Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201006-0428 CVE-2010-2290 McAfee UTM Firewall of cgi-bin/cgix/help Vulnerable to cross-site scripting CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: McAfee UTM Firewall "page" Cross-Site-Scripting Vulnerability SECUNIA ADVISORY ID: SA40089 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40089/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40089 RELEASE DATE: 2010-06-11 DISCUSS ADVISORY: http://secunia.com/advisories/40089/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40089/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40089 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Adam Baldwin has reported a vulnerability in McAfee Unified Threat Management (UTM) Firewall, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "page" parameter to cgi-bin/cgix/help is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions 3.0.0 through 4.0.6 SOLUTION: Upgrade to McAfee UTM Firewall firmware version 4.0.7. PROVIDED AND/OR DISCOVERED BY: Adam Baldwin, nGenuity Information Security ORIGINAL ADVISORY: McAfee: https://kc.mcafee.com/corporate/index?page=content&id=SB10010 nGenuity Information Security: http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201006-0493 CVE-2010-2263 nginx Vulnerabilities in which source code is obtained CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. Nginx is a high-performance web server that is widely used. It is not only often used as a reverse proxy, but also very well supported for PHP. Nginx does not handle user requests correctly. A remote attacker can exploit the vulnerability to obtain script source code information and perform denial of service attacks on the application. nginx is prone to remote source-code-disclosure and denial-of-service vulnerabilities. nginx 0.8.36 for Windows is vulnerable; other versions may also be affected
VAR-201006-0376 CVE-2010-2305 Symantec Sygate Personal Firewall For SSHelper.dll Vulnerable to buffer overflow CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Buffer overflow in an ActiveX control in SSHelper.dll for Symantec Sygate Personal Firewall 5.6 build 2808 allows remote attackers to execute arbitrary code via a long third argument to the SetRegString method. Sygate Personal Firewall ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions. Sygate Personal Firewall 5.6 build 2808 is vulnerable; other versions may also be affected
VAR-201006-1232 CVE-2010-1411 LibTIFF of FAX3 Decoder Fax3SetupState Integer overflow vulnerability in functions CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow. LibTIFF is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application. LibTIFF versions prior to 3.9.3 are vulnerable. Apple Mac OS X is the operating system used by Apple family computers, and Font Book is a font management tool included in Mac OS X. For the stable distribution (lenny), this problem has been fixed in version 3.8.2-11.3. For the unstable distribution (sid), this problem has been fixed in version 3.9.4-1. We recommend that you upgrade your tiff packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.tar.gz Size/MD5 checksum: 1376361 bfbc775f3ea2d698f6c4e57a66a6bc62 http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.dsc Size/MD5 checksum: 965 289fde796cd4d75c185fd380e4ef2611 Architecture independent packages: http://security.debian.org/pool/updates/main/t/tiff/libtiff-doc_3.8.2-11.3_all.deb Size/MD5 checksum: 368936 4fa6c87469e6d2a4ab8b9b609e1cd2b0 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_alpha.deb Size/MD5 checksum: 184038 718aa158afb8b08924079e4c8990f303 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_alpha.deb Size/MD5 checksum: 339202 b4d67d4e554d4e681e54a9951bc6ab88 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_alpha.deb Size/MD5 checksum: 49078 2c6b9d3ee81d1f1ea306d395b51c1731 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_alpha.deb Size/MD5 checksum: 55100 ef3532a300357164438524ca256853fb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_alpha.deb Size/MD5 checksum: 253438 6e72c7d573238d09bdc43a20472b2b29 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_amd64.deb Size/MD5 checksum: 230540 93a89276bd4fe5be5a9d50b040002a70 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_amd64.deb Size/MD5 checksum: 169962 037d13ec48515773798dfc51af404eef http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_amd64.deb Size/MD5 checksum: 54210 d4e1911e9e5f07980e0d71bde8bfc732 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_amd64.deb Size/MD5 checksum: 48846 334988c78cfc87a6a3f9f9a18254f450 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_amd64.deb Size/MD5 checksum: 293176 4aa38a5f29db663094e6af1039b5a32b armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_armel.deb Size/MD5 checksum: 162044 2b4e8648f64119e0ab8e8ab6246270a9 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_armel.deb Size/MD5 checksum: 234150 7481d9317f18ce662f3b8997ce924df8 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_armel.deb Size/MD5 checksum: 55996 26fbcbaccac9a1ee56b681699ff035e3 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_armel.deb Size/MD5 checksum: 48532 30d10222b5e240af5823a2a1cf1b1e26 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_armel.deb Size/MD5 checksum: 278612 97026ca2288156a7c08057afedede29e hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_hppa.deb Size/MD5 checksum: 309128 bf85956e72869e294f893c3f27b6ad37 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_hppa.deb Size/MD5 checksum: 176834 e0f39c8995ba2d40ae444257bf9b5943 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_hppa.deb Size/MD5 checksum: 49746 04935c2e72b8696ccfcd1c303fb83327 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_hppa.deb Size/MD5 checksum: 54552 d4af13d4eb9022e20ce2312d951ba34b http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_hppa.deb Size/MD5 checksum: 241610 97b8a14e8b2cc24197e2b82d01f51775 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_i386.deb Size/MD5 checksum: 275666 b8fb9e1f47d1e29ba82e9ab9c2c5695e http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_i386.deb Size/MD5 checksum: 48830 734c77873fd7f566e2473470b1db31aa http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_i386.deb Size/MD5 checksum: 161636 665df63c672569d63281727a7ac499b0 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_i386.deb Size/MD5 checksum: 53632 5d75e0f199918c8c250b0a48d4b2fd4f http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_i386.deb Size/MD5 checksum: 219164 b3b8468f9a518093440b74fc573a6ee1 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_ia64.deb Size/MD5 checksum: 368628 57e577e4e2a590f89b96204598e14d04 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_ia64.deb Size/MD5 checksum: 56790 4072f1d33f13b2bd419cdd984947a4ce http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_ia64.deb Size/MD5 checksum: 50600 fd59fabeaae51f1b5cf6a675abd2733e http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_ia64.deb Size/MD5 checksum: 230320 54f9d6a2004efac771cdf2856c238032 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_ia64.deb Size/MD5 checksum: 294884 e6b5df4ea911fc1cc788b8ec7302180a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mips.deb Size/MD5 checksum: 228404 3980fe301b7f21ef4a651d970791deb4 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mips.deb Size/MD5 checksum: 54648 c1e21d56c6c3caca4fa5cd3088e0131e http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mips.deb Size/MD5 checksum: 164076 5d3ebd670bb207890c8b01446d9b5286 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mips.deb Size/MD5 checksum: 49246 6b55de1c9cc0588311d490393588fef8 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mips.deb Size/MD5 checksum: 308736 ff1fd350e5516cd2b01fdf63e7038571 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 54422 561140c51e40c2c87d7c38e47ec1ce0f http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 49108 0eed63837509815d380a8ede4617a2c0 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 307868 f0b97d0b90054a568241766cd5e8ac0e http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 164694 69ae3b75909d3fbcf4a748a3f17c4a2e http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 228910 75d5940ed31a0a78f7a5a07cca1c90b9 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 299072 cf872d693b7d6d04caab6395c807a49d http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 51290 4b3b6043a320e3b0efede959db2c993f