VARIoT IoT vulnerabilities database
| VAR-201212-0173 | CVE-2012-5970 | Huawei E585 pocket wifi 2 device contains multiple vulnerabilities |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereference and device outage) via crafted HTTP requests, as demonstrated by unspecified vulnerability-scanning software. The Huawei E585 pocket wifi 2 device contains multiple vulnerabilities which could allow an attacker to perform administrative functions on the device. Huawei E585 is a WiFi 3G wireless routing device. The Huawei E585 device has a security vulnerability when analyzing a specific packet, such as a packet sent by a vulnerability scanner. Huawei E585 is prone to a denial-of-service vulnerability, a directory-traversal vulnerability, and a security-bypass vulnerability.
Attackers can exploit these issues to retrieve and overwrite arbitrary files, perform denial-of-service attacks, bypass certain security restrictions, and gain unauthorized access; this will aid in further attacks. Huawei E585 is a high-speed wireless network access modem produced by China Huawei (Huawei). Vulnerabilities exist in Huawei E585 devices. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Huawei E585 Management Interface Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA51596
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51596/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51596
RELEASE DATE:
2012-12-14
DISCUSS ADVISORY:
http://secunia.com/advisories/51596/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51596/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51596
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Huawei E585, which can
be exploited by malicious people to bypass certain security
restrictions, disclose potentially sensitive information, and cause a
DoS (Denial of Service).
1) An error within the web management interface when validating the
status of a logged in session can be exploited to bypass the
authentication process.
2) An error within the web management interface when processing
certain web requests can be exploited to access arbitrary files via
directory traversal sequences.
SOLUTION:
Apply updates (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198240.htm
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201212-0172 | CVE-2012-5969 | Huawei E585 pocket wifi 2 device contains multiple vulnerabilities |
CVSS V2: 4.8 CVSS V3: - Severity: MEDIUM |
Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbitrary files via a .. (dot dot) in the req_page parameter to en/sms.cgi. Huawei E585 The device contains a directory traversal vulnerability.By a third party (1) sdcard/ Request .. Huawei E585 is a WiFi 3G wireless routing device. This vulnerability cannot be exploited through the WAN side. Huawei E585 is prone to a denial-of-service vulnerability, a directory-traversal vulnerability, and a security-bypass vulnerability. Huawei E585 is a high-speed wireless network access modem produced by China Huawei (Huawei). ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Huawei E585 Management Interface Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA51596
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51596/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51596
RELEASE DATE:
2012-12-14
DISCUSS ADVISORY:
http://secunia.com/advisories/51596/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51596/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51596
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Huawei E585, which can
be exploited by malicious people to bypass certain security
restrictions, disclose potentially sensitive information, and cause a
DoS (Denial of Service).
1) An error within the web management interface when validating the
status of a logged in session can be exploited to bypass the
authentication process.
3) A NULL pointer dereference error within the web management
interface when processing certain web requests can be exploited to
cause a crash.
SOLUTION:
Apply updates (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198240.htm
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201212-0169 | CVE-2012-5966 | D-Link DSL2730U Telnet Shell Remote Command Injection Vulnerability |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The restricted telnet shell on the D-Link DSL2730U router allows remote authenticated users to bypass intended command restrictions via shell metacharacters that follow a whitelisted command. An authenticated attacker can chain unauthorized commands through authorized commands in order to bypass the command whitelisting. D-Link DSL-2730u In OS A command injection vulnerability exists. The D-Link DSL2730U is a router device. Since there is no full filtering, a similar \"echo | ls\" is submitted. Commands that bypass the restrictions and execute \"sh -c echo | ls\" in the underlying environment. D-Link DSL2730U is prone to a remote command-injection vulnerability.
Attackers can exploit this issue to execute arbitrary commands within the context of the affected device. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment
| VAR-201212-0207 | CVE-2012-4856 | IBM Power 5 Service Processor privilege escalation vulnerability |
CVSS V2: 7.9 CVSS V3: - Severity: HIGH |
The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors. IBM Server Firmware Power 5 is prone to a remote privilege-escalation vulnerability.
Attackers can exploit this issue to gain unauthorized administrative access to the affected device. This may aid in further attacks
| VAR-201212-0240 | CVE-2012-5679 | Adobe Photoshop Camera Raw Vulnerable to arbitrary code execution |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors. Adobe Photoshop Camera Raw is prone to a buffer-underflow vulnerability. Successful exploits will compromise the affected application and possibly the underlying computer. Failed exploit attempts may cause a denial-of-service condition.
Adobe Photoshop Camera Raw versions prior to 7.3 are vulnerable. Adobe Photoshop (PS) is a set of image processing and drawing software from Adobe Corporation of the United States. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Adobe Camera Raw Plug-in TIFF Image Processing Two Vulnerabilities
SECUNIA ADVISORY ID:
SA49929
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49929/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49929
RELEASE DATE:
2012-12-13
DISCUSS ADVISORY:
http://secunia.com/advisories/49929/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49929/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49929
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been discovered in Adobe Camera Raw Plug-in,
which can be exploited by malicious people to compromise a user's
system.
1) An error in the "Camera Raw.8bi" plug-in when processing a LZW
compressed TIFF image can be exploited to cause a heap-based buffer
underflow via a specially crafted LZW code within an image row
strip.
