VARIoT IoT vulnerabilities database

Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors. Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. HP Integrated Lights-Out (iLO) is an embedded server management technology of Hewlett-Packard (HP), which uses an integrated remote management port to monitor and maintain the operating status of the server, and remotely manage and control the server. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: HP Integrated Lights-Out Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA51378 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51378/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51378 RELEASE DATE: 2012-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/51378/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51378/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51378 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Integrated Lights-Out, which can be exploited by malicious people to disclose certain sensitive information. The vulnerability is caused due to an unspecified error and can be exploited to gain administrative access to the application. No further information is currently available. SOLUTION: Update to a fixed version. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBHF02821 SSRT100934: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515413 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03515413 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03515413 Version: 1 HPSBHF02821 SSRT100934 rev.1 - HP Integrated Lights-Out iLO3 and iLO4, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-11-19 Last Updated: 2012-11-19 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4. The vulnerability could be remotely exploited resulting in a disclosure of information. References: CVE-2012-3271 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-3271 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following Firmware updates available to resolve the vulnerabilities. The latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport HP Integrated Lights-Out 3 (iLO3) Online ROM Flash Component for Linux and Windows v1.50 or subsequent. HP Integrated Lights-Out 4 (iLO4) Online ROM Flash Component for Linux and Windows v1.13 or subsequent. HISTORY Version:1 (rev.1) - 19 November 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlCqm/gACgkQ4B86/C0qfVkJfwCcDX+1OfvkJrcTUbXvjSP2znG3 esMAoJ/q9V+3JRyAhb5MfCMaV3EUAd9T =TRt9 -----END PGP SIGNATURE-----

Hitachi JP1 / Automatic Job Management System is a job management system solution. There is an unknown security vulnerability in Hitachi JP1 / Automatic Job Management System software. Allowing attackers to exploit vulnerabilities for denial of service attacks makes the system unstable. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Hitachi JP1/Automatic Job Management System Denial of Service Vulnerability SECUNIA ADVISORY ID: SA51322 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51322/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51322 RELEASE DATE: 2012-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/51322/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51322/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51322 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in JP1/Automatic Job Management System, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error. No further information is currently available. Please see the vendor's advisory for information on affected versions. SOLUTION: Apply patches. Please see the vendor's advisory for more details PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (HS12-026): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-026/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Hitachi Device Manager is a set of mobile device management software from Hitachi, Japan. The software can manage multiple Hitachi storage systems through a single console and provides logical view capabilities to align storage assets with business applications. A denial of service vulnerability exists in Hitachi Device Manager. An attacker could use this vulnerability to consume a large amount of CPU resources and cause a denial of service. The following versions are affected: Hitachi Device Manager 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.6.0. Successful exploits will cause the application to become unresponsive, resulting in a denial-of-service condition

