [ 6 ] CVE-2012-5573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5573 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201301-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . CVE-2012-3519 Try to leak less information about what relays a client is choosing to a side-channel attacker. This fixes a potential DoS issue [tor-5934, tor-6007]. For the stable distribution (squeeze), these problems have been fixed in version 0.2.2.39-1. For the unstable distribution, these problems have been fixed in version 0.2.3.22-rc-1. We recommend that you upgrade your tor packages. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Debian update for tor SECUNIA ADVISORY ID: SA50583 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50583/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50583 RELEASE DATE: 2012-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/50583/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50583/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50583 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for tor. ORIGINAL ADVISORY: DSA-2548-1: http://www.debian.org/security/2012/dsa-2548 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. Apache HTTP Server is prone to an HTML-injection vulnerability and an information disclosure vulnerability. Attackers may leverage these issues to obtain potentially sensitive session information, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible. (CVE-2008-0455, CVE-2012-2687) It was discovered that mod_proxy_ajp, when used in configurations with mod_proxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP (Apache JServ Protocol) CPing request was responded to by the back-end. A remote attacker able to make a back-end use an excessive amount of time to process a request could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed. Space precludes documenting all of these changes in this advisory. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Hitachi Multiple Products Apache HTTP Server Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA51458 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51458/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51458 RELEASE DATE: 2012-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/51458/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51458/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51458 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged some vulnerabilities in multiple Hitachi products, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information see vulnerability #2 in: SA50363 See the vendor's advisory for a list of affected products and versions. SOLUTION: As a workaround the vendor recommends to disable the mod_negotiation module or remove "MultiViews" from the "Options" lines in the Directory specifications. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS12-028/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03734195 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03734195 Version: 1 HPSBUX02866 SSRT101139 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-04-15 Last Updated: 2013-04-12 Potential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code and other vulnerabilities. References: HP-UX Apache: CVE-2007-6750, CVE-2012-2687, CVE-2012-3499, CVE-2012-4557, CVE-2012 -4558, CVE-2012-4929 Tomcat v6.0 and v7.0: CVE-2012-2733, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.25 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2007-6750 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-2687 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2012-2733 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-3499 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-3546 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-4431 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-4534 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2012-4557 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-4558 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-4929 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2012-5885 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve the vulnerability. The update for B.11.23 and B.11.31 is available for download from ftp://sb_02866:6hq{PM6a@ftp.usa.hp.com Web Server Suite Version Apache Depot Name HP-UX Web Server Suite v.3.26 containing Apache v2.2.15.15 and Tomcat B.5.5.36.01 HP-UX_11.23_HPUXWS22ATW-B326-11-23-64.depot HP-UX_11.23_HPUXWS22ATW-B326-11-23-32.depot HP-UX Web Server Suite v.3.26 containing Apache v2.2.15.15 and Tomcat C.6.0.36.01 HP-UX_11.31_HPUXWS22ATW-B326-11-31-64.depot HP-UX_11.31_HPUXWS22ATW-B326-11-31-32.depot Tomcat D.7.035.01 HP-UX_11.31_hpuxws22Tomcat_D.7.0.35.01_HP-UX_B.11.31_IA_PA.depot MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.26 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 action: install revision B.2.2.15.15 or subsequent HP-UX B.11.31 ================== hpuxws22TOMCAT.TOMCAT action: install revision C.6.0.36.01 or subsequent HP-UX B.11.31 ================== hpuxws22TOMCAT.TOMCAT action: install revision D.7.0.35.01 