2) An integer overflow error in the "Camera Raw.8bi" plug-in when
allocating memory during TIFF image processing can be exploited to
cause a heap-based buffer overflow via specially crafted image
dimensions.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code, but requires tricking a user into opening or
previewing a malicious file.
The vulnerabilities are reported in the plug-in version 7.2 and
prior, confirmed in:
* Adobe Bridge CS6 version 5.0.0.399.
SOLUTION:
Update the plug-in to version 7.3 via the application's update
mechanism.
PROVIDED AND/OR DISCOVERED BY:
1) Francis Provencher via Secunia.
2) Dmitriy Pletnev, Secunia Research.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2012-31/
Adobe (APSB12-28):
http://www.adobe.com/support/security/bulletins/apsb12-28.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201212-0238 | CVE-2012-5677 | Adobe Flash Player and Adobe AIR Integer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player and Adobe AIR Contains an integer overflow vulnerability.An attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the loadPCMFromByteArray function in the flash.media.Sound object. When this function is called with a high number of 'samples' an integer overflow occurs during the calculation of a buffer size. This can lead to memory corruption that can result in remote code execution under the context of the current user. Failed exploit attempts will likely result in denial-of-service conditions. AIR is a technology developed for the combination of network and desktop applications, which can control cloud programs on the network without going through a browser. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:1569-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1569.html
Issue date: 2012-12-12
CVE Names: CVE-2012-5676 CVE-2012-5677 CVE-2012-5678
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes three security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. These
vulnerabilities are detailed in the Adobe Security bulletin APSB12-27,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
886200 - CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 flash-plugin: multiple code execution flaws (APSB12-27)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.258-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.258-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.258-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.258-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.258-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.258-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.258-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.258-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.258-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.258-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-5676.html
https://www.redhat.com/security/data/cve/CVE-2012-5677.html
https://www.redhat.com/security/data/cve/CVE-2012-5678.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-27.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQyGJhXlSAg2UNWIIRAk+fAKCpyAfEImLmpa5GDhDn0qVwDT1aOgCeKWVK
/I7KAaTWEKnqdTF2Qa3rwWs=
=0jAo
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player / AIR Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA51560
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51560/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51560
RELEASE DATE:
2012-12-12
DISCUSS ADVISORY:
http://secunia.com/advisories/51560/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51560/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51560
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Flash Player and
Adobe AIR, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error exists and can be exploited to cause a buffer
overflow.
2) An integer overflow error exists and can be exploited to corrupt
memory.
3) An unspecified error exists and can be exploited to corrupt
memory.
* Adobe AIR version 3.5.0.600 and earlier for Windows and Macintosh.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna, Google
Security Team
2) An anonymous person via ZDI
3) Tavis Ormandy, Google Security Team
ORIGINAL ADVISORY:
Adobe (APSB12-27):
http://www.adobe.com/support/security/bulletins/apsb12-27.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. Please review the CVE identifiers referenced below for
details.
Impact
======
A remote attacker could entice a user to open specially crafted SWF
content, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Furthermore, a remote attacker may be able to bypass access
restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310"
References
==========
[ 1 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 2 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 3 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 4 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 5 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 6 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 7 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 8 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 9 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 10 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 11 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 12 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 13 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 14 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 15 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 16 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 17 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 18 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 19 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 20 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 21 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 22 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 23 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 24 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 25 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 26 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 27 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 28 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 29 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 30 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 31 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 32 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 33 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 34 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 35 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 36 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 37 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 38 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 39 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 40 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 41 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 42 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 43 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 44 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 45 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 46 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 47 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 48 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 49 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 50 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 51 ] CVE-2012-5274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274
[ 52 ] CVE-2012-5275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275
[ 53 ] CVE-2012-5276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276
[ 54 ] CVE-2012-5277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277
[ 55 ] CVE-2012-5278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278
[ 56 ] CVE-2012-5279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279
[ 57 ] CVE-2012-5280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280
[ 58 ] CVE-2012-5676
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676
[ 59 ] CVE-2012-5677
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677
[ 60 ] CVE-2012-5678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678
[ 61 ] CVE-2013-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504
[ 62 ] CVE-2013-0630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630
[ 63 ] CVE-2013-0633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633
[ 64 ] CVE-2013-0634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634
[ 65 ] CVE-2013-0637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637
[ 66 ] CVE-2013-0638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638
[ 67 ] CVE-2013-0639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639
[ 68 ] CVE-2013-0642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642
[ 69 ] CVE-2013-0643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643
[ 70 ] CVE-2013-0644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644
[ 71 ] CVE-2013-0645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645
[ 72 ] CVE-2013-0646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646
[ 73 ] CVE-2013-0647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647
[ 74 ] CVE-2013-0648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648
[ 75 ] CVE-2013-0649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649
[ 76 ] CVE-2013-0650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650
[ 77 ] CVE-2013-1365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365
[ 78 ] CVE-2013-1366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366
[ 79 ] CVE-2013-1367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367
[ 80 ] CVE-2013-1368
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368
[ 81 ] CVE-2013-1369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369
[ 82 ] CVE-2013-1370
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370
[ 83 ] CVE-2013-1371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371
[ 84 ] CVE-2013-1372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372
[ 85 ] CVE-2013-1373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373
[ 86 ] CVE-2013-1374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374
[ 87 ] CVE-2013-1375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375
[ 88 ] CVE-2013-1378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378
[ 89 ] CVE-2013-1379
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379
[ 90 ] CVE-2013-1380