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP NetWeaver has a security vulnerability. The SAP NetWeaver application has a cross-site request forgery vulnerability that allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious operations in the target user context. There is a security hole in SAP NetWeaver, and the Mobile RFID application lacks sufficient filtering for some of the inputs, which can lead to cross-site scripting attacks. SAP Netweaver is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, add, delete or modify sensitive information, or perform unauthorized actions. Other attacks are also possible. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: SAP NetWeaver Cross-Site Scripting and Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA51248 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51248/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51248 RELEASE DATE: 2012-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/51248/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51248/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51248 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: ERPScan has reported two vulnerabilities in SAP NetWeaver, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. 1) Certain unspecified input is not properly sanitised within the Mobile RFID application before being returned to the user. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions if a logged-in user visits a malicious web site. The vulnerability is reported in version 7.x. Other versions may also be affected. SOLUTION: Reportedly fixes have been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: 1) Alexander Polyakov, ERPScan 2) Alexey Tyurin, ERPScan ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1669031 https://service.sap.com/sap/support/notes/1728500 ERPScan (DSECRG-12-041, DSECRG-12-042): http://erpscan.com/advisories/dsecrg-12-041-sap-netweaver-mobile-xss/ http://erpscan.com/advisories/dsecrg-12-042-sap-netweaver-soap-rfc-csrf/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Dell OpenManage Server Administrator (OMSA) is a system management solution of Dell (Dell). The solution supports online diagnosis, system operation detection, equipment management, etc. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Dell OpenManage Server Administrator Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA51297 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51297/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51297 RELEASE DATE: 2012-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/51297/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51297/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51297 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Dell OpenManage Server Administrator, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: Update to a fixed version. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor and David Ferrest via US-CERT. ORIGINAL ADVISORY: US-CERT: http://www.kb.cert.org/vuls/id/558132 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. Huawei networking equipment use a DES encryption algorithm for password and encryption. DES is publicly known to be easily cracked. plural Huawei The product uses the stored password DES Because of the use of the algorithm, a vulnerability exists in which a plaintext password is obtained.Brute force attack by attacker (Brute force attack) You may be able to get a plaintext password via. Huawei is the world's leading provider of information and communication solutions. Huawei Quidway is a series of switches developed by Huawei. The Huawei CX600 is based on Huawei's mature VRP platform and has powerful routing, L2/L3 multicast, 5-level H-QoS, packet buffering, and ACL capabilities. Multiple Huawei products are prone to a weak password encryption weakness. Successful exploits may allow an attacker to decrypt stored passwords; this may aid in further attacks. The following are vulnerable: Huawei Quidway series Huawei CX600 V600R001 Huawei CX600 V600R003C00SPC900 Huawei ME60 V600R002C07 and prior versions AR 19/29/49 R2207 and prior versions. Weak password encryption on Huawei products =========================================== [ADVISORY INFORMATION] Title: Weak password encryption on Huawei products Release date: 13/11/2012 Credits: Roberto Paleari, Emaze Networks (roberto.paleari@emaze.net) Ivan