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 15 April 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. (CVE-2012-4549) The apachectl script set an insecure library search path. Running apachectl in an attacker-controlled directory containing a malicious library file could cause arbitrary code execution with the privileges of the user running the apachectl script (typically the root user). The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: httpd security, bug fix, and enhancement update Advisory ID: RHSA-2013:0130-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0130.html Issue date: 2013-01-08 CVE Names: CVE-2008-0455 CVE-2008-0456 CVE-2012-2687 ===================================================================== 1. Summary: Updated httpd packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The httpd packages contain the Apache HTTP Server (httpd), which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use these flaws to conduct cross-site scripting and HTTP response splitting attacks against users visiting the site. (CVE-2008-0455, CVE-2008-0456, CVE-2012-2687) Bug fixes: * Previously, no check was made to see if the /etc/pki/tls/private/localhost.key file was a valid key prior to running the "%post" script for the "mod_ssl" package. Consequently, when /etc/pki/tls/certs/localhost.crt did not exist and "localhost.key" was present but invalid, upgrading the Apache HTTP Server daemon (httpd) with mod_ssl failed. The "%post" script has been fixed to test for an existing SSL key. As a result, upgrading httpd with mod_ssl now proceeds as expected. (BZ#752618) * The "mod_ssl" module did not support operation under FIPS mode. Consequently, when operating Red Hat Enterprise Linux 5 with FIPS mode enabled, httpd failed to start. An upstream patch has been applied to disable non-FIPS functionality if operating under FIPS mode and httpd now starts as expected. (BZ#773473) * Prior to this update, httpd exit status codes were not Linux Standard Base (LSB) compliant. When the command "service httpd reload" was run and httpd failed, the exit status code returned was "0" and not in the range 1 to 6 as expected. A patch has been applied to the init script and httpd now returns "1" as an exit status code. (BZ#783242) * Chunked Transfer Coding is described in RFC 2616. Previously, the Apache server did not correctly handle a chunked encoded POST request with a "chunk-size" or "chunk-extension" value of 32 bytes or more. Consequently, when such a POST request was made the server did not respond. An upstream patch has been applied and the problem no longer occurs. (BZ#840845) * Due to a regression, when mod_cache received a non-cacheable 304 response, the headers were served incorrectly. Consequently, compressed data could be returned to the client without the cached headers to indicate the data was compressed. An upstream patch has been applied to merge response and cached headers before data from the cache is served to the client. As a result, cached data is now correctly interpreted by the client. (BZ#845532) * In a proxy configuration, certain response-line strings were not handled correctly. If a response-line without a "description" string was received from the origin server, for a non-standard status code, such as the "450" status code, a "500 Internal Server Error" would be returned to the client. This bug has been fixed so that the original response line is returned to the client. (BZ#853128) Enhancements: * The configuration directive "LDAPReferrals" is now supported in addition to the previously introduced "LDAPChaseReferrals". (BZ#727342) * The AJP support module for "mod_proxy", "mod_proxy_ajp", now supports the "ProxyErrorOverride" directive. Consequently, it is now possible to configure customized error pages for web applications running on a backend server accessed via AJP. (BZ#767890) * The "%posttrans" scriptlet which automatically restarts the httpd service after a package upgrade can now be disabled. If the file /etc/sysconfig/httpd-disable-posttrans exists, the scriptlet will not restart the daemon. (BZ#833042) * The output of "httpd -S" now includes configured alias names for each virtual host. (BZ#833043) * New certificate variable names are now exposed by "mod_ssl" using the "_DN_userID" suffix, such as "SSL_CLIENT_S_DN_userID", which use the commonly used object identifier (OID) definition of "userID", OID 0.9.2342.19200300.100.1.1. (BZ#840036) All users of httpd are advised to upgrade to these updated packages, which fix these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 727342 - LDAPChaseReferrals should be LDAPReferrals 752618 - mod_ssl post install script can cause failures 767890 - The mod_proxy_ajp lacks the ErrorOverride 773473 - [RHEL 5.7] Apache HTTP Server cannot start with mod_ssl when FIPS 140-2 mode enabled 783242 - service httpd reload return 0 when it fails 840845 - httpd fails in processing chunked requests with > 31 bytes chunk-size / -extension line 845532 - mod_cache regression in httpd 2.2.3-65: non-cacheable 304 responses serve bad data 850794 - CVE-2012-2687 CVE-2008-0455 httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled 879292 - CVE-2008-0456 httpd: mod_negotiation CRLF injection via untrusted file names in directories with MultiViews enabled 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm i386: httpd-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.i386.rpm mod_ssl-2.2.3-74.el5.i386.rpm x86_64: httpd-2.2.3-74.el5.x86_64.rpm httpd-debuginfo-2.2.3-74.el5.x86_64.rpm mod_ssl-2.2.3-74.