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380
[ 91 ] CVE-2013-2555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555
[ 92 ] CVE-2013-2728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728
[ 93 ] CVE-2013-3343
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343
[ 94 ] CVE-2013-3344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344
[ 95 ] CVE-2013-3345
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345
[ 96 ] CVE-2013-3347
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347
[ 97 ] CVE-2013-3361
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361
[ 98 ] CVE-2013-3362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362
[ 99 ] CVE-2013-3363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363
[ 100 ] CVE-2013-5324
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201212-0239 | CVE-2012-5678 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player and AIR are prone to a remote memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code, cause denial-of-service conditions, and potentially allowing an attacker to take control of the affected system. AIR is a technology developed for the combination of network and desktop applications, which can control cloud programs on the network without going through a browser. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
compromise a user's system. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:1569-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1569.html
Issue date: 2012-12-12
CVE Names: CVE-2012-5676 CVE-2012-5677 CVE-2012-5678
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes three security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB12-27,
listed in the References section.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
886200 - CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 flash-plugin: multiple code execution flaws (APSB12-27)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.258-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.258-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.258-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.258-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.258-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.258-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.258-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.258-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.258-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.258-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-5676.html
https://www.redhat.com/security/data/cve/CVE-2012-5677.html
https://www.redhat.com/security/data/cve/CVE-2012-5678.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-27.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQyGJhXlSAg2UNWIIRAk+fAKCpyAfEImLmpa5GDhDn0qVwDT1aOgCeKWVK
/I7KAaTWEKnqdTF2Qa3rwWs=
=0jAo
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
* Adobe AIR version 3.5.0.600 and earlier for Windows and Macintosh.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. Please review the CVE identifiers referenced below for
details.
Impact
======
A remote attacker could entice a user to open specially crafted SWF
content, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Furthermore, a remote attacker may be able to bypass access
restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310"
References
==========
[ 1 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 2 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 3 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 4 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 5 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 6 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 7 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 8 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 9 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 10 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 11 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 12 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 13 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 14 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 15 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 16 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 17 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 18 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 19 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 20 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 21 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 22 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 23 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 24 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 25 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 26 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 27 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 28 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 29 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 30 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 31 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 32 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 33 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 34 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 35 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 36 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 37 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 38 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 39 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 40 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 41 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 42 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 43 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 44 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 45 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 46 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 47 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 48 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 49 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 50 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 51 ] CVE-2012-5274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274
[ 52 ] CVE-2012-5275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275
[ 53 ] CVE-2012-5276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276
[ 54 ] CVE-2012-5277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277
[ 55 ] CVE-2012-5278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278
[ 56 ] CVE-2012-5279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279
[ 57 ] CVE-2012-5280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280
[ 58 ] CVE-2012-5676
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676
[ 59 ] CVE-2012-5677
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677
[ 60 ] CVE-2012-5678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678
[ 61 ] CVE-2013-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504
[ 62 ] CVE-2013-0630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630
[ 63 ] CVE-2013-0633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633
[ 64 ] CVE-2013-0634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634
[ 65 ] CVE-2013-0637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637
[ 66 ] CVE-2013-0638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638
[ 67 ] CVE-2013-0639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639
[ 68 ] CVE-2013-0642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642
[ 69 ] CVE-2013-0643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643
[ 70 ] CVE-2013-0644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644
[ 71 ] CVE-2013-0645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645
[ 72 ] CVE-2013-0646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646
[ 73 ] CVE-2013-0647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647
[ 74 ] CVE-2013-0648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648
[ 75 ] CVE-2013-0649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649
[ 76 ] CVE-2013-0650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650
[ 77 ] CVE-2013-1365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365
[ 78 ] CVE-2013-1366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366
[ 79 ] CVE-2013-1367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367
[ 80 ] CVE-2013-1368
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368
[ 81 ] CVE-2013-1369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369
[ 82 ] CVE-2013-1370
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370
[ 83 ] CVE-2013-1371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371
[ 84 ] CVE-2013-1372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372
[ 85 ] CVE-2013-1373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373
[ 86 ] CVE-2013-1374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374
[ 87 ] CVE-2013-1375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375
[ 88 ] CVE-2013-1378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378
[ 89 ] CVE-2013-1379
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379
[ 90 ] CVE-2013-1380
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380
[ 91 ] CVE-2013-2555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555
[ 92 ] CVE-2013-2728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728
[ 93 ] CVE-2013-3343
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343
[ 94 ] CVE-2013-3344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344
[ 95 ] CVE-2013-3345
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345
[ 96 ] CVE-2013-3347
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347
[ 97 ] CVE-2013-3361
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361
[ 98 ] CVE-2013-3362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362
[ 99 ] CVE-2013-3363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363
[ 100 ] CVE-2013-5324
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA51549
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51549/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51549
RELEASE DATE:
2012-12-12
DISCUSS ADVISORY:
http://secunia.com/advisories/51549/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51549/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51549
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
one has an unknown impact and others can be exploited by malicious
people to compromise a user's system.