Speziale, Emaze Networks (ivan.speziale@emaze.net) [VULNERABILITY INFORMATION] Class: Information disclosure [AFFECTED PRODUCTS] We confirm the presence of this security vulnerability on the following products: * Huawei Quidway series * Huawei CX600 Other models are probably also vulnerable, but they were not checked. As a consequence, passwords extracted from a victim's device can be deciphered instantaneously. A Python procedure that decodes a given password is included below. Upon termination, procedure decrypt_password() returns the clear-text password. <cut> from Crypto.Cipher import DES def decode_char(c): if c == 'a': r = '?' else: r = c return ord(r) - ord('!') def ascii_to_binary(s): assert len(s) == 24 out = [0]*18 i = 0 j = 0 for i in range(0, len(s), 4): y = decode_char(s[i + 0]) y = (y << 6) & 0xffffff k = decode_char(s[i + 1]) y = (y | k) & 0xffffff y = (y << 6) & 0xffffff k = decode_char(s[i + 2]) y = (y | k) & 0xffffff y = (y << 6) & 0xffffff k = decode_char(s[i + 3]) y = (y | k) & 0xffffff out[j+2] = chr(y & 0xff) out[j+1] = chr((y>>8) & 0xff) out[j+0] = chr((y>>16) & 0xff) j += 3 return "".join(out) def decrypt_password(p): r = ascii_to_binary(p) r = r[:16] d = DES.new("\x01\x02\x03\x04\x05\x06\x07\x08", DES.MODE_ECB) r = d.decrypt(r) return r.rstrip("\x00") </cut> [REMEDIATION] We recommend to store passwords using a proper hashing algorithm, instead of leveraging symmetric encryption. Further details are available at the following URL: http://support.huawei.com/enterprise/ReadLatestNewsAction.action?contentId=NEWS1000001141 [COPYRIGHT] Copyright(c) Emaze Networks S.p.A 2012, All rights reserved worldwide. Permission is hereby granted to redistribute this advisory, providing that no changes are made and that the copyright notices and disclaimers remain intact. [DISCLAIMER] Emaze Networks S.p.A is not responsible for the misuse of the information provided in our security advisories. These advisories are a service to the professional security community. There are NO WARRANTIES with regard to this information. Any application or distribution of this information constitutes acceptance AS IS, at the user's own risk. This information is subject to change without notice

quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal. quagga (ospf6d) Contains a vulnerability with reachable assertions.Service operation interruption (DoS) There is a possibility of being put into a state. Quagga is a routing software suite that implements multiple routing protocols on Unix platforms. A remote denial of service vulnerability exists in Quagga that affects the open shortest path priority of the IPv6 daemon (&lsquo;ospf6d&rsquo;). A remote attacker could exploit the vulnerability to cause the daemon to crash and refuse to further serve legitimate users. There are vulnerabilities in Quagga 0.99.21 and other versions may be affected

Huawei Technologies Co., Ltd. is a private technology company headquartered in Shenzhen, Guangdong Province, China. It is a private technology company that manufactures and sells telecom equipment. It was founded in 1987 by Ren Zhengfei in Shenzhen, China. It is the world's largest provider of telecommunications network solutions. Two major telecommunications base station equipment suppliers. A local information disclosure vulnerability exists in multiple Huawei products. Local vulnerabilities can exploit this vulnerability to obtain sensitive information. Information obtained may aid in further attacks

SAP NetWeaver is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability.". Microsoft IIS is prone to an information-disclosure vulnerability. An attacker can exploit this vulnerability to obtain sensitive information that may lead to further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA12-318A Microsoft Updates for Multiple Vulnerabilities Original release date: November 13, 2012 Last revised: -- Systems Affected * Microsoft Windows * Microsoft Office * Microsoft .NET Framework * Internet Explorer Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for November 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution Apply Updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. References * Microsoft Security Bulletin Summary for November 2012 <http://technet.microsoft.com/en-us/security/bulletin/ms12-nov> * Microsoft Windows Server Update Services <http://technet.microsoft.com/en-us/wsus/default.aspx> * Microsoft Update <http://www.update.microsoft.com/> * Microsoft Update Overview <http://www.microsoft.com/security/updates/mu.aspx> * Turn Automatic Updating On or Off <http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off> Revision History November 13, 2012: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA12-318A Feedback VU#970852" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html Privacy & Use policy: http://www.us-cert.gov/privacy/ This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-318A.