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm i386: httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-manual-2.2.3-74.el5.i386.rpm x86_64: httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.x86_64.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.x86_64.rpm httpd-manual-2.2.3-74.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm i386: httpd-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-manual-2.2.3-74.el5.i386.rpm mod_ssl-2.2.3-74.el5.i386.rpm ia64: httpd-2.2.3-74.el5.ia64.rpm httpd-debuginfo-2.2.3-74.el5.ia64.rpm httpd-devel-2.2.3-74.el5.ia64.rpm httpd-manual-2.2.3-74.el5.ia64.rpm mod_ssl-2.2.3-74.el5.ia64.rpm ppc: httpd-2.2.3-74.el5.ppc.rpm httpd-debuginfo-2.2.3-74.el5.ppc.rpm httpd-debuginfo-2.2.3-74.el5.ppc64.rpm httpd-devel-2.2.3-74.el5.ppc.rpm httpd-devel-2.2.3-74.el5.ppc64.rpm httpd-manual-2.2.3-74.el5.ppc.rpm mod_ssl-2.2.3-74.el5.ppc.rpm s390x: httpd-2.2.3-74.el5.s390x.rpm httpd-debuginfo-2.2.3-74.el5.s390.rpm httpd-debuginfo-2.2.3-74.el5.s390x.rpm httpd-devel-2.2.3-74.el5.s390.rpm httpd-devel-2.2.3-74.el5.s390x.rpm httpd-manual-2.2.3-74.el5.s390x.rpm mod_ssl-2.2.3-74.el5.s390x.rpm x86_64: httpd-2.2.3-74.el5.x86_64.rpm httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.x86_64.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.x86_64.rpm httpd-manual-2.2.3-74.el5.x86_64.rpm mod_ssl-2.2.3-74.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2008-0455.html https://www.redhat.com/security/data/cve/CVE-2008-0456.html https://www.redhat.com/security/data/cve/CVE-2012-2687.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68TMXlSAg2UNWIIRApH8AJ9lf6CJcLnIK7D9siL6M2/OxR1argCeO7mh /xD6DzmFPZw8MhY2CC19xag= =mexo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004 OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses the following: Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.24. CVE-ID CVE-2012-0883 CVE-2012-2687 CVE-2012-3499 CVE-2012-4558 Bind Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in BIND Description: Multiple vulnerabilities existed in BIND, the most serious of which may lead to a denial of service. These issues were addressed by updating BIND to version 9.8.5-P1. CVE-2012-5688 did not affect Mac OS X v10.7 systems. CVE-ID CVE-2012-3817 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2013-2266 Certificate Trust Policy Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Root certificates have been updated Description: Several certificates were added to or removed from the list of system roots. The complete list of recognized system roots may be viewed via the Keychain Access application. ClamAV Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5 Impact: Multiple vulnerabilities in ClamAV Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.97.8. CVE-ID CVE-2013-2020 CVE-2013-2021 CoreGraphics Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team ImageIO Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team Installer Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Packages could be opened after certificate revocation Description: When Installer encountered a revoked certificate, it would present a dialog with an option to continue. The issue was addressed by removing the dialog and refusing any revoked package. CVE-ID CVE-2013-1027 IPSec Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: An attacker may intercept data protected with IPSec Hybrid Auth Description: The DNS name of an IPSec Hybrid Auth server was not being matched against the certificate, allowing an attacker with a certificate for any server to impersonate any other. This issue was addressed by properly checking the certificate. CVE-ID CVE-2013-1028 : Alexander Traud of www.traud.de Kernel Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: A local network user may cause a denial of service Description: An incorrect check in the IGMP packet parsing code in the kernel allowed a user who could send IGMP packets to the system to cause a kernel panic. The issue was addressed by removing the check. CVE-ID CVE-2013-1029 : Christopher Bohn of PROTECTSTAR INC. Mobile Device Management Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Passwords may be disclosed to other local users Description: A password was passed on the command-line to mdmclient, which made it visible to other users on the same system. The issue was addressed by communicating the password through a pipe. CVE-ID CVE-2013-1030 : Per Olofsson at the University of Gothenburg OpenSSL Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to disclosure of user data. These issues were addressed by updating OpenSSL to version 