For more information:
SA51560
2) A use-after-free error exists when handling visibility events.
3) A use-after-free error exists within the URL loader.
4) An error exists within the instantiation of the Chromoting client
plug-in.
5) An error exists within history navigation.
6) An integer overflow error exists within handling of PPAPI image
buffers.
7) An error exists in AAC decoding and can be exploited to corrupt
stack-based memory.
The vulnerabilities are reported in versions prior to 23.0.1271.97.
SOLUTION:
Update to version 23.0.1271.97.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
2, 3) Chamal de Silva.
4) J\xfcri Aedla, Google Chrome Security Team.
5) Michal Zalewski, Google Security Team.
6) Cris Neckar, Google Chrome Security Team.
7) pawlkt.
ORIGINAL ADVISORY:
Google:
http://googlechromereleases.blogspot.dk/2012/12/stable-channel-update.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201212-0237 | CVE-2012-5676 | Adobe Flash Player and Adobe AIR Vulnerable to buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player and Adobe AIR Contains a buffer overflow vulnerability.An attacker could execute arbitrary code. Adobe Flash Player and AIR are prone to a remote buffer-overflow vulnerability due to a failure to properly bounds check user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. AIR is a technology developed for the combination of network and desktop applications, which can control cloud programs on the network without going through a browser. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
compromise a user's system. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:1569-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1569.html
Issue date: 2012-12-12
CVE Names: CVE-2012-5676 CVE-2012-5677 CVE-2012-5678
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes three security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. These
vulnerabilities are detailed in the Adobe Security bulletin APSB12-27,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content. (CVE-2012-5676,
CVE-2012-5677, CVE-2012-5678)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.258.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
886200 - CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 flash-plugin: multiple code execution flaws (APSB12-27)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.258-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.258-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.258-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.258-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.258-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.258-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.258-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.258-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.258-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.258-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-5676.html
https://www.redhat.com/security/data/cve/CVE-2012-5677.html
https://www.redhat.com/security/data/cve/CVE-2012-5678.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-27.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQyGJhXlSAg2UNWIIRAk+fAKCpyAfEImLmpa5GDhDn0qVwDT1aOgCeKWVK
/I7KAaTWEKnqdTF2Qa3rwWs=
=0jAo
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
* Adobe AIR version 3.5.0.600 and earlier for Windows and Macintosh.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. Please review the CVE identifiers referenced below for
details.
Impact
======
A remote attacker could entice a user to open specially crafted SWF
content, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Furthermore, a remote attacker may be able to bypass access
restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310"
References
==========
[ 1 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 2 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 3 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 4 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 5 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 6 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 7 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 8 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 9 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 10 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 11 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 12 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 13 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 14 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 15 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 16 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 17 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 18 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 19 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 20 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 21 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 22 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 23 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 24 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 25 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 26 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 27 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 28 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 29 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 30 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 31 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 32 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 33 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 34 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 35 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 36 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 37 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 38 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 39 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 40 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 41 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 42 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 43 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 44 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 45 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 46 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 47 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 48 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 49 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 50 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 51 ] CVE-2012-5274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274
[ 52 ] CVE-2012-5275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275
[ 53 ] CVE-2012-5276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276
[ 54 ] CVE-2012-5277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277
[ 55 ] CVE-2012-5278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278
[ 56 ] CVE-2012-5279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279
[ 57 ] CVE-2012-5280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280
[ 58 ] CVE-2012-5676
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676
[ 59 ] CVE-2012-5677
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677
[ 60 ] CVE-2012-5678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678
[ 61 ] CVE-2013-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504
[ 62 ] CVE-2013-0630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630
[ 63 ] CVE-2013-0633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633
[ 64 ] CVE-2013-0634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634
[ 65 ] CVE-2013-0637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637
[ 66 ] CVE-2013-0638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638
[ 67 ] CVE-2013-0639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639
[ 68 ] CVE-2013-0642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642
[ 69 ] CVE-2013-0643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643
[ 70 ] CVE-2013-0644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644
[ 71 ] CVE-2013-0645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645
[ 72 ] CVE-2013-0646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646
[ 73 ] CVE-2013-0647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647
[ 74 ] CVE-2013-0648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648
[ 75 ] CVE-2013-0649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649
[ 76 ] CVE-2013-0650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650
[ 77 ] CVE-2013-1365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365
[ 78 ] CVE-2013-1366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366
[ 79 ] CVE-2013-1367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367
[ 80 ] CVE-2013-1368
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368
[ 81 ] CVE-2013-1369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369
[ 82 ] CVE-2013-1370
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370
[ 83 ] CVE-2013-1371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371
[ 84 ] CVE-2013-1372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372
[ 85 ] CVE-2013-1373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373
[ 86 ] CVE-2013-1374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374
[ 87 ] CVE-2013-1375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375
[ 88 ] CVE-2013-1378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378
[ 89 ] CVE-2013-1379
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379
[ 90 ] CVE-2013-1380
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380
[ 91 ] CVE-2013-2555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555
[ 92 ] CVE-2013-2728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728
[ 93 ] CVE-2013-3343
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343
[ 94 ] CVE-2013-3344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344
[ 95 ] CVE-2013-3345
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345
[ 96 ] CVE-2013-3347
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347
[ 97 ] CVE-2013-3361
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361
[ 98 ] CVE-2013-3362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362
[ 99 ] CVE-2013-3363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363
[ 100 ] CVE-2013-5324
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA51549
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51549/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51549
RELEASE DATE:
2012-12-12
DISCUSS ADVISORY:
http://secunia.com/advisories/51549/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51549/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51549
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
one has an unknown impact and others can be exploited by malicious
people to compromise a user's system.