http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 173516 7fb5e356c35b8161dea064a927f8f524 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 270346 ff150ce3bea37067983a7ea8bdc8ce4f http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 57156 d57b33ff85a8c4775c519bf6868e5dda s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_s390.deb Size/MD5 checksum: 49846 f0d66694ef6247958c18b753690d6cf6 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_s390.deb Size/MD5 checksum: 293844 3f30774b20aada6f011ffeaaf0913ce9 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_s390.deb Size/MD5 checksum: 177474 884dc57fdc438a4a735e123911bcb8dd http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_s390.deb Size/MD5 checksum: 231424 620b24d7eafbb4851b1fd43c96a4445c http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_s390.deb Size/MD5 checksum: 55402 35f4548f8da35b1e25de3bc650fe65c4 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_sparc.deb Size/MD5 checksum: 280198 63347485f32c91c6b449ec33041cf343 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_sparc.deb Size/MD5 checksum: 55224 e64c5173ddd48b8a80f37a8a92a4b8ef http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_sparc.deb Size/MD5 checksum: 160138 a01d761068e08a849cf0aba5f8bf8115 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_sparc.deb Size/MD5 checksum: 49380 07dfbcef878e3d014e55bf7c070f722b http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_sparc.deb Size/MD5 checksum: 224292 c31548079cc7b5aec519f66411cd0eeb These files will probably be moved into the stable distribution on its next update. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libTIFF: Multiple vulnerabilities Date: September 23, 2012 Bugs: #307001, #324885, #357271, #359871, #371308, #410931, #422673, #427166 ID: 201209-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in libTIFF could result in execution of arbitrary code or Denial of Service. Background ========== libTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/tiff < 4.0.2-r1 *>= 3.9.5-r2 >= 4.0.2-r1 Description =========== Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libTIFF 4.0 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.2-r1" All libTIFF 3.9 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.9.5-r2" References ========== [ 1 ] CVE-2009-2347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2347 [ 2 ] CVE-2009-5022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5022 [ 3 ] CVE-2010-1411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1411 [ 4 ] CVE-2010-2065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2065 [ 5 ] CVE-2010-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2067 [ 6 ] CVE-2010-2233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2233 [ 7 ] CVE-2010-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2443 [ 8 ] CVE-2010-2481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2481 [ 9 ] CVE-2010-2482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2482 [ 10 ] CVE-2010-2483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2483 [ 11 ] CVE-2010-2595 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2595 [ 12 ] CVE-2010-2596 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2596 [ 13 ] CVE-2010-2597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2597 [ 14 ] CVE-2010-2630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2630 [ 15 ] CVE-2010-2631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2631 [ 16 ] CVE-2010-3087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3087 [ 17 ] CVE-2010-4665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4665 [ 18 ] CVE-2011-0192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0192 [ 19 ] CVE-2011-0192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0192 [ 20 ] CVE-2011-1167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1167 [ 21 ] CVE-2011-1167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1167 [ 22 ] CVE-2012-1173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1173 [ 23 ] CVE-2012-2088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2088 [ 24 ] CVE-2012-2113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2113 [ 25 ] CVE-2012-3401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3401 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:146 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libtiff Date : August 6, 2010 Affected: 2010.0, 2010.1 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in libtiff: The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to downsampled OJPEG input. (CVE-2010-2233). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2595 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2065 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2483 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2481 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2482 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: ceb7febb41b948977f6196b5bf31d538 2010.0/i586/libtiff3-3.9.1-4.1mdv2010.0.i586.rpm d38ee02dca1666e8d8f7c628e9debcbe 2010.0/i586/libtiff-devel-3.9.1-4.1mdv2010.0.i586.rpm e022bf3d3badddd3c480b4143a8cc2ec 2010.0/i586/libtiff-progs-3.9.1-4.1mdv2010.0.i586.rpm 6f18f9ce3d9582ea3f6f9ddd7b1680d8 2010.0/i586/libtiff-static-devel-3.9.1-4.1mdv2010.0.i586.rpm 69aa854e6935c2d111e44e84225f6f69 2010.0/SRPMS/libtiff-3.9.1-4.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 3965284cc51603cfdc0d9420104b8fd3 2010.0/x86_64/lib64tiff3-3.9.1-4.1mdv2010.0.x86_64.rpm 2768094532f4d1941ef66bae6da6ea15 2010.0/x86_64/lib64tiff-devel-3.9.1-4.1mdv2010.0.x86_64.rpm 2e08c6517abcf34dab75040fbee15212 2010.0/x86_64/lib64tiff-static-devel-3.9.1-4.1mdv2010.0.x86_64.rpm 3c81e78d3c389abcc370add6af857d12 2010.0/x86_64/libtiff-progs-3.9.1-4.1mdv2010.0.x86_64.rpm 69aa854e6935c2d111e44e84225f6f69 2010.0/SRPMS/libtiff-3.9.1-4.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 0ddf3e069a91387a7d85ad5aacd1dd81 2010.1/i586/libtiff3-3.9.2-2.1mdv2010.1.i586.rpm 53d5d64cb3bb34a78d52776d42e0ed16 2010.1/i586/libtiff-devel-3.9.2-2.1mdv2010.1.i586.rpm e549b78e6658cb9a408454bf698e2ead 2010.1/i586/libtiff-progs-3.9.2-2.1mdv2010.1.i586.rpm 821179322f86ba6dcc96dd6afc48fd0f 2010.1/i586/libtiff-static-devel-3.9.2-2.1mdv2010.1.i586.rpm 31563b8124d1953b9c8849e0a63f5422 2010.1/SRPMS/libtiff-3.9.2-2.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: e858e4c72c5191395d4db7f994ffd7c4 2010.1/x86_64/lib64tiff3-3.9.2-2.1mdv2010.1.x86_64.rpm 6bdce5697bc818f57cb56d22ce989b30 2010.1/x86_64/lib64tiff-devel-3.9.2-2.1mdv2010.1.x86_64.rpm daaf9562d71e8076e87578f25b8dbebe 2010.1/x86_64/lib64tiff-static-devel-3.9.2-2.1mdv2010.1.x86_64.rpm 36d9eef4dd2739944f05fe7edd4e76f8 2010.1/x86_64/libtiff-progs-3.9.2-2.1mdv2010.1.x86_64.rpm 31563b8124d1953b9c8849e0a63f5422 2010.1/SRPMS/libtiff-3.9.2-2.1mdv2010.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMXDLBmqjQ0CJFipgRAsxuAJ9WAKaIXwvgmXJzs8W+fgn2/2+E/gCg9RT9 1DtIJJ4PJJj+9xrl7Yhsyw8= =Ov4p -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-954-1 June 21, 2010 tiff vulnerabilities CVE-2010-1411, CVE-2010-2065, CVE-2010-2067 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.8 Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.6 Ubuntu 9.04: libtiff4 3.8.2-11ubuntu0.9.04.6 Ubuntu 9.10: libtiff4 3.8.2-13ubuntu0.3 Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.3 After a standard system update you need to restart your session to make all the necessary changes. Details follow: Kevin Finisterre discovered that the TIFF library did not correctly handle certain image structures. (CVE-2010-1411) Dan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF library. (Only Ubuntu 10.04 LTS was affected.) (CVE-2010-2065, CVE-2010-2067) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.8.diff.gz Size/MD5: 23040 b840c801a3d7fc4d0a1053d6fabbe707 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.8.dsc Size/MD5: 803 d68889478f2962e9b31033bebc892e89 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz Size/MD5: 1280113 02cf5c3820bda83b35bb35b45ae27005 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_amd64.deb Size/MD5: 221050 4d3f5ef363350aa5ade8af964f8cb3ab http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_amd64.deb Size/MD5: 282864 3ab150b16046d29337ba739f09ffee98 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_amd64.deb Size/MD5: 476068 717cb178af7ec2759268c50fd9257300 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_amd64.deb Size/MD5: 44808 e94b7ae7d8c4ed4125db7276f84df640 