0.9.8y. CVE-ID CVE-2012-2686 CVE-2013-0166 CVE-2013-0169 PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP, the most serious of which may lead to arbitrary code execution. These issues were addressed by updating PHP to version 5.3.26. CVE-ID CVE-2013-1635 CVE-2013-1643 CVE-2013-1824 CVE-2013-2110 PostgreSQL Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in PostgreSQL Description: Multiple vulnerabilities exist in PostgreSQL, the most serious of which may lead to data corruption or privilege escalation. This update addresses the issues by updating PostgreSQL to version 9.0.13. CVE-ID CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2013-1902 CVE-2013-1903 Power Management Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: The screen saver may not start after the specified time period Description: A power assertion lock issue existed. This issue was addressed through improved lock handling. CVE-ID CVE-2013-1031 QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of 'idsc' atoms in QuickTime movie files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1032 : Jason Kratzer working with iDefense VCP Screen Lock Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: A user with screen sharing access may be able to bypass the screen lock when another user is logged in Description: A session management issue existed in the screen lock's handling of screen sharing sessions. This issue was addressed through improved session tracking. CVE-ID CVE-2013-1033 : Jeff Grisso of Atos IT Solutions, Sebastien Stormacq Note: OS X Mountain Lion v10.8.5 also addresses an issue where certain Unicode strings could cause applications to unexpectedly terminate. OS X Mountain Lion v10.8.5 and Security Update 2013-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.5, or Security Update 2013-004. For OS X Mountain Lion v10.8.4 The download file is named: OSXUpd10.8.5.dmg Its SHA-1 digest is: a74ab6d9501778437e7afba0bbed47b776a52b11 For OS X Mountain Lion v10.8 and v10.8.3 The download file is named: OSXUpdCombo10.8.5.dmg Its SHA-1 digest is: cb798ac9b97ceb2d8875af040ce4ff06187d61f2 For OS X Lion v10.7.5 The download file is named: SecUpd2013-004.dmg Its SHA-1 digest is: dbc50fce7070f83b93b866a21b8f5c6e65007fa0 For OS X Lion Server v10.7.5 The download file is named: SecUpdSrvr2013-004.dmg Its SHA-1 digest is: 44a77edbd37732b865bc21a9aac443a3cdc47355 For Mac OS X v10.6.8 The download file is named: SecUpd2013-004.dmg Its SHA-1 digest is: d07d5142a2549270f0d2eaddb262b41bb5c16b61 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2013-004.dmg Its SHA-1 digest is: 8f9abe93f7f9427cf86b89bd67df948a85537dbc Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJSMiPGAAoJEPefwLHPlZEw9qMP/17D4Q8velZ3H4AumPzHqqB4 QxPcuv8PXzhi55epUm2bzNfXR9A5L9KvzEsmggqxO2/ESO0zfeKgAmXXjCI3z5Qc +WkHgqowjwXU9cbjyDkhwb/ylXml+vCSIv2m9eXXNRTRi0rm9ZLSI/JMSRfLMojQ bZbzQSoSpuGaOeOOWESKCf9zBXFG6DBGo0wg3z8Bkywjtp/7bfddPAFHxIdhjDDN 1IgmhPRnP6NEdNSfR6RwF94M+hyiJ2I2DIDZTIo+6B4Ne90bEYdBiQmSxwKFAyc3 H9VFfB8XmrtA2k4DhE6Ow2jD/Y//QKz6TbyZNSQawXxuPsj43v6/T6BsWdfddGbQ hDGU85e7z7a4gmIPuS3DjMhSEyAixL/B3vKYBaZltH6JBCcPuLvGrU7nAiJa7KGQ 8MToOyv42TSj95drFzysk5fcO0MIUH5xiGlaU+ScEdBSpIpHDfpjeJYPqxHeGFaa V2xCGw1vMYbMoxNzRL0FPPdUxJkyBHvuzZXh6c6fATuQIPCtwejpPrYEo7x7RRpl ytsVLe3V27j7IfWb62nI+mNVfH5m+YgK4SGK5DSq8Nm1Lk0w4HXmTtrhOCogsJ2I yoqeg/XakiSdxZxhSa9/ZZsMB+D1B8siNzCj0+U0k4zYjxEA0GdSu/dYRVT62oIn vBrJ5gm+nnyRe2TUMAwz =h9hc -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-1627-1 November 08, 2012 apache2 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Several security issues were fixed in the Apache HTTP server. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Although this issue had been mitigated on the client with newer web browsers, this update also disables SSL data compression on the server. A new SSLCompression directive for Apache has been backported that may be used to re-enable SSL data compression in certain environments. For more information, please refer to: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcompression (CVE-2012-4929) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: apache2.2-common 2.2.22-6ubuntu2.1 Ubuntu 12.04 LTS: apache2.2-common 2.2.22-1ubuntu1.2 Ubuntu 11.10: apache2.2-common 2.2.20-1ubuntu1.3 Ubuntu 10.04 LTS: apache2.2-common 2.2.14-5ubuntu8.10 Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.24 In general, a standard system update will make all the necessary changes. Relevant releases/architectures: JBoss Enterprise Application Platform 6 for RHEL 6 Server - i386, noarch, x86_64 3. Description: JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements. Refer to the 6.0.