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBUKKbnXdnhE8Qi3ZhAQLN4gf+KyOiTaktnc1wbWdbBogH12NJbOR5Y7PR DRpdn+3Iqyua02oxy2bXy3C/uV1xz2FlRylXS7PRNdka8RboUUOP3jY4DADR2UW/ GCtxskzWydk+w8OT8OvGiwD5TPaUXb/OawDEN5HW2R/Q+vZAcnGvOeuWbvCjM1hB tPUsQLM8QEXQ0oIPelTVBGlBKAXaYdkekTJcpx5sJC1qUn+976hFsajHugBOk06U lEhvTK7eiMpQOeQ0RYeMd8V4cP6h+WYTjxzruckfP4HwMeJARuq6UnTDzZ8mKYws sqs4xqaTr+8eOnoM7G1/7MMDhS2epvbbt7J/MXFp6tc0nVaLnskIQA== =/QVO -----END PGP SIGNATURE-----

Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability.". Microsoft IIS is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary commands with the privileges of the application; this may disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA12-318A Microsoft Updates for Multiple Vulnerabilities Original release date: November 13, 2012 Last revised: -- Systems Affected * Microsoft Windows * Microsoft Office * Microsoft .NET Framework * Internet Explorer Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for November 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution Apply Updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. References * Microsoft Security Bulletin Summary for November 2012 <http://technet.microsoft.com/en-us/security/bulletin/ms12-nov> * Microsoft Windows Server Update Services <http://technet.microsoft.com/en-us/wsus/default.aspx> * Microsoft Update <http://www.update.microsoft.com/> * Microsoft Update Overview <http://www.microsoft.com/security/updates/mu.aspx> * Turn Automatic Updating On or Off <http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off> Revision History November 13, 2012: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA12-318A Feedback VU#970852" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html Privacy & Use policy: http://www.us-cert.gov/privacy/ This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-318A.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBUKKbnXdnhE8Qi3ZhAQLN4gf+KyOiTaktnc1wbWdbBogH12NJbOR5Y7PR DRpdn+3Iqyua02oxy2bXy3C/uV1xz2FlRylXS7PRNdka8RboUUOP3jY4DADR2UW/ GCtxskzWydk+w8OT8OvGiwD5TPaUXb/OawDEN5HW2R/Q+vZAcnGvOeuWbvCjM1hB tPUsQLM8QEXQ0oIPelTVBGlBKAXaYdkekTJcpx5sJC1qUn+976hFsajHugBOk06U lEhvTK7eiMpQOeQ0RYeMd8V4cP6h+WYTjxzruckfP4HwMeJARuq6UnTDzZ8mKYws sqs4xqaTr+8eOnoM7G1/7MMDhS2epvbbt7J/MXFp6tc0nVaLnskIQA== =/QVO -----END PGP SIGNATURE-----

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. CUPS (Common UNIX Printing System) is prone to a local privilege-escalation vulnerability. A local attacker can potentially exploit this issue to execute arbitrary commands with root privileges. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. There is a vulnerability in CUPS version 1.4.4 running on some Linux distributions, such as Debian GNU/Linux. The vulnerability is caused by storing the network interface administrator primary key under /var/run/cups/certs/0 with certain permissions. This update splits the configuration file /etc/cups/cupsd.conf into two files: cupsd.conf and cups-files.conf. While the first stays configurable via the web interface, the latter can only be configured by the root user. Please see the updated documentation that comes with the new package for more information on these files. For the stable distribution (squeeze), this problem has been fixed in version 1.4.4-7+squeeze2. For the testing distribution (wheezy), this problem has been fixed in version 1.5.3-2.7. For the unstable distribution (sid), this problem has been fixed in version 1.5.3-2.7. We recommend that you upgrade your cups packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201404-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: CUPS: Arbitrary file read/write Date: April 07, 2014 Bugs: #442926 ID: 201404-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in CUPS may allow for arbitrary file access. Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.6.2-r5" References ========== [ 1 ] CVE-2012-5519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5519 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201404-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002 OS X Mountain Lion v10.8.4 and Security Update 2013-002 is now available and addresses the following: CFNetwork Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: An attacker with access to a user's session may be able to log into previously accessed sites, even if Private Browsing was used Description: Permanent cookies were saved after quitting Safari, even when Private Browsing was enabled. This issue was addressed by improved handling of cookies. CVE-ID CVE-2013-0982 : Alexander Traud of www.traud.de CoreAnimation Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: Visiting a maliciously crafted site may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of text glyphs. This could be triggered by maliciously crafted URLs in Safari. The issue was addressed through improved bounds checking. CVE-ID CVE-2013-0983 : David Fifield of Stanford University, Ben Syverson CoreMedia Playback Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of text tracks. This issue was addressed by additional validation of text tracks. CVE-ID CVE-2012-5519 Directory Service Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: A remote attacker may execute arbitrary code with system privileges on systems with Directory Service enabled Description: An issue existed in the directory server's handling of messages from the network. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion or OS X Mountain Lion systems. CVE-ID CVE-2013-0984 : Nicolas Economou of Core Security Disk Management Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: A local user may disable FileVault Description: A local user who is not an administrator may disable FileVault using the command-line. This issue was addressed by adding additional authentication. CVE-ID CVE-2013-0985 OpenSSL Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: An attacker may be able to decrypt data protected by SSL Description: There were known attacks on the confidentiality of TLS 1.0 when compression was enabled. This issue was addressed by disabling compression in OpenSSL. CVE-ID CVE-2012-4929 : Juliano Rizzo and Thai Duong OpenSSL Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: Multiple vulnerabilities in OpenSSL Description: OpenSSL was updated to version 0.9.8x to address multiple vulnerabilities, which may lead to denial of service or disclosure of a private key. Further information is available via the OpenSSL website at http://www.openssl.org/news/ CVE-ID CVE-2011-1945 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0050 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333 QuickDraw Manager Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2 Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PICT images. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0975 : Tobias Klein working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'enof' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0986 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: Viewing a maliciously crafted QTIF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of QTIF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0987 : roob working with iDefense VCP QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: Viewing a maliciously crafted FPX file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of FPX files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0988 : G. Geshev working with HP's Zero Day Initiative QuickTime Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: Playing a maliciously crafted MP3 file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of MP3 files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0989 : G. Geshev working with HP's Zero Day Initiative Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: Multiple vulnerabilities in Ruby on Rails Description: Multiple vulnerabilities existed in Ruby on Rails, the most serious of which may lead to arbitrary code execution on systems running Ruby on Rails applications. These issues were addressed by updating Ruby on Rails to version 2.3.18. This issue may affect OS X Lion or OS X Mountain Lion systems that were upgraded from Mac OS X 10.6.8 or earlier. Users can update affected gems on such systems by using the /usr/bin/gem utility. CVE-ID CVE-2013-0155 CVE-2013-0276 CVE-2013-0277 CVE-2013-0333 CVE-2013-1854 CVE-2013-1855 CVE-2013-1856 CVE-2013-1857 SMB Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: An authenticated user may be able to write files outside the shared directory Description: If SMB file sharing is enabled, an authenticated user may be able to write files outside the shared directory. This issue was addressed through improved access control. CVE-ID CVE-2013-0990 : Ward van Wanrooij Note: Starting with OS X 10.8.4, Java Web Start (i.e. JNLP) applications downloaded from the Internet need to be signed with a Developer ID certificate. Gatekeeper will check downloaded Java Web Start applications for a signature and block such applications from launching if they are not properly signed. Note: OS X Mountain Lion v10.8.4 includes the content of Safari 6.0.5. For further details see "About the security content of Safari 6.0.5" at http://http//support.apple.com/kb/HT5785 OS X Mountain Lion v10.8.4 and Security Update 2013-002 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.4, or Security Update 2013-002. For OS X Mountain Lion v10.8.3 The download file is named: OSXUpd10.8.4.dmg Its SHA-1 digest is: 9cf99aa1293cefdac0fb9a24ea133c80f8237b5e For OS X Mountain Lion v10.8 and v10.8.2 The download file is named: OSXUpdCombo10.8.4.dmg Its SHA-1 digest is: 3c95d0c8d0c7f43339a5f4e137e386dd5fe409c3 For OS X Lion v10.7.5 The download file is named: SecUpd2013-002.dmg Its SHA-1 digest is: cfc3bd0941d7c5838aee9e92ee087d78abff3ce7 For OS X Lion Server v10.7.5 The download file is named: SecUpdSrvr2013-002.dmg Its SHA-1 digest is: 34dff575a145e13404e7a2ee8a390d3e7c56fb5e For Mac OS X v10.6.8 The download file is named: SecUpd2013-002.dmg Its SHA-1 digest is: 5da54b38ffb8c147925c3018a8f5bf30ad4ac5b1 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2013-002.dmg Its SHA-1 digest is: b20271f019930fe894c2247a6d5e05f00568b583 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJRrjkiAAoJEPefwLHPlZEwW+AP/0x/cHS3VPY0/a98Xpmdfkdb eo9Ns5FKw6mIkUftrN6qwNAgFXWqQXNIbJ3q8ZnoxcFPakhYyPSp4XowpR79l7kG B2ZrdTx9aIn2bfHZ+h4cE8XnVL8qUDz2RxFopOGbb+wpJxl8/fehDmWokC5wCeF5 N7mnwW2s37QL73BmAMRdi6CYcJCKwhZWGFWmqiNvpFlUP+kcjU/UM1MAzOu0xsiA PD6NrWeUOWfFrcQgx/pspWGvrFyV4FLu+0wQBl9f/DiQNrwVXIr85rHtah+b1NCU pteSxQwb4kRojXdPm4+I3LKoghzGR8xD6+Xl6KdYgReSW89Di4bKM3WpbRLqhRuq 8kv38Gk3/vZDfAnuNQX09dE6EgJ0DVu86SoRQZ1iYRQoLrizVsOvyVQUojZhT47t 6l44L/5cNJd7EcaC8hdmr44cCZdMPDEqoKzn2BavH62WYXbZMPlHBDo/H2ujUUec i7XU7LA1Upw57X4wmIUU4QrlBhNBh39yRKh3katAklayFBjOMEyyL57gURvd6O77 gFOQpUQ6kgqwgQCrtNT6R96igfyu7cVxYW7XchZDHgA3n/YWOAVvXkVeeQ5OUGzC O0UYLMBpPka31yfWP23QaXpV+LW462raI6LnMvRP1245RhokTTThZw6/9xochK2V +VoeoamqaQqZGyOiObbU =vG2v -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-1654-1 December 05, 2012 cups, cupsys vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: CUPS could be made to read files or run programs as an administrator. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: cups 1.6.1-0ubuntu11.3 Ubuntu 12.04 LTS: cups 1.5.3-0ubuntu5.1 Ubuntu 11.10: cups 1.5.0-8ubuntu7.3 Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.9 Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.16 In general, a standard system update will make all the necessary changes. In certain customized environments, these settings may need to be manually moved to this new file. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security update Advisory ID: RHSA-2013:0580-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0580.html Issue date: 2013-02-28 CVE Names: CVE-2012-5519 ===================================================================== 1. Summary: Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. It was discovered that CUPS administrative users (members of the SystemGroups groups) who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. (CVE-2012-5519) After installing this update, the ability to change certain CUPS configuration directives remotely will be disabled by default. The newly introduced ConfigurationChangeRestriction directive can be used to enable the changing of the restricted directives remotely. Refer to Red Hat Bugzilla bug 875898 for more details and the list of restricted directives. All users of cups are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the cupsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 875898 - CVE-2012-5519 cups: privilege escalation for users of the CUPS SystemGroup group 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.3.7-30.el5_9.3.src.rpm i386: cups-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-lpd-1.3.7-30.el5_9.3.i386.rpm x86_64: cups-1.3.7-30.el5_9.3.x86_64.