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_amd64.deb Size/MD5: 49990 ad2f88b3d31e6ce02cc727f834f67fa6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_i386.deb Size/MD5: 206022 713177b3875929efae2c3ff8089067a4 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_i386.deb Size/MD5: 259564 da2b2a54a49072deb1099928d4d21e4f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_i386.deb Size/MD5: 462376 7672d9dab7dfb1c1f80465aedb91c68e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_i386.deb Size/MD5: 44808 6b927f6f57aa78861af48514ddac5918 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_i386.deb Size/MD5: 49330 5206a97516a0b6f76e423c2f90b8cfee powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5: 239948 68f3cdaac63717128344589f976ae975 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5: 288748 96e81fafcef3b4245c80ced08cc5752a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5: 476678 9ee3902c1570f7b9cb458e6ed844abb1 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5: 47040 399804bdbcfbd3d38b976957ffec738b http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_powerpc.deb Size/MD5: 51672 ba92c41d9105bb80729ff263f7955e63 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_sparc.deb Size/MD5: 208940 c67ceaa5d1c09987d580c438874c17f6 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_sparc.deb Size/MD5: 270628 7df1a1ad75e42a84af970eab83163089 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_sparc.deb Size/MD5: 467240 2b85c23af3d8b6c9a82e65736949c131 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_sparc.deb Size/MD5: 44742 e69373d50bf9c942cbf6d8825bca352b http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_sparc.deb Size/MD5: 49878 e8d0bef67675fdb392e77625f435d219 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.6.diff.gz Size/MD5: 21457 7abcb4908ccce79993653514228664a7 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.6.dsc Size/MD5: 899 0a7f751ae5fd3a5cb4dbbef7ab8beba1 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_amd64.deb Size/MD5: 186468 23fd6541a3233e1bb4cda603aaa78284 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_amd64.deb Size/MD5: 571232 95be000d64194a48d01273015edde173 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_amd64.deb Size/MD5: 131246 c272d2494f48d401a6390ef591770e2a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_amd64.deb Size/MD5: 5074 aab0bfd607ea51554611263913f5de9a http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_amd64.deb Size/MD5: 10498 6ca030143c795181a60c4839614ab325 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_i386.deb Size/MD5: 175322 65ce19d8e649dd9213fdd45dfa10c090 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_i386.deb Size/MD5: 552732 64759cd5ab6f5f9b4afbc32dbbff901d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_i386.deb Size/MD5: 123000 f58e75e4d5e334b476fd100ba33edf72 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_i386.deb Size/MD5: 5042 586e14ed6fef1ce1eda11624b297f97f http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_i386.deb Size/MD5: 9940 65217cbdc3ed7c176ab115834d34030e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_lpia.deb Size/MD5: 177018 da50f84cda9ef32d65a5f28ac7e04d8c http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_lpia.deb Size/MD5: 555182 e7e9c90796c183e66bf34d72837e49c3 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_lpia.deb Size/MD5: 124212 e8439778d4c95a5ad750b9d69a6eb309 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_lpia.deb Size/MD5: 4916 09d01db63f70bd66c3a92720ad888281 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_lpia.deb Size/MD5: 9980 4bd91c80378208cd35678ead71081ab6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_powerpc.deb Size/MD5: 223478 71bdc0445e1e63b91ecd6d5cdb3d362c http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_powerpc.deb Size/MD5: 577308 c893f853e3d834379fe34e6d98541500 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_powerpc.deb Size/MD5: 134610 5ca1d77cac23b098008d3079e3d462a4 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_powerpc.deb Size/MD5: 7510 d920d8082d30de0499af5038556fbaa7 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_powerpc.deb Size/MD5: 13286 2cf13645039e3ef9ae085f33b709ec60 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_sparc.deb Size/MD5: 178868 16fd5d7a68d5c119f1cfcfbc7d0f720b http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_sparc.deb Size/MD5: 558590 cef1b1501e6b71beb717da7f110a9829 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_sparc.deb Size/MD5: 122704 1f07fe414230660e0608a4753f5fa456 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_sparc.deb Size/MD5: 4804 836d935afee73d163417e77eae1b5eba http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_sparc.deb Size/MD5: 10700 0ff671fb6a490f6bbf318bc566b9b68e Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-11ubuntu0.9.04.6.diff.gz Size/MD5: 41278 b5e24df5393ac8d3f0c4ea3f065ae4b3 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-11ubuntu0.9.04.6.dsc Size/MD5: 1367 fd03c6190254db93870f7ccd575272d1 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-11ubuntu0.9.04.6_all.deb Size/MD5: 334870 026f8704147696147176f69e92682c28 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_amd64.deb Size/MD5: 191638 c93bc89ad72f5c63476d9fe3ecf5ca0d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_amd64.deb Size/MD5: 250894 d997f30871a19214988da6cd251328b9 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_amd64.deb Size/MD5: 134574 80146acc32c9391baf2ce1c3a8e519c8 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_amd64.deb Size/MD5: 6284 bd1c39ad7746d911e30871c8939d3988 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_amd64.deb Size/MD5: 11902 d12ea8aabdc9a7e67d998115c49e902f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_i386.deb Size/MD5: 176254 38eef2617f8e1fc8b8fbfce314e0d3e9 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_i386.deb Size/MD5: 233732 1d104561bc6950d1b7cadbab771f353c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_i386.deb Size/MD5: 126548 22359cfdca9c56ff2fb01853315f2639 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_i386.deb Size/MD5: 6274 de4dccef0ce17f4a698aba609b33e73c http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_i386.deb Size/MD5: 11244 2297033448604abce36ceed918685799 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_lpia.deb Size/MD5: 178544 7895fa9f7ed7e6310953384cf14b44ac http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_lpia.deb Size/MD5: 236174 a49ffa36dcd626470f6406945f2a9b07 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_lpia.deb Size/MD5: 128182 c15737bbdb79e4ad6747ff1122c9010a http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_lpia.deb Size/MD5: 6132 6c41518edbf30a79fa5c619da6345a2c http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_lpia.deb Size/MD5: 11280 45e30b64c92200cc30ff35c076734f7c powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_powerpc.deb Size/MD5: 221288 3592d9842997a658007ac326caaed2a7 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_powerpc.deb Size/MD5: 256768 834993c1049aca8c12420b92c92f28fb http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_powerpc.deb Size/MD5: 137538 49b4a1e944f909ca495b525c2633a735 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_powerpc.deb Size/MD5: 8730 01803cafeea784dbc818a5e0b280722f http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_powerpc.deb Size/MD5: 14234 2ba3cc6f57abce5c990eef8d7c6fbceb sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_sparc.deb Size/MD5: 183806 f2a9bbe1f571d06e74fc955ac8f59b72 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_sparc.deb Size/MD5: 238044 12858b8bde77b383f1089e8989394b38 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_sparc.deb Size/MD5: 124424 bf09c05c0bc3ec5c21ebdefbb095faa6 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_sparc.deb Size/MD5: 5978 952a5bf270a59b0f873dd1c6a1f67175 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_sparc.deb Size/MD5: 12022 629b0b70778ecd8fe824f3254cf27b90 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.3.diff.gz Size/MD5: 41121 c0ab3072d29ea0360ba47217778d4901 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.3.dsc Size/MD5: 1343 03d22a022fc88888d9d8935e0df737bf http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-13ubuntu0.3_all.deb Size/MD5: 334670 5cc39d1960ed0eaa84b0cef574f9019a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_amd64.deb Size/MD5: 193172 