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/knowledge/docs/ This update removes unused signed JARs; unused SHA1 checksums from JAR MANIFEST.MF files to reduce the Server memory footprint; adds MANIFEST.MF to JAR files where it was previously missing; and removes redundant Javadoc files from the main packages. (BZ#830291) Security fixes: Apache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. (CVE-2012-2379) When using role-based authorization to configure EJB access, JACC permissions should be used to determine access; however, due to a flaw the configured authorization modules (JACC, XACML, etc.) were not called, and the JACC permissions were not used to determine access to an EJB. (CVE-2012-4550) A flaw in the way Apache CXF enforced child policies of WS-SecurityPolicy 1.1 on the client side could, in certain cases, lead to a client failing to sign or encrypt certain elements as directed by the security policy, leading to information disclosure and insecure information transmission. (CVE-2012-2378) A flaw was found in the way IronJacamar authenticated credentials and returned a valid datasource connection when configured to "allow-multiple-users". A remote attacker, provided the correct subject, could obtain a datasource connection that might belong to a privileged user. (CVE-2012-3428) It was found that Apache CXF was vulnerable to SOAPAction spoofing attacks under certain conditions. Note that WS-Policy validation is performed against the operation being invoked, and an attack must pass validation to be successful. (CVE-2012-3451) When there are no allowed roles for an EJB method invocation, the invocation should be denied for all users. It was found that the processInvocation() method in org.jboss.as.ejb3.security.AuthorizationInterceptor incorrectly authorizes all method invocations to proceed when the list of allowed roles is empty. (CVE-2012-4549) It was found that in Mojarra, the FacesContext that is made available during application startup is held in a ThreadLocal. The reference is not properly cleaned up in all cases. As a result, if a JavaServer Faces (JSF) WAR calls FacesContext.getCurrentInstance() during application startup, another WAR can get access to the leftover context and thus get access to the other WAR's resources. A local attacker could use this flaw to access another WAR's resources using a crafted, deployed application. (CVE-2008-0455, CVE-2012-2687) Red Hat would like to thank the Apache CXF project for reporting CVE-2012-2379, CVE-2012-2378, and CVE-2012-3451. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation and deployed applications. Refer to the Solution section for further details. The JBoss server process must be restarted for the update to take effect. Also, back up any customized JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. Bugs fixed (http://bugzilla.redhat.com/): 826533 - CVE-2012-2378 jbossws-cxf, apache-cxf: Certain child policies of WS-SecurityPolicy 1.1 SupportingToken policy not applied on the client side 826534 - CVE-2012-2379 jbossws-cxf, apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token 829560 - CVE-2012-2672 Mojarra: deployed web applications can read FacesContext from other applications under certain conditions 843358 - CVE-2012-3428 JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains 850794 - CVE-2012-2687 CVE-2008-0455 httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled 851896 - CVE-2012-3451 jbossws-cxf, apache-cxf: SOAPAction spoofing on document literal web services 870868 - CVE-2012-4549 JBoss AS: EJB authorization succeeds for any role when allowed roles list is empty 870871 - CVE-2012-4550 JBoss JACC: Security constraints configured for EJBs are incorrectly interpreted and not applied 6

Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site. Adobe Flash Player Contains a vulnerability that allows content to be read from different domains.Skillfully crafted by a third party Web Content may be read through the site. Adobe Flash Player and AIR are prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue to bypass the same-origin policy and gain access to sensitive information. NOTE: This issue was previously covered in BID 55136 (Adobe Flash Player and AIR APSB12-19 Multiple Remote Vulnerabilities) but has been assigned its own record for better documentation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:1203-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1203.html Issue date: 2012-08-23 CVE Names: CVE-2012-1535 CVE-2012-4163 CVE-2012-4164 CVE-2012-4165 CVE-2012-4166 CVE-2012-4167 CVE-2012-4168 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 3. These vulnerabilities are detailed on the Adobe security pages APSB12-18 and APSB12-19, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 848180 - CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18) 850528 - flash-plugin: multiple code execution flaws (APSB12-19) 850529 - CVE-2012-4168 flash-plugin: cross-domain information leak flaw (APSB12-19) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.238-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.238-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.238-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.238-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1535.html https://www.redhat.com/security/data/cve/CVE-2012-4163.html https://www.redhat.com/security/data/cve/CVE-2012-4164.html https://www.redhat.com/security/data/cve/CVE-2012-4165.html https://www.redhat.com/security/data/cve/CVE-2012-4166.html https://www.redhat.com/security/data/cve/CVE-2012-4167.html https://www.redhat.com/security/data/cve/CVE-2012-4168.