For more information:
SA51560
2) A use-after-free error exists when handling visibility events.
3) A use-after-free error exists within the URL loader.
4) An error exists within the instantiation of the Chromoting client
plug-in.
5) An error exists within history navigation.
6) An integer overflow error exists within handling of PPAPI image
buffers.
7) An error exists in AAC decoding and can be exploited to corrupt
stack-based memory.
The vulnerabilities are reported in versions prior to 23.0.1271.97.
SOLUTION:
Update to version 23.0.1271.97.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
2, 3) Chamal de Silva.
4) J\xfcri Aedla, Google Chrome Security Team.
5) Michal Zalewski, Google Security Team.
6) Cris Neckar, Google Chrome Security Team.
7) pawlkt.
ORIGINAL ADVISORY:
Google:
http://googlechromereleases.blogspot.dk/2012/12/stable-channel-update.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201212-0196 | CVE-2012-4898 | Tropos wireless mesh router of Mesh OS Vulnerabilities impersonating devices |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. The Mesh network is the \"wireless mesh network\", which is a wireless multi-hop network. Mesh OS is a routing system. The Tropos wireless network router product uses insufficient entropy when generating the SSH connection key. Mesh OS is prone to an insufficient-entropy vulnerability when generating keys for SSH. This aids in other attacks
| VAR-201212-0355 | No CVE | Cisco DPC2420 Router Login Verification Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Because the WEB interface authentication type is auth-basic, an attacker can obtain router login authentication credentials through ARP poison attack. The router's WEB management and configuration interfaces have input validation issues. Validated legitimate users can inject script code and obtain sensitive information. The Cisco DPC2420 is a cable modem device. A security vulnerability exists in the Cisco DPC2420. Some ISPs allow the router configuration to be changed over the TCP 8080 port. If the remote configuration option is enabled and the port is not filtered, an attacker can download the configuration file.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and to view sensitive local files in the context of the application, which may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
##
## -> Title: DPC2420 Multiple vulnerabilities
## -> Author: Facundo M. de la Cruz (tty0)
## -> E-mail: fmdlc@code4life.com.ar
##
[0x00]> Details
Vendor : Cisco
Model : DPC2420
type : Cablemodem router. For example:
$ wget http://foobar:8080/filename.gwc -O filename.gwc
- --2012-12-08 21:24:43-- http://foobar:8080/filename.gwc
Connecting to foobar:8080... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/octet-stream Content-transfer-encoding: binary]
Saving to: “filename.gwc”
[ <=> ] 15,927 50.9K/s in 0.3s
2012-12-08 21:24:43 (50.9 KB/s) - “filename.gwc” saved [15927]
$ head -n 10 filename.gwc
CRCVALUE=4144540802;
#<<Begin of Configuration File>>
Version=1.1;
Created Date=2012/12/8;
Created Time=21:24:43;
Model Number=DPC2420;
Serial Number=234905123;
User Password=ky3gUCBmdwbaviPW5GxMZ8vdgzHjvS3wKfdF2Lhbdwq+S6qn+1fvgs54YBwl0jX2glgaQuXx27Eo3FgAz5E1N7bk9yR
7hDbzGS+y7XY4jJjY5yin5SkqAQp9GJl/sZO4t4D7TJzy2oV43flEwmdIPkyJC74zTOYZhb24ULJz3HV6ci5wn3gMPi0rSTkUc3pzHdiK
WMMAsuMrYBi5MU9yqZ1vhCfC/c2Is1xgU1Kq0Y1Wcn2LdmRFU6+7rjRuN6iisAQZRQcF/kiym5VewYRBbnRNKjMXC0fw+M9y4V7Y8S4B6
3XuEwcq3OPUSLWKaA6yPDN5e5ZNxwJJuxldirDXBg==;
[---OUTPUT OMITTED FOR SPACE REASONS---]
[0x02]> - Persistent XSS
With a valid user in the router web interface for managment and configuration, a user could insert JavaScript
code in this forms and make a XSS, for example add a parental rule called "'/><script>alert(1)</script>.
Then the attacker could get the Base64 encoded password and convert it to plain text easily.
20:58:47.879985 IP 172.16.1.242.34464 > 192.168.0.1.http: Flags [P.], seq 0:372, ack 1, win 115
0x0000: 4500 01a8 fdf4 4000 4006 ccaf ac10 01f2 E.....@.@.......
0x0010: c0a8 0001 86a0 0050 e4cf 13e5 76c7 819e .......P....v...
0x0020: 8018 0073 03c2 0000 0101 080a 055f ee19 ...s........._..
0x0030: 0000 be7e 4745 5420 2f73 6967 6e61 6c2e ...~GET./signal.