904b26a40f81337d896afb4dc99b6dac http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_amd64.deb Size/MD5: 251358 a2c45975bc8789e05a1fac873c54afdb http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_amd64.deb Size/MD5: 135204 747b17ea960047cfe980951780e16343 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_amd64.deb Size/MD5: 6330 1784c3b86fe6a9a68f8411b7ad816d4a http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_amd64.deb Size/MD5: 12006 24240bf743cd23ce670b4b486a7408a6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_i386.deb Size/MD5: 175842 008409a183baa37db8c1c45a8f094a44 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_i386.deb Size/MD5: 231870 56bb188c4596af1b901be03032d9a617 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_i386.deb Size/MD5: 124248 3708797ed53d0d0b58769ff729ff18c0 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_i386.deb Size/MD5: 6446 cb3263d1be21404f7cb72866fdf6ad2a http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_i386.deb Size/MD5: 11302 628741204ad187f2d66f724c49ee47f7 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_lpia.deb Size/MD5: 177048 64a59e0441238751d0e74e47e414d27e http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_lpia.deb Size/MD5: 234210 73343fb5872ff0d51c90ffc1cc841c9f http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_lpia.deb Size/MD5: 125892 2f7f51f21359bec31fdb219176d46517 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_lpia.deb Size/MD5: 6314 5bd86ff35a7592a8cb6cc4fe5a19073f http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_lpia.deb Size/MD5: 11342 36a53ad5737a7381f123f9ba65efb694 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_powerpc.deb Size/MD5: 191502 c6b963c4009baaa04afe123c7ec99f9c http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_powerpc.deb Size/MD5: 256282 8110d1fade42b772fbc2072ea209eb97 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_powerpc.deb Size/MD5: 136778 dbba3ac2c70dbf380fe242bd68c53fa3 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_powerpc.deb Size/MD5: 6736 1f111239548e12c69db166e59a190b3c http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_powerpc.deb Size/MD5: 12086 0d49955b527ff8a6ff4943120ba553c5 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_sparc.deb Size/MD5: 184286 06388a8d95b34d4bfb7247c47c07906c http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_sparc.deb Size/MD5: 236968 4208eb62edba48bbd6d280eedda2a0a4 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_sparc.deb Size/MD5: 124514 a6446a90d3e9d5629f8105603c9474dd http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_sparc.deb Size/MD5: 6100 76a69eccc98c82be32b0481df58d3de9 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_sparc.deb Size/MD5: 12026 c23e8ab257390fe565ebf103a8edaeb9 Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.3.diff.gz Size/MD5: 17310 779fdd57e79090bedcec10b26eaf08ec http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.3.dsc Size/MD5: 1339 7d001b20ea0677cb63bbb4becf8ff69f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2.orig.tar.gz Size/MD5: 1419742 93e56e421679c591de7552db13384cb8 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.2-2ubuntu0.3_all.deb Size/MD5: 342306 e17c62cb61768cd0885bd5c71caa7f67 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_amd64.deb Size/MD5: 252274 0b359ab56d43865968c690765ef96a23 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_amd64.deb Size/MD5: 269444 364252fef2d31f9a59be006a60c6794e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_amd64.deb Size/MD5: 148610 19d95336d35bffd635787ac1174c6716 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_amd64.deb Size/MD5: 6390 7236b5c267df2ae7fbb805768c4d6314 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_amd64.deb Size/MD5: 12034 ad15f0ac0f19016a4498c3f22f90de43 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_i386.deb Size/MD5: 232412 def529fa30067e222a10ce03fb4651e2 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_i386.deb Size/MD5: 246484 3f78b62e3e411a05fcf9f97a9f77f21c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_i386.deb Size/MD5: 136176 0fae675d248b4ab7cf77018d860a55ce http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_i386.deb Size/MD5: 6492 fb5a44eaef7ee218d83a4482bd331c69 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_i386.deb Size/MD5: 11290 c9ee0da107d51715c41bc5513a302532 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_powerpc.deb Size/MD5: 253470 7fbf59b850974984a419f752830da31b http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_powerpc.deb Size/MD5: 275072 a174c0a69bbe402b3d17a0085e69952d http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_powerpc.deb Size/MD5: 150222 e460e28329d5754c4670647d08a2c9fb http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_powerpc.deb Size/MD5: 6774 f5f491424e932a100199e8274d7b8eef http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_powerpc.deb Size/MD5: 12098 c18d01ecf566a05ef689b2224bf0c343 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_sparc.deb Size/MD5: 248748 fc6cc955db82161bffe7ebf0dd5a4aea http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_sparc.deb Size/MD5: 257150 ccb51b6b25aa92dc09140d0fda8ef2b5 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_sparc.deb Size/MD5: 142870 5644962072cf924c15a559f9a0f00ddc http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_sparc.deb Size/MD5: 6238 d11701e3eb25d8201e363314c5ea4bbb http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_sparc.deb Size/MD5: 11922 be82dd608f5e01be8117b48eaa567ca0
VAR-201006-0362 CVE-2010-2291 snom VoIP Phone of Web Vulnerability that circumvents interface restrictions CVSS V2: 3.3
CVSS V3: -
Severity: LOW
Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information. Attackers can exploit this issue to bypass certain security restrictions and edit user credentials. snom VoIP phone firmware versions prior to 8.2.35 are vulnerable. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Snom VoIP Phone Firmware User Interface Security Bypass SECUNIA ADVISORY ID: SA37635 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/37635/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=37635 RELEASE DATE: 2010-06-11 DISCUSS ADVISORY: http://secunia.com/advisories/37635/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/37635/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=37635 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Snom VoIP Phone Firmware, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is reported in 8.2 releases prior to 8.2.35. SOLUTION: Update to version 8.2.35. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://wiki.snom.com/Firmware/V8/Release_Notes/8.2.35 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201006-0270 CVE-2010-1570 Cisco UCCX of CTI Service disruption in server components (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote attackers to cause a denial of service (CTI server and Node Manager failure) via a malformed CTI message. An attacker can exploit this issue to cause active agents to logout, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCso89629. These vulnerabilities are independent of each other. Exploitation of these vulnerabilities could result in a DoS condition or an information disclosure. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20100609-uccx.shtml Affected Products ================= Cisco UCCX is an integrated "contact center in a box" solution for use in deployments of up to 300 agents. Vulnerable Products +------------------ The vulnerabilities described in this document affect the following products: * Cisco UCCX versions 5.x, 6.x, and 7.x * Cisco Customer Response Solution (CRS) versions 5.x, 6.x, and 7.x * Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) versions 5.x, 6.x, and 7.x Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. The CTI server is only started when the Integrated Call Distribution (ICD) license is enabled, Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) deployments are not affected by the CTI server DoS vulnerability. The CTI server listens by default on TCP port 42027, although the port number can be changed in the System Port Parameters screen. Directory Traversal Vulnerability +-------------------------------- A directory traversal vulnerability exists in the bootstrap service of the Cisco UCCX product that allows read access to any file on the system. This vulnerability is triggered by bootstrap messages addressed to TCP port 6295. The bootstrap service is used to keep the UCCX configuration synchronized across servers in a high-availability deployment model. All deployment modes can be affected, such as ICD, ICM and IP-IVR, but only if a second node has been added to the configuration. (Nodes can be listed using the Cisco UCCX Administration Web interface with the Server option in the System pull-down taskbar). A high-availability license is not required for a system to be vulnerable. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCso89629 - CTI Service DoS Vulnerability (UCCX) CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsx76165 - Bootstrap Service Directory Traversal Vulnerability (UCCX) CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the Cisco UCCX CTI server DoS vulnerability will cause the agents to logout, and the Cisco UCCX server will be temporarily unavailable to agents until the node manager service and CTI server complete their automatic restart. Repeated attempts to exploit this vulnerability could result in a sustained DoS condition. Successful exploitation of the Cisco UCCX bootstrap service directory traversal vulnerability enables an unauthenticated attacker to read any file on the system. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. The following tables indicate the versions of Cisco UCCX affected by the vulnerabilities described in this document. All the vulnerabilities are fixed in the latest versions of the products. CSCso89629 - CTI service DoS vulnerability (Cisco UCCX) +---------------------------------------------+ | Release | Vulnerable | First Fixed in | |---------+----------------+------------------| | 8.0 | Not vulnerable | | |---------+----------------+------------------| | 7.0 | Vulnerable | 7.0(1)SR4, 7.0 | | | | (2) | |---------+----------------+------------------| | 6.0 | Vulnerable | 6.0(1) SR1 | |---------+----------------+------------------| | 5.0 | Vulnerable | 5.0(2)SR3 | +---------------------------------------------+ CSCsx76165 - Bootstrap service information disclosure vulnerability (Cisco UCCX) +---------------------------------------------+ | Release | Vulnerable | First Fixed in | |---------+-------------+---------------------| | 8.0 | Not | | | | vulnerable | | |---------+-------------+---------------------| | 7.0 | Vulnerable | 7.0(1)SR2, 7.0(2) | |---------+-------------+---------------------| | 6.0 | Vulnerable | Update to a fixed | | | | release | |---------+-------------+---------------------| | 5.0 | Vulnerable | 5.0(2)SR3 | +---------------------------------------------+ Workarounds =========== There are no workarounds for these vulnerabilities. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20100609-uccx.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at: http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. The DoS vulnerability was found during Cisco internal testing, and the bootstrap service directory traversal vulnerability was reported to the Cisco Technical Assistance Center (TAC) by a customer. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100609-uccx.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------------+ | Revision | 2010-June-09 | Initial public | | 1.0 | | release. | +---------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFMDsr986n/Gc8U/uARAjPCAJoDHkSUpMORQLoL4zxxrQ8QB1QGyACcDk8E NAOf5ZPRZU4uki85FJsRtzU= =z7OE -----END PGP SIGNATURE-----
VAR-201006-0272 CVE-2010-1572 Cisco AXP Vulnerabilities in Administrator Support in the Technical Support Diagnostic Shell CVSS V2: 9.0
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in the tech support diagnostic shell in Cisco Application Extension Platform (AXP) 1.1 and 1.1.5 allows local users to obtain sensitive configuration information and gain administrator privileges via unspecified API calls. Cisco AXP consists of Linux-based open Cisco ISR hardware modules for application development and hosting. The technical support shell can be accessed using the techsupport support shell command. The authenticated Cisco AXP user can use the API to execute commands on the Cisco ISR. The Cisco AXP 1.5 release requires AXP users to be set up in the ISR configuration before using the API to execute commands. Cisco Application Extension Platform (AXP) is prone to a remote privilege-escalation vulnerability. This issue is tracked by Cisco Bug ID CSCtb65413. An authenticated attacker can exploit this issue to gain administrative access to the affected application. This may lead to a full compromise of the affected computer or aid in further attacks. The following are vulnerable: Cisco Application Extension Platform 1.1 Cisco Application Extension Platform 1.1.5 (when upgraded from 1.1). Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCtb65413 - AXP techsupport shell privilege escalation vulnerabilities CVSS Base Score - 9 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability may allow an authenticated user to obtain complete administrative access to a vulnerable Cisco Application Extension Platform module. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Workarounds =========== There is no workaround for this vulnerability. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Cisco Application Extension Platform software version 1.1.7 can be downloaded at the following link: http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=1.1.7&mdfid=282831883&sftType=Application+Extension+Platform+Installation+Packages&optPlat=&nodecount=2&edesignator=null&modelName=Cisco+Application+Extension+Platform+Version+1.1&treeMdfId=268437899&treeName=Routers&modifmdfid=null&imname=&hybrid=Y&imst=N&lr=Y Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at: http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was reported to Cisco by n.runs AG. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100609-axp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------------+ | Revision | 2010-June-09 | Initial puiblic | | 1.0 | | release. | +---------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD4DBQFMDswe86n/Gc8U/uARAsyIAJ9Xy21nCPKCfpqwjQCBD9nDnkeuyACWMBWR L6wENZxv1+jhhzroz0gEJg== =y/rh -----END PGP SIGNATURE-----
VAR-201006-0258 CVE-2010-2261 Linksys WAP54Gv3 Vulnerable to arbitrary command execution CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. WAP54Gv3 is prone to a remote security vulnerability. Linksys WAP54Gv3 firmware has multiple arbitrary command execution vulnerabilities. These parameters include: data2 parameter and data3 parameter of Debug_command_page.asp and debug.cgi
VAR-201006-0271 CVE-2010-1571 Cisco UCCX of bootstrap Directory traversal vulnerability in services CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295. Cisco Unified Contact Center Express is prone to a directory-traversal vulnerability. An attacker can exploit this issue to view any file on the computer through the bootstrap service. Successful exploits may lead to other attacks. This issue is tracked by Cisco BugID CSCsx76165. These vulnerabilities are independent of each other. Exploitation of these vulnerabilities could result in a DoS condition or an information disclosure. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20100609-uccx.shtml Affected Products ================= Cisco UCCX is an integrated "contact center in a box" solution for use in deployments of up to 300 agents. Vulnerable Products +------------------ The vulnerabilities described in this document affect the following products: * Cisco UCCX versions 5.x, 6.x, and 7.x * Cisco Customer Response Solution (CRS) versions 5.x, 6.x, and 7.x * Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) versions 5.x, 6.x, and 7.x Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Denial of Service Vulnerabilities +-------------------------------- A DoS vulnerability exists in the computer telephony integration (CTI) server component of the Cisco UCCX product. The CTI server is only started when the Integrated Call Distribution (ICD) license is enabled, Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) deployments are not affected by the CTI server DoS vulnerability. The CTI server listens by default on TCP port 42027, although the port number can be changed in the System Port Parameters screen. This vulnerability is triggered by malformed CTI messages addressed to the vulnerable systems that could cause the CTI server and the Cisco Unified CCX Node Manager to fail, and all active agents will be logged out. The DoS condition will be temporal and the Cisco UCCX system will become operational again once the node manager and the CTI server complete their automatic restart. This vulnerability is documented in Cisco Bug ID CSCso89629 and has been assigned CVE ID CVE-2010-1570. This vulnerability is triggered by bootstrap messages addressed to TCP port 6295. The bootstrap service is used to keep the UCCX configuration synchronized across servers in a high-availability deployment model. All deployment modes can be affected, such as ICD, ICM and IP-IVR, but only if a second node has been added to the configuration. (Nodes can be listed using the Cisco UCCX Administration Web interface with the Server option in the System pull-down taskbar). A high-availability license is not required for a system to be vulnerable. This vulnerability is documented in Cisco Bug ID CSCsx76165 and has been assigned CVE ID CVE-2010-1571. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCso89629 - CTI Service DoS Vulnerability (UCCX) CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsx76165 - Bootstrap Service Directory Traversal Vulnerability (UCCX) CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the Cisco UCCX CTI server DoS vulnerability will cause the agents to logout, and the Cisco UCCX server will be temporarily unavailable to agents until the node manager service and CTI server complete their automatic restart. Repeated attempts to exploit this vulnerability could result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. The following tables indicate the versions of Cisco UCCX affected by the vulnerabilities described in this document. All the vulnerabilities are fixed in the latest versions of the products. CSCso89629 - CTI service DoS vulnerability (Cisco UCCX) +---------------------------------------------+ | Release | Vulnerable | First Fixed in | |---------+----------------+------------------| | 8.0 | Not vulnerable | | |---------+----------------+------------------| | 7.0 | Vulnerable | 7.0(1)SR4, 7.0 | | | | (2) | |---------+----------------+------------------| | 6.0 | Vulnerable | 6.0(1) SR1 | |---------+----------------+------------------| | 5.0 | Vulnerable | 5.0(2)SR3 | +---------------------------------------------+ CSCsx76165 - Bootstrap service information disclosure vulnerability (Cisco UCCX) +---------------------------------------------+ | Release | Vulnerable | First Fixed in | |---------+-------------+---------------------| | 8.0 | Not | | | | vulnerable | | |---------+-------------+---------------------| | 7.0 | Vulnerable | 7.0(1)SR2, 7.0(2) | |---------+-------------+---------------------| | 6.0 | Vulnerable | Update to a fixed | | | | release | |---------+-------------+---------------------| | 5.0 | Vulnerable | 5.0(2)SR3 | +---------------------------------------------+ Workarounds =========== There are no workarounds for these vulnerabilities. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20100609-uccx.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at: http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100609-uccx.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------------+ | Revision | 2010-June-09 | Initial public | | 1.0 | | release. | +---------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFMDsr986n/Gc8U/uARAjPCAJoDHkSUpMORQLoL4zxxrQ8QB1QGyACcDk8E NAOf5ZPRZU4uki85FJsRtzU= =z7OE -----END PGP SIGNATURE-----
VAR-201006-0427 CVE-2010-2289 Juniper Networks IVE of dana/home/homepage.cgi Open redirect vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Open redirect vulnerability in dana/home/homepage.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Location parameter. Juniper Networks IVE OS is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks; other attacks are also possible. IVE OS 6.5R1.0 and 6.5R2.0 are vulnerable; prior versions may also be affected. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Juniper IVE OS Redirection Weakness SECUNIA ADVISORY ID: SA40117 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40117/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40117 RELEASE DATE: 2010-06-11 DISCUSS ADVISORY: http://secunia.com/advisories/40117/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40117/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40117 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Richard Brain has reported a weakness in Juniper IVE OS, which can be exploited by malicious people to conduct redirection attacks. The weakness is caused due to the homepage.cgi script allowing to redirect users to a site specified by an attacker. This can be exploited to e.g. redirect users to an (untrusted) fake site. The weakness is reported in version 6.5R1 (Build 14599) and version 6.5R2 (Build 14951) using Model SA-2000. SOLUTION: Update to version 6.5R3.1 (build 15255). PROVIDED AND/OR DISCOVERED BY: Richard Brain, ProCheckUp Ltd ORIGINAL ADVISORY: Juniper: http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-05-751&viewMode=view ProCheckUp Ltd: http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-17 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201006-0273 CVE-2010-1573 Linksys WAP54Gv3 firmware web page debugging interface trust management vulnerability

Related entries in the VARIoT exploits database: VAR-E-201006-1691		 CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. (1) Debug_command_page.asp and debug.cgi to data1 parameters (2) Debug_command_page.asp and debug.cgi to data2 parameters (3) Debug_command_page.asp and debug.cgi to data3 parameters. Successful attacks allow an attacker to gain access to the device. Linksys WAP54Gv3 wireless router devices are prone to a security-bypass vulnerability because they allow access to debugging scripts through hard coded credentials. The following firmware versions are vulnerable: 3.05.03 (Europe) 3.04.03 (US) Other versions or devices may also be affected. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Linksys WAP54G Undocumented Debug Interface Vulnerability SECUNIA ADVISORY ID: SA40103 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40103/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40103 RELEASE DATE: 2010-06-10 DISCUSS ADVISORY: http://secunia.com/advisories/40103/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40103/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40103 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Cristofaro Mune has reported a vulnerability in Linksys WAP54G, which can be exploited by malicious people to compromise a vulnerable device. The vulnerability is caused due to the device containing the undocumented "Debug_command_page.asp" and "debug.cgi" debug scripts. This can be exploited to e.g. gain root access by accessing the debug scripts using hard-coded credentials. The vulnerability is reported in version 3.05.03 and 3.04.03. Note: Reportedly, this only affects devices running a firmware approved for EMEA (Europe, Middle East, and Africa). SOLUTION: Restrict access using a proxy or firewall. PROVIDED AND/OR DISCOVERED BY: Cristofaro Mune ORIGINAL ADVISORY: http://www.icysilence.org/?p=268 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201006-0501 No CVE Motorola SB5101 Haxorware Firmware Denial of Service Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
The Motorola SB5101 is a cable modem. Motorola SB5101 Hax0rware has multiple security vulnerabilities that allow remote attackers to perform denial of service attacks on devices. - Unverified attackers can send multiple log reset requests to the eventlog.cgi script to restart the device and cause a denial of service attack. - The unauthenticated attacker sends a GET request with more than 1 byte but no correct request line to the device 80 port, such as [ GET /somepath/file.cgi ], the http daemon crashes. Motorola SB5101 Haxorware Firmware is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause the application to crash, resulting in a denial-of-service condition. Haxorware 1.1 R30, 1.1 R32 and 1.1 R39 are vulnerable; other versions may also be affected
VAR-201006-0514 No CVE Stack-Based Buffer Overflow Vulnerability in Collaboration Common Utility CVSS V2: 10.0
CVSS V3: -
Severity: High
Collaboration Common Utility, a component of multiple Hitachi products, is vulnerable to stack-based buffer overflow when the Drag and Drop Component for Collaboration feature is also installed.No details available.