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-18.html http://www.adobe.com/support/security/bulletins/apsb12-19.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQNmAUXlSAg2UNWIIRAourAJ4tMQhcFeDncAU0C/fbNbaxGMRyagCgsq2j ct6jiyuGVLQQctxa3ujpthE= =RTPh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04039150 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04039150 Version: 1 HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-03-10 Last Updated: 2014-03-10 Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in execution of arbitrary code, Denial of Service (DoS), or disclosure of information. HP Systems Insight Manager (SIM) prior to v7.3 for Linux and Windows (CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375, CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555) HP Systems Insight Manager (SIM) prior to v7.2 for Linux and Windows (CVE-2012-4168, CVE-2012-4167, CVE-2012-4165, CVE-2012-4164, CVE-2012-4163, CVE-2012-1535) BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1535 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2012-4163 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4164 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4165 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4167 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4168 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-0646 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0650 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1371 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1375 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1378 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1379 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1380 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2555 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made Systems Insight Manager (SIM) v7.3 available for Linux and Windows to resolve the vulnerabilities. Information and downloads for HP SIM can be found at the following locations: http://h18013.www1.hp.com/products/servers/management/hpsim/download.html Insight Management DVD: http://h18013.www1.hp.com/products/servers/management/fpdownload.html HISTORY Version:1 (rev.1) - 10 March 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.238" References ========== [ 1 ] CVE-2012-1535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1535 [ 2 ] CVE-2012-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4163 [ 3 ] CVE-2012-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4164 [ 4 ] CVE-2012-4165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4165 [ 5 ] CVE-2012-4166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4166 [ 6 ] CVE-2012-4167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4167 [ 7 ] CVE-2012-4168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4168 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163 and CVE-2012-4165. Adobe Flash Player Any code that could be executed or service disruption ( Memory corruption ) There is a vulnerability that becomes a condition. This vulnerability CVE-2012-4163 and CVE-2012-4165 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Other attacks are also possible. NOTE: This issue was previously covered in BID 55136 (Adobe Flash Player and AIR APSB12-19 Multiple Remote Vulnerabilities) but has been assigned its own record for better documentation. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:1203-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1203.html Issue date: 2012-08-23 CVE Names: CVE-2012-1535 CVE-2012-4163 CVE-2012-4164 CVE-2012-4165 CVE-2012-4166 CVE-2012-4167 CVE-2012-4168 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed on the Adobe security pages APSB12-18 and APSB12-19, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 848180 - CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18) 850528 - flash-plugin: multiple code execution flaws (APSB12-19) 850529 - CVE-2012-4168 flash-plugin: cross-domain information leak flaw (APSB12-19) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.238-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.238-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.238-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.238-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1535.html https://www.redhat.com/security/data/cve/CVE-2012-4163.html https://www.redhat.com/security/data/cve/CVE-2012-4164.html https://www.redhat.com/security/data/cve/CVE-2012-4165.html https://www.redhat.com/security/data/cve/CVE-2012-4166.html https://www.redhat.com/security/data/cve/CVE-2012-4167.html https://www.redhat.com/security/data/cve/CVE-2012-4168.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-18.html http://www.adobe.com/support/security/bulletins/apsb12-19.