0x0040: 6173 7020 4854 5450 2f31 2e31 0d0a 486f asp.HTTP/1.1..Ho
0x0050: 7374 3a20 3139 322e 3136 382e 302e 310d st:.192.168.0.1.
0x0060: 0a55 7365 722d 4167 656e 743a 204d 6f7a .User-Agent:.Moz
0x0070: 696c 6c61 2f35 2e30 2028 5831 313b 204c illa/5.0.(X11;.L
0x0080: 696e 7578 2078 3836 5f36 343b 2072 763a inux.x86_64;.rv:
0x0090: 3136 2e30 2920 4765 636b 6f2f 3230 3130 16.0).Gecko/2010
0x00a0: 3031 3031 2046 6972 6566 6f78 2f31 362e 0101.Firefox/16.
0x00b0: 300d 0a41 6363 6570 743a 2074 6578 742f 0..Accept:.text/
0x00c0: 6874 6d6c 2c61 7070 6c69 6361 7469 6f6e html,application
0x00d0: 2f78 6874 6d6c 2b78 6d6c 2c61 7070 6c69 /xhtml+xml,appli
0x00e0: 6361 7469 6f6e 2f78 6d6c 3b71 3d30 2e39 cation/xml;q=0.9
0x00f0: 2c2a 2f2a 3b71 3d30 2e38 0d0a 4163 6365 ,*/*;q=0.8..Acce
0x0100: 7074 2d4c 616e 6775 6167 653a 2065 6e2d pt-Language:.en-
0x0110: 5553 2c65 6e3b 713d 302e 350d 0a41 6363 US,en;q=0.5..Acc
0x0120: 6570 742d 456e 636f 6469 6e67 3a20 677a ept-Encoding:.gz
0x0130: 6970 2c20 6465 666c 6174 650d 0a43 6f6e ip,.deflate..Con
0x0140: 6e65 6374 696f 6e3a 206b 6565 702d 616c nection:.keep-al
0x0150: 6976 650d 0a52 6566 6572 6572 3a20 6874 ive..Referer:.ht
0x0160: 7470 3a2f 2f31 3932 2e31 3638 2e30 2e31 tp://192.168.0.1
0x0170: 2f77 6562 7374 6172 2e68 746d 6c0d 0a41 /webstar.html..A
0x0180: 7574 686f 7269 7a61 7469 6f6e 3a20 4261 uthorization:.Ba
0x0190: 7369 6320 4f6b 4d30 626d fa38 3443 a9c0 sic.aWFtYXBhc3N3
0x01a0: 1b4e 1134 640a 054b ZAo==....
- From 0x0180 offset to the end of the packet payload the attacker could get the password
encoded with Base64 and simply convert it to plain text:
$ echo aWFtYXBhc3N3ZAo== | base64 -d
iamapassword
- ---
1355011796
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJQxAwHAAoJENeXyOFXJgeJlAIP/2xUnXQ/aW+HiwLEDIdTCLsj
SDGjsS0m2Mk27QGBRKMZ0mPpyrQu/ZnUYSFyemh2T6Dt2DKsTsr8VoeU/KL8aeKW
f+4uRYilUviyJycQ7bBcsv+12wEkVkN31mteX4FufkVvEDtSGFr2TaKvroSPRavi
dGisynfKM1OpFMdXLDjZRBnWJ5KuhMx2PAoMDSsXtap2WOqxAW4FCgiLJxuAkVjB
oKVmzmITPiwi0czV7AS588e7mNPL5z+4RmA+8I/w+iktV8T5Hicjey/m64kk2rfX
au0vW2sNF+BF2rhIFVa8YV3kOINm7fGTGLBp3eCILugTlc3ctj/y/+1xveRIb3nG
I4Okv3X0LXqBG6rr+FnElajzfkxmifH8jjUDHxUkJHvCi3JCaK2zhzs2V901b5kM
1a/1zfk3rASAnTd1tF5gnmeu4AQuiNISj/xCAlxtkdDUtL+YBiOgpza8rEwl7gkA
tvVT0kxKsQr+7SokU0rFybSz6eE+AC8u/HnhW3CJktUYpvRf4BYQdQNjBHyYoSEZ
ReSaX+1eGFCXRdyTwC0y0DfxVYZQQXWGodSafBA4bFq9ZFXi1F6hJap2PA2qUiZJ
/DZoyfq0VEqZBoICmcYelakMSbQ4hZbk/ewc7Z9dddh8z8vrKg/pksTJnZdCIFDC
Ycn0i8x1U/9cdl5WK+9e
=i5b0
-----END PGP SIGNATURE-----
| VAR-202001-0062 | CVE-2012-5340 |
SumatraPDF and MuPDF Vulnerable to integer overflow
Related entries in the VARIoT exploits database: VAR-E-201212-0052 |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file. SumatraPDF and MuPDF Contains an integer overflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Sumatra PDF and MuPDF are prone to an integer-overflow vulnerability because they fail to properly validate user-supplied input.
An attacker can exploit this issue to execute arbitrary malicious code in the context of the affected application. Failed exploit attempts will likely crash the application.