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.x86_64.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.x86_64.rpm cups-lpd-1.3.7-30.el5_9.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.3.7-30.el5_9.3.src.rpm i386: cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-devel-1.3.7-30.el5_9.3.i386.rpm x86_64: cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.x86_64.rpm cups-devel-1.3.7-30.el5_9.3.i386.rpm cups-devel-1.3.7-30.el5_9.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cups-1.3.7-30.el5_9.3.src.rpm i386: cups-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-devel-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-lpd-1.3.7-30.el5_9.3.i386.rpm ia64: cups-1.3.7-30.el5_9.3.ia64.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.ia64.rpm cups-devel-1.3.7-30.el5_9.3.ia64.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.ia64.rpm cups-lpd-1.3.7-30.el5_9.3.ia64.rpm ppc: cups-1.3.7-30.el5_9.3.ppc.rpm cups-debuginfo-1.3.7-30.el5_9.3.ppc.rpm cups-debuginfo-1.3.7-30.el5_9.3.ppc64.rpm cups-devel-1.3.7-30.el5_9.3.ppc.rpm cups-devel-1.3.7-30.el5_9.3.ppc64.rpm cups-libs-1.3.7-30.el5_9.3.ppc.rpm cups-libs-1.3.7-30.el5_9.3.ppc64.rpm cups-lpd-1.3.7-30.el5_9.3.ppc.rpm s390x: cups-1.3.7-30.el5_9.3.s390x.rpm cups-debuginfo-1.3.7-30.el5_9.3.s390.rpm cups-debuginfo-1.3.7-30.el5_9.3.s390x.rpm cups-devel-1.3.7-30.el5_9.3.s390.rpm cups-devel-1.3.7-30.el5_9.3.s390x.rpm cups-libs-1.3.7-30.el5_9.3.s390.rpm cups-libs-1.3.7-30.el5_9.3.s390x.rpm cups-lpd-1.3.7-30.el5_9.3.s390x.rpm x86_64: cups-1.3.7-30.el5_9.3.x86_64.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.x86_64.rpm cups-devel-1.3.7-30.el5_9.3.i386.rpm cups-devel-1.3.7-30.el5_9.3.x86_64.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.x86_64.rpm cups-lpd-1.3.7-30.el5_9.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-lpd-1.4.2-50.el6_4.4.i686.rpm x86_64: cups-1.4.2-50.el6_4.4.x86_64.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.x86_64.rpm cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-php-1.4.2-50.el6_4.4.i686.rpm x86_64: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.x86_64.rpm cups-php-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm x86_64: cups-1.4.2-50.el6_4.4.x86_64.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.x86_64.rpm cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm x86_64: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.x86_64.rpm cups-php-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-lpd-1.4.2-50.el6_4.4.i686.rpm ppc64: cups-1.4.2-50.el6_4.4.ppc64.rpm cups-debuginfo-1.4.2-50.el6_4.4.ppc.rpm cups-debuginfo-1.4.2-50.el6_4.4.ppc64.rpm cups-devel-1.4.2-50.el6_4.4.ppc.rpm cups-devel-1.4.2-50.el6_4.4.ppc64.rpm cups-libs-1.4.2-50.el6_4.4.ppc.rpm cups-libs-1.4.2-50.el6_4.4.ppc64.rpm cups-lpd-1.4.2-50.el6_4.4.ppc64.rpm s390x: cups-1.4.2-50.el6_4.4.s390x.rpm cups-debuginfo-1.4.2-50.el6_4.4.s390.rpm cups-debuginfo-1.4.2-50.el6_4.4.s390x.rpm cups-devel-1.4.2-50.el6_4.4.s390.rpm cups-devel-1.4.2-50.el6_4.4.s390x.rpm cups-libs-1.4.2-50.el6_4.4.s390.rpm cups-libs-1.4.2-50.el6_4.4.s390x.rpm cups-lpd-1.4.2-50.el6_4.4.s390x.rpm x86_64: cups-1.4.2-50.el6_4.4.x86_64.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.x86_64.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.x86_64.rpm cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-php-1.4.2-50.el6_4.4.i686.rpm ppc64: cups-debuginfo-1.4.2-50.el6_4.4.ppc64.rpm cups-php-1.4.2-50.el6_4.4.ppc64.rpm s390x: cups-debuginfo-1.4.2-50.el6_4.4.s390x.rpm cups-php-1.4.2-50.el6_4.4.s390x.rpm x86_64: cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-php-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-lpd-1.4.2-50.el6_4.4.i686.rpm x86_64: cups-1.4.2-50.el6_4.4.x86_64.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.x86_64.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.x86_64.rpm cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-php-1.4.2-50.el6_4.4.i686.rpm x86_64: cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-php-1.4.2-50.el6_4.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5519.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRL6vPXlSAg2UNWIIRAgfRAJ45P5PpTxCh