VAR-201006-1162 CVE-2010-1410 Apple Safari of WebKit Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements. WebKit is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into viewing a malicious webpage. Successful exploits can allow the attacker to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 40620 (Apple Safari Prior to 5.0 and 4.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
VAR-201006-1139 CVE-2010-1408 Apple Safari of WebKit Vulnerabilities that bypass restrictions CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099. This vulnerability CVE-2010-1099 And may be duplicated.Non-default via a crafted port number by a third party TCP Limitations may be avoided when connecting externally to the port. WebKit is prone to an information-disclosure vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into viewing a malicious webpage. Successful exploits can allow the attacker to gain access to sensitive information. NOTE: This issue was previously covered in BID 40620 (Apple Safari Prior to 5.0 and 4.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
VAR-201006-1235 CVE-2010-1256 Microsoft IIS Vulnerable to arbitrary code execution CVSS V2: 8.5
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability.". Microsoft IIS is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects IIS 6.0, 7.0 and 7.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-159B Microsoft Updates for Multiple Vulnerabilities Original release date: June 08, 2010 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer * Microsoft Office * Microsoft SharePoint Services * Microsoft .NET Framework Overview Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Office, Microsoft SharePoint Services, and Microsoft .NET Framework. I. Description The Microsoft Security Bulletin Summary for June 2010 describes vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint Services, and .NET Framework. Microsoft has released updates to address the vulnerabilities. II. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for June 2010. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for June 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-159B.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA10-159B Feedback VU#855166" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History June 08, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTA6Wzj6pPKYJORa3AQLl4Qf/dTsaW53BBruyFOcypbooTw5ULG9E5wPa /DEiksCuX8hYOoev9jDDyhXZQIaE2OrkWdLpJJBtXwJJ4XhBqyni3fhQFrIkwGVQ 3w3068TGE6v/sjV/W/qWmkZjl4r+FIcR9VRlulLet9ZZAxoJ7VgTg/1O8eixr7SO HpO+Xb3l3d4/XUGtTKCu5DsTTD1l6qQr66m3l4o26Bj834qfh0fvfneZHXCy3PUH /lE3nFxH3M+JOQEdapgc/aYVnrcroZKix61lfs2S1NIUxvBAxea0UFZtywIId0hK Sh2LGp7tUlXpfk8oo8LMgKG1y25xYmLE5WYIhO4E6Mas3jT/9ArwHQ== =mq6Z -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Microsoft Internet Information Services Authentication Memory Corruption SECUNIA ADVISORY ID: SA40079 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40079/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40079 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40079/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40079/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40079 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Internet Information Services, which can be exploited by malicious users to potentially compromise a vulnerable system. The vulnerability is caused due to improper handling of authentication tokens and can be exploited to corrupt memory via a specially a crafted authentication packet. Successful exploitation requires the "Extended Protection for Authentication" feature to be enabled (disabled by default). SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS10-040 (KB982666): http://www.microsoft.com/technet/security/bulletin/MS10-040.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201006-1122 CVE-2010-1389 Apple Safari of WebKit Vulnerable to cross-site scripting CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2010-06-07-1. Attackers can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks may result in information-disclosure, remote code-execution, denial-of-service, or other consequences. This BID is being retired. The following individual records exist to better document the issues: 40642 WebKit 'removeChild()' Remote Code Execution Vulnerability 40644 WebKit HTML Button Use After Free Remote Code Execution Vulnerability 40645 WebKit Marquee Event 'SelectionController' Remote Code Execution Vulnerability 40646 WebKit Editable Containers Remote Code Execution Vulnerability 40647 WebKit Option Element 'ContentEditable' Attribute Remote Code Execution Vulnerability 40649 WebKit 'ConditionEventListener' Remote Code Execution Vulnerability 40650 WebKit 'DOCUMENT_POSITION_DISCONNECTED' Attribute Remote Code Execution Vulnerability 40652 WebKit SVG 'RadialGradient' Attribute Remote Code Execution Vulnerability 40653 WebKit IBM1147 Character Set Text Transform Remote Code Execution Vulnerability 40654 WebKit Option Recursive Use Element Remote Code Execution Vulnerability 40655 WebKit 'first-letter' CSS Style Remote Code Execution Vulnerability 40656 WebKit SVG 'use' Element Remote Code Execution Vulnerability 40657 WebKit SVG 'use' Element Remote Code Execution Vulnerability 40658 WebKit Caption Element Handling Remote Code Execution Vulnerability 40659 WebKit Custom Vertical Positioning Remote Code Execution Vulnerability 40660 WebKit Dragging or Pasting Cross Domain Scripting Vulnerability 40661 WebKit Use After Free Remote Code Execution Vulnerability 40662 WebKit Hover Event Handling Remote Code Execution Vulnerability 40663 WebKit DOM Range Objects Remote Code Execution Vulnerability 40665 WebKit 'Node.normalize' Method Remote Code Execution Vulnerability 40665 WebKit 'Node.normalize' Method Remote Code Execution Vulnerability 40666 WebKit 'removeChild' DOM Method Remote Code Execution Vulnerability 40667 WebKit HTML Document Subtrees Remote Code Execution Vulnerability 40668 WebKit 'libxml' Context Handling Remote Code Execution Vulnerability 40669 Webkit UTF-7 Cross-Site Scripting Vulnerability 40670 WebKit Fonts Handling Remote Code Execution Vulnerability 40671 WebKit HTML Tables Remote Code Execution Vulnerability 40672 WebKit CSS-Styled HTML Handling Remote Code Execution Vulnerability 40673 Apple Safari PDF Handling Remote Code Execution Vulnerability 40674 Apple Safari Window Management Remote Code Execution Vulnerability 40675 Webkit HTML Document Fragments Cross Site Scripting Vulnerability 40697 WebKit Integer Truncation TCP Port Information Disclosure Vulnerability 40698 WebKit Keyboard Focus Cross Domain Information Disclosure Vulnerability 40704 Apple Safari Authentication Data URI Spoofing Vulnerability 40705 WebKit IRC Port Blacklist Information Disclosure Vulnerability 40707 Webkit DOM Constructor Object Cross Site Scripting Vulnerability 40710 WebKit 'frame.src' Validation Cross Site Scripting Vulnerability 40714 WebKit SVG Image Pattern Cross Domain Security Bypass Vulnerability 40717 WebKit Empty Hostname URI Handling Cross Site Scripting Vulnerability 40726 Webkit 'textarea' Element Cross-Site Scripting Vulnerability 40727 WebKit Cascading Stylesheets 'HREF' Information Disclosure Vulnerability 40732 WebKit HTTP Redirects Information Disclosure Vulnerability 40733 WebKit NTLM Credentials Information Disclosure Vulnerability 40750 WebKit HTTPS Redirect Information Disclosure Vulnerability 40752 WebKit HTTP URI Clipboard Information Disclosure Vulnerability 40753 WebKit Local Storage and Web SQL Database Directory Traversal Vulnerability 40754 WebKit 'execCommand()' Function Clipboard Overwrite Security Weakness 40756 WebKit ':visited' CSS Pseudo-class Information Disclosure Vulnerability. WebKit is prone to a cross-domain scripting vulnerability. An attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information, or to launch other attacks against sites. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40105 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40105/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40105 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40105/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40105/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40105 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system. 1) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to potentially execute arbitrary code. This is related to vulnerability #2 in: SA36096 2) The browser follows links containing arbitrary user information without warning, which can be exploited to facilitate phishing attacks via specially crafted URLs. 3) A use-after-free error when handling PDF files can be exploited to potentially execute arbitrary code. 4) An error in WebKit when handling clipboard URLs can be exploited to disclose sensitive files if a user is tricked into dragging or pasting links or images to a malicious website. 5) An error in WebKit when a selection from a website is dragged or pasted into another website can be exploited to potentially execute arbitrary JavaScript code in the context of the destination website. 6) An error in WebKit when handling UTF-7 encoded text can be exploited to leave an HTML quoted string unterminated and facilitate cross-site scripting attacks. 7) An input sanitation error in WebKit when handling Local Storage and Web SQL databases can be exploited to create database files in arbitrary directories via directory traversal attacks. 8) A use-after-free error in WebKit when rendering HTML buttons can be exploited to potentially execute arbitrary code. 9) A use-after-free error in WebKit when handling attribute manipulations can be exploited to potentially execute arbitrary code. 10) An error in WebKit when handling HTML document fragments can be exploited to execute arbitrary JavaScript code in a legitimate context processing foreign HTML fragments. 11) An error in WebKit when handling keyboard focus can be exploited to deliver key press events intended for a different frame. 12) An error in WebKit when handling DOM constructor objects can be exploited to conduct cross-site scripting attacks. 13) A use-after-free error in WebKit when handling the removal of container elements can be exploited to potentially execute arbitrary code. 14) A use-after-free error in WebKit when rendering a selection at the time of a layout change can be exploited to potentially execute arbitrary code. 15) An error in WebKit when handling ordered list insertions can be exploited to corrupt memory and potentially execute arbitrary code. 16) An uninitialised memory access error in WebKit when handling selection changes on form input elements can be exploited to potentially execute arbitrary code. 17) A use-after-free error in WebKit when handling caption elements can be exploited to potentially execute arbitrary code. 18) A use-after-free error in WebKit when handling the ":first-letter" pseudo-element in cascading stylesheets can be exploited to potentially execute arbitrary code. 19) A double-free error in WebKit when handling event listeners in SVG documents can be exploited to potentially execute arbitrary code. 20) An uninitialised memory access error in WebKit when handling "use" elements in SVG documents can be exploited to potentially execute arbitrary code. 21) A use-after-free error in WebKit when handling SVG documents with multiple "use" elements can be exploited to potentially execute arbitrary code. 22) An error in WebKit when handling nested "use" elements in SVG documents can be exploited to corrupt memory and potentially execute arbitrary code. 23) A use-after-free error in WebKit when handling CSS run-ins can be exploited to potentially execute arbitrary code. 24) A use-after-free error in WebKit when handling HTML elements with custom vertical positioning can be exploited to potentially execute arbitrary code. 25) An error exists in WebKit when visiting HTTPS websites redirecting to HTTP websites. This can be exploited to disclose potentially sensitive information contained in the HTTPS URL by reading the "Referer" header. 26) An integer truncation error in WebKit when handling TCP requests can be exploited to pass arbitrary data to arbitrary TCP ports. 27) An error in WebKit when processing connections to IRC ports can be exploited to send arbitrary data to arbitrary IRC servers. 28) A use-after-free error in WebKit when handling hover events can be exploited to potentially execute arbitrary code. 29) An error in WebKit can be exploited to read NTLM credentials that are incorrectly transmitted in plain-text via Man-in-the-Middle (MitM) attacks. 30) A use-after-free error in WebKit when handling the "removeChild" DOM method can be exploited to potentially execute arbitrary code. 31) An error in WebKit when handling libxml contexts can be exploited to potentially execute arbitrary code. 32) An error in WebKit when handling a canvas with an SVG image pattern can be exploited to load and capture an image from another website. 33) An error in WebKit when rendering CSS-styled HTML content with multiple ":after" pseudo-selectors can be exploited to corrupt memory and potentially execute arbitrary code. 34) An error in WebKit when handling the "src" attribute of a frame element can be exploited to facilitate cross-site scripting attacks. 35) A use-after-free error in WebKit when handling drag and drop operations can be exploited to potentially execute arbitrary code. 36) An error in the implementation of the JavaScript "execCommand" function can be exploited to modify the contents of the clipboard. 37) An error when handling malformed URLs can be exploited to bypass the same-origin policy and execute arbitrary script code in the context of a different domain. 38) A use-after-free error in WebKit when handling DOM "Range" objects can be exploited to potentially execute arbitrary code. 39) A use-after-free error in WebKit when handling the "Node.normalize()" method can be exploited to potentially execute arbitrary code. 40) A use-after-free error in WebKit when rendering HTML document subtrees can be exploited to potentially execute arbitrary code. 42) An error in WebKit when visiting a website which redirects form submissions to a redirecting website can be exploited disclose submitted data. 43) A type checking error in WebKit when handling text nodes can be exploited to potentially execute arbitrary code. 44) A use-after-free error in WebKit when handling fonts can be exploited to potentially execute arbitrary code. 45) An error in WebKit when handling HTML tables can be exploited to trigger an out-of-bounds memory access and potentially execute arbitrary code. 46) An error in WebKit when handling the CSS ":visited" pseudo-class can be exploited to disclose visited websites. SOLUTION: Update to version 4.1 (available only for Mac OS X v10.4 systems) or upgrade to version 5.0. PROVIDED AND/OR DISCOVERED BY: 37) Michal Zalewski The vendor also credits: 1) Chris Evans of the Google Security Team, and Andrzej Dyjak 2) Abhishek Arya of Google 3) Borja Marcos of Sarenet 4) Eric Seidel of Google 5) Paul Stone of Context Information Security 6) Masahiro Yamada 8) Matthieu Bonetti of Vupen 9) Ralf Philipp Weinmann working with TippingPoint's Zero Day Initiative 10, 41) Eduardo Vela Nava (sirdarckcat) of Google 11) Michal Zalewski of Google 12) Gianni "gf3" Chiappetta of Runlevel6 13, 15, 16, 18, 19, 20, 21, 23, 43) wushi of team509, working with TippingPoint's Zero Day Initiative 14) wushi and Z of team509, working with TippingPoint's Zero Day Initiative 17) regenrecht working with iDefense 22, 31) Aki Helin of OUSPG 24) Ojan Vafai of Google 25) Colin Percival of Tarsnap 28) Dave Bowker 30) Mark Dowd of Azimuth Security 32) Chris Evans of Google 33, 45) wushi of team509 34) Sergey Glazunov 35) kuzzcc, and Skylined of Google Chrome Security Team 38) Yaar Schnitman of Google 39) Mark Dowd 40) James Robinson of Google 42) Marc Worrell of WhatWebWhat ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4196 Michal Zalewski: http://lcamtuf.blogspot.com/2010/06/safari-tale-of-betrayal-and-revenge.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. For more information: SA36677 SA37346 SA37769 SA37931 SA38545 SA38932 SA39091 SA39651 SA40105 SA40196 SA40479 SA40664 SA41014 SA41085 SA41242 SA41328 SOLUTION: Apply updated packages. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)
VAR-201006-1259 CVE-2010-1402 Apple Safari of WebKit Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within how the application duplicates event listeners in .svg documents. Upon creating an AnimateTransform object, the library will create a timer to handle the transformation and duplicate the object's event listener into Webkit's "shadow tree" of the image. Upon destruction of the shadow tree and the original tree, the application will destroy the Element containing the event listener twice. This can lead to code execution under the context of the application. An attacker can exploit this issue by enticing an unsuspecting user into viewing a malicious webpage. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 40620 (Apple Safari Prior to 5.0 and 4.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ZDI-10-100: Apple Webkit ConditionEventListener Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-100 June 8, 2010 -- CVE ID: CVE-2010-1402 -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9873. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4196 -- Disclosure Timeline: 2010-02-18 - Vulnerability reported to vendor 2010-06-08 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * wushi of team509 -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi
VAR-201006-1253 CVE-2010-1770 Apple Safari of WebKit Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue.". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within Webkit's support of character sets. If the IBM1147 character set is applied to a particular element and that element has a text transformation applied to it, the application will attempt to access an object that doesn't exist in order to perform the transformation. Successful exploitation will lead to code execution under the context of the web-browser. WebKit is prone to a remote code-execution vulnerability related to text transformations. An attacker can exploit this issue by enticing an unsuspecting victim into viewing a malicious webpage. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 40620 (Apple Safari Prior to 5.0 and 4.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ZDI-10-093: Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-093 June 8, 2010 -- CVE ID: CVE-2010-1770 -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9858. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4196 -- Disclosure Timeline: 2010-05-03 - Vulnerability reported to vendor 2010-06-08 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * wushi of team509 -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi
VAR-201006-1245 CVE-2010-1416 Apple Safari of WebKit Vulnerability to read images from other sites CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue.". WebKit is prone to a cross-domain security-bypass vulnerability. An attacker can exploit this issue to load and capture an image hosted on another website. Successful exploits may lead to further attacks. NOTE: This issue was previously covered in BID 40620 (Apple Safari Prior to 5.0 and 4.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/