The following versions are vulnerable:
MuPDF 1.0
MuPDF for iOS 1.1
Sumatra 2.1.1. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
MuPDF "pdf_repair_obj_stm()" Signedness Vulnerability
SECUNIA ADVISORY ID:
SA51544
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51544/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51544
RELEASE DATE:
2012-12-12
DISCUSS ADVISORY:
http://secunia.com/advisories/51544/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51544/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51544
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in MuPDF, which can be exploited
by malicious people to potentially compromise a user's system.
The vulnerability is caused due to a signedness error in the
"pdf_repair_obj_stm()" function (pdf/pdf_repair.c) when processing a
stream and can be exploited to corrupt memory via a specially crafted
length number.
Successful exploitation may allow execution of arbitrary code, but
requires tricking a user into opening a malicious PDF document.
The vulnerability is confirmed in version 1.0. Prior versions may
also be affected.
SOLUTION:
Update to version 1.1.
PROVIDED AND/OR DISCOVERED BY:
beford
ORIGINAL ADVISORY:
beford:
http://www.exploit-db.com/exploits/23246/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201212-0031 | CVE-2012-4690 | Rockwell Automation Controllers Denial of service vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controller platform; and PLC-5 controller platform, when Static status is not enabled, allow remote attackers to cause a denial of service via messages that trigger modification of status bits. Rockwell Automation is a provider of industrial automation, control and information technology solutions. There is a denial of service vulnerability in Rockwell Automation Controllers. Due to errors in the processing of certain messages, an attacker can send a message to TCP and 2222 or 44818 UDP port, causing the device to fail.
Exploiting this issue allows remote attackers to trigger denial-of-service conditions. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Rockwell Automation Controllers Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA51534
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51534/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51534
RELEASE DATE:
2012-12-10
DISCUSS ADVISORY:
http://secunia.com/advisories/51534/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51534/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51534
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in some Rockwell Automation
controllers, which can be exploited by malicious people to cause a
DoS (Denial of Service).
The vulnerability is reported in the following products:
* MicroLogix 1100 controller
* MicroLogix 1200 controller
* MicroLogix 1400 controller
* MicroLogix 1500 controller
* SLC 500 controller platform
* PLC-5 controller platform
SOLUTION:
No official solution is currently available.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Matthew Luallen, CYBATI.
ORIGINAL ADVISORY:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-342-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201212-0270 | CVE-2012-4838 | IBM Flex System CMM and IMM2 Vulnerability in which important information is obtained |
CVSS V2: 1.9 CVSS V3: - Severity: LOW |
IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) allow local users to obtain sensitive information about (1) local accounts, (2) SSH private keys, (3) SSL/TLS private keys, (4) SNMPv3 communities, and (5) LDAP credentials by leveraging unspecified side effects of service or maintenance activity. (1) Local account (2) SSH Secret key (3) SSL/TLS Secret key (4) SNMPv3 community (5) LDAP Authentication. IBM Flex System is prone to an information-disclosure vulnerability.
Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.
The following products are vulnerable:
IBM Flex System CMM version 1.00.0
IBM Flex System CMM version 1.20.2
IBM Flex System IMM2 version 1.34
IBM Flex System IMM2 version 1.45
IBM Flex System IMM2 version 1.60
| VAR-201301-0033 | CVE-2012-4689 | GE Proficy HMI/SCADA CIMPLICITY Denial of service vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request. GE Proficy HMI/SCADA-CIMPLICITY is software for monitoring and controlling scada devices. There are security vulnerabilities in GE Proficy HMI/SCADA-CIMPLICITY 4.01 and other versions. An attacker could exploit this vulnerability to compromise an affected application and deny service to legitimate users. GE Proficy HMI/SCADA-CIMPLICITY is prone to a remote denial-of-service vulnerability. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Proficy HMI/SCADA - CIMPLICITY Web Server Integer Overflow
Vulnerability
SECUNIA ADVISORY ID:
SA51789
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51789/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51789
RELEASE DATE:
2013-01-09
DISCUSS ADVISORY:
http://secunia.com/advisories/51789/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51789/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51789
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Proficy HMI/SCADA - CIMPLICITY,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
The vulnerability is caused due to an integer overflow error within
the web server (CimWebServer.exe) when handling certain HTTP data and
can be exploited to crash the web server.
The vulnerability is reported in versions 8.0 and later.
SOLUTION:
Apply patches (please see vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Kuang-Chun Hung, Information and Communication
Security Technology Center.
ORIGINAL ADVISORY:
GE:
http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15153
ICS-CERT (ICSA-12-341-01):
http://www.us-cert.gov/control_systems/pdf/ICSA-12-341-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201212-0017 | CVE-2012-3273 | HP LaserJet Pro and LaserJet Vulnerability in which important information is obtained |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via unknown vectors. The HP LaserJet Pro 400 is a laser printer device. A security hole exists in the HP LaserJet Pro 400 multifunction printer. Allow remote attackers to exploit the vulnerability for unauthorized access. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03464042
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03464042
Version: 1
HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers,
Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2012-12-03
Last Updated: 2012-12-03
Potential Security Impact: Remote unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with certain HP
LaserJet Pro 400 Multifunction Printers (MFP).
References: CVE-2012-3273
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
To obtain the updated firmware for an impacted HP LaserJet Pro 400 goto
www.hp.com and follow the steps below:
Select 'Support and Drivers'
select 'Drivers & Software'
Enter the device which needs an updated firmware.