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQNmAUXlSAg2UNWIIRAourAJ4tMQhcFeDncAU0C/fbNbaxGMRyagCgsq2j ct6jiyuGVLQQctxa3ujpthE= =RTPh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04039150 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04039150 Version: 1 HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-03-10 Last Updated: 2014-03-10 Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) running on Linux and Windows. HP Systems Insight Manager (SIM) prior to v7.3 for Linux and Windows (CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375, CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555) HP Systems Insight Manager (SIM) prior to v7.2 for Linux and Windows (CVE-2012-4168, CVE-2012-4167, CVE-2012-4165, CVE-2012-4164, CVE-2012-4163, CVE-2012-1535) BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1535 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2012-4163 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4164 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4165 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4167 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4168 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-0646 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0650 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1371 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1375 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1378 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1379 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1380 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2555 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made Systems Insight Manager (SIM) v7.3 available for Linux and Windows to resolve the vulnerabilities. Information and downloads for HP SIM can be found at the following locations: http://h18013.www1.hp.com/products/servers/management/hpsim/download.html Insight Management DVD: http://h18013.www1.hp.com/products/servers/management/fpdownload.html HISTORY Version:1 (rev.1) - 10 March 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.238" References ========== [ 1 ] CVE-2012-1535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1535 [ 2 ] CVE-2012-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4163 [ 3 ] CVE-2012-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4164 [ 4 ] CVE-2012-4165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4165 [ 5 ] CVE-2012-4166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4166 [ 6 ] CVE-2012-4167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4167 [ 7 ] CVE-2012-4168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4168 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network. Apple Remote Desktop is a remote management software for Apple systems. A remote attacker can exploit this issue to obtain sensitive information, possibly aiding in further attacks. This issue is addressed by creating an SSH tunnel for the VNC connection in this configuration, and preventing the connection if the SSH tunnel cannot be created. CVE-ID CVE-2012-0681 : Mark S. Smith studying at Central Connecticut State University Apple Remote Desktop 3.6.1 may be obtained from Mac App Store, the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The download file is named: "RemoteDesktopAdmin361.dmg" Its SHA-1 digest is: dd41bab369c7905e79ff3b3adea97904f55d9759 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQMqP5AAoJEPefwLHPlZEwUy8P/3qgEUoJz4NnnJgeyo+3z7Wl a2/b5yPx5ptTcZiGandRMlrDftbwbOkpwCwJrqIv4czXL5T1J08cxUAW0rN2PzWG KXCkjYQMRBVQoQftrL8wqNCJW3pPMTz0CGfoPXt2g7cR+9YVFyIwa2PLCVfKOgds Y8kqlNJXgYwvJC22I3IDRvohsTJi4PYfZnRad3rd97J2nMTNTtYBC7x3MSWXd+z1 dVEV9eBDzK1eovf6n1YrVPLapWOA3+4ssYVGZ+/J9JjfW0RnhXSFZ9Yxnq/j8Zoy CbQKZ903ncWF/DbliIkGYByO+4Hol2g0ZnFqTeO7d4Dsnf9+AVHqEB1dJJmR6qK/ 4TgNVP4IUDpJjemVPFwYI5tFuzsXsjv6MvrLQR1wnFme1691Lc6DOekda8ZWfiRU taJlCBay9BuuoAtP7jG0T5ZU8nZLUGTCFY2ubs2IM9OBJr1MD7SYuODMwJeivVsv Ut6jBCGUoo2bBlJpOoCYUnCSpk7OW368WYUHD0LsnqmUkaTtGgQiJuSOs1N9/3wy 4aEvaLak0xsquzDn7SE70lrNPBRBc4/Rliv9jXRSA+xwsK5Rqtji/LHRtWibaOHd wI5Zyq8/7JtaUWrCrwhAbyUFd3lr7hZFFDERLgpQJkIn6cmS+O6FWi7835vkURIO n8Cd6teIejPCfMpyd9pf =PSaI -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: Apple Remote Desktop Information Disclosure Security Issue SECUNIA ADVISORY ID: SA50352 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50352/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50352 RELEASE DATE: 2012-08-21 DISCUSS ADVISORY: http://secunia.com/advisories/50352/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50352/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50352 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Apple Remote Desktop, which may disclose sensitive information to malicious people. The security issue is reported in versions 3.5.2 through 3.6. SOLUTION: Update to version 3.6.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Mark S. C. Smith. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5433 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability.The flaw exists within the ebus-3-3-2-7.dll component which is used by the crystalras.exe service. This process listens on a random TCP port. When unmarshalling GIOP ORB encapsulated data the process invokes a memcpy constrained by a user controlled value. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. SAP Crystal Reports Server is a comprehensive reporting solution that creates, manages, and delivers reports online or embedded in enterprise applications. The ebus-3-3-2-7.dll component used by the SAP Crystal Reports crystalras.exe service is flawed. Failed exploit attempts will result in a denial-of-service condition. - -- Vendor Response: SAP has issued an update to correct this vulnerability. More details can be found at: https://service.sap.com/sap/support/notes/1662272 - -- Disclosure Timeline: 2011-11-21 - Vulnerability reported to vendor 2012-08-17 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * e6af8de8b1d4b2b6d5ba2610cbf9cd38 - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUC5kllVtgMGTo1scAQINwgf/UIOzUF6WsKUTTcSC+xflsBo/DCIV6i+G NMaoh/zAFEXihtINiVTOs1mp1/wY6RxcC33FkighgNJrXkvgvmKEoxnpi6GWkODY uTweHgvXCiOucEMLniGufC6xH7wmeIB8y1KSUS3LUbHYEUdRwz5u+wCIbWoft8cW cGYrAbwHcxntieTxDdQ1MexFj9do7Jn+J+RpI7aHyPc7XSN7IF7/9uQmtDS9oz47 8hYF+V0uZ0N3Xa/ilfDSANtMjqXV9ESDP02xXJjcrGcP974zfVF6TkItGjxVN7Rf Px5uvZycU2fNx6cjiGe7ud+zJIah4+0+uH33gRsPcQhbLsyapPfkyA== =rT/w -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: SAP Crystal Reports ebus-3-3-2-7.dll Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA50300 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50300/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50300 RELEASE DATE: 2012-08-21 DISCUSS ADVISORY: http://secunia.com/advisories/50300/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50300/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50300 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Crystal Reports, which can be exploited by malicious people to compromise a user's system. This can be exploited to cause a buffer overflow by sending specially crafted data to the crystalras.exe service listening on a random TCP port. Successful exploitation may allow execution of arbitrary code with SYSTEM privileges. The vulnerability is reported in version 2011. Other versions may also be affected. SOLUTION: Apply solution described in SAP note 1662272. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: e6af8de8b1d4b2b6d5ba2610cbf9cd38 via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-12-139/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Business Objects Financial Consolidation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within CtAppReg.dll. In the Check function, there is a vulnerability in the handling of the username parameter. If an overly long string is used as the username, it can overwrite heap memory. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process. Failed exploit attempts will result in a denial-of-service condition. The specific flaw exists within CtAppReg.dll. - -- Vendor Response: SAP has issued an update to correct this vulnerability. More details can be found at: https://service.sap.com/sap/support/notes/1685003 - -- Disclosure Timeline: 2011-11-04 - Vulnerability reported to vendor 2012-08-17 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Anonymous - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUC5kOlVtgMGTo1scAQJ1pQf/WgR/nzewWw16MtyPQWAaQQOccX2gDu0U HRlD42kLXc0ErH2rTjDMxEDAyCRg6axZ4/WAGYG+e/EqA+4E8myueAz1pQU3kcqX o3zcWfoN6Tv48K5Guhh8BUwkS6zB+MQflcR9EObHqSPlfpLFzhuBw4UE1eF3kU8q SobaxmDVVzxIwsCn8sP/KhSqOL0Ce5bJXWpD78O/zupBc/VfIQzdKIWGEnysXGCA LjQkAd0/5/2Qa38f+d9VYgyORGehqXFiBznU+oskpKt8/OxifJJj/W6t1u79OOjC XPdLd8rHYOqxArNhv3+RgZx6bIiC1yQUjIFsvYzQ1WDzrbFETMoC8w== =4HKl -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: SAP BusinessObjects Financial Consolidation CtAppReg.dll Buffer Overflow SECUNIA ADVISORY ID: SA50306 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50306/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50306 RELEASE DATE: 2012-08-21 DISCUSS ADVISORY: http://secunia.com/advisories/50306/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50306/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50306 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SAP BusinessObjects Financial Consolidation, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in CtAppReg.dll and can be exploited to cause a heap-based buffer overflow by passing an overly long username to the "Check" function. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply solution described in SAP note 1685003. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: An anonymous person via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-12-138/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

ALPHA Networks ADSL Wireless Router is an ADSL wireless router. ALPHA Networks ADSL wireless routers have a management WEB panel that configures the device. The /APIS/ directory of the WEB server allows the attacker to access sensitive information without having to authenticate, and access the returnJSON.htm script to obtain administrator password information. Attackers can exploit this issue to gain access to the administrator's password. Successfully exploiting this issue may lead to other attacks