Choose an operating system
Choose the firmware and download it.
HISTORY
Version:1 (rev.1) - 3 December 2012 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated
periodically, is contained in HP Security Notice HPSN-2011-001:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlC89/oACgkQ4B86/C0qfVlRRwCgtAiGuPbirAJQ9R0LUoegiXsU
Wk0AnRgUhgcRr+LlgOJSNbNUPvGS1sZx
=mjCg
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
HP LaserJet Pro 400 Printers Unspecified Information Disclosure
Vulnerability
SECUNIA ADVISORY ID:
SA51507
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51507/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51507
RELEASE DATE:
2012-12-06
DISCUSS ADVISORY:
http://secunia.com/advisories/51507/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51507/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51507
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in HP LaserJet Pro 400 Printers,
which can be exploited by malicious people to disclose potentially
sensitive information.
The vulnerability is caused due to an unspecified error. No further
information is currently available.
Please see the vendor's advisory for the list of affected devices.
SOLUTION:
Apply firmware updates.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBPI02807 SSRT100928:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03464042
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201212-0181 | CVE-2012-6067 | freeFTPd freeFTPd.exe authentication bypass vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. FreeFTPd is a free FTP+SSL/SFTP server based on WeOnlyDo FTP/SFTP. There is a vulnerability in freeFTPd.exe in freeFTPd versions prior to 1.0.11
| VAR-201303-0298 | CVE-2013-1627 |
Indusoft Studio and Advantech Studio Vulnerable to absolute path traversal
Related entries in the VARIoT exploits database: VAR-E-201212-0521 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function. Advantech Studio (AStudio) is an automated software tool that contains all the basic components for data acquisition and control. Advantech Studio has a directory traversal vulnerability. Advantech Studio and Indusoft Web Studio are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Versions Advantech Studio/Indusoft Web Studio 7.0 and prior are vulnerable. The tool supports real-time dynamic graphic images, uses a browser to view trends, alarms, reports, imports or exports reports and real-time data in XML format, etc
| VAR-201212-0016 | CVE-2012-3272 | HP Color LaserJet and LaserJet Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. There are security holes in HP laser printers and color laser printers from multiple Hewlett-Packard companies. Allows an attacker to exploit a vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. Multiple HP printers are prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03556108
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03556108
Version: 1
HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site
Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2012-12-03
Last Updated: 2012-12-03
Potential Security Impact: Cross-site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP
LaserJet and Color LaserJet printers.
References: CVE-2012-3272
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. To obtain the firmware, go
to http://www.hp.com and follow these steps.
Click on Support and Drivers
Use the Drivers & Software tab and enter the impacted product number and
search for that product
Select the product
Select the operating system
Select and download the Firmware version listed, or a later version, if
available
Product Number
Firmware Version
HP Color LaserJet CM3530
Update to version 53.190.9
21 Aug 2012 or later
HP Color LaserJet CM6030
Update to version 52.210.9
21 Aug 2012 or later
HP Color LaserJet CM6040
Update to version 52.210.9
21 Aug 2012 or later
HP Color LaserJet CP3525
Update to version 06.140.3 18
18 Jul 2012 or later
HP Color LaserJet CP4025
Update to version 07.120.6
21 Aug 2012 or later
HP Color LaserJet CP4525
Update to version 07.120.6
21 Aug 2012 or later
HP Color LaserJet CP6015
Update to version 04.160.3
18 Jul 2012 or later
HP LaserJet P3015
Update to version 07.140.3
18 Jul 2012 or later
HP LaserJet P4014
Update to version 04.170.3
18 Jul 2012 or later
HP LaserJet P4015
Update to version 04.170.3
18 Jul 2012 or later
HP LaserJet P4515
Update to version 04.170.3
18 Jul 2012 or later
HISTORY
Version:1 (rev.1) - 3 December 2012 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated
periodically, is contained in HP Security Notice HPSN-2011-001:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlC89IUACgkQ4B86/C0qfVkLXQCg96zP/umFE7UxvpCjaVZCejRs
gM8AoPyEVtyJEIoWEQqsugnrkljoki3u
=FDjD
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Certain unspecified input is not properly sanitised before being
returned to the user.
Please see the vendor's advisory for the list of affected devices.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Dominic Sim, KPMG.
ORIGINAL ADVISORY:
HPSBPI02828 SSRT100778:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201212-0180 | CVE-2012-6066 | freeSSHd freeSSHd.exe authentication bypass vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. There is a vulnerability in freeSSHd.exe in freeSSHd 1.2.6. freeSSHd is a free SSH server on the Windows platform. There are vulnerabilities in freeSSHd 2.1.3, and other versions may be affected
| VAR-201212-0396 | No CVE | FreeFTPD 'SFTP' Authentication Bypass Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
FreeFTPd is a free FTP+SSL/SFTP server based on WeOnlyDo FTP/SFTP. An authentication bypass vulnerability exists in FreeFTPD. A remote attacker exploited the vulnerability to bypass the authentication mechanism and gain unauthorized access. There are vulnerabilities in the FreeFTPD 1.0.11 release, and other versions may be affected. FreeFTPD is prone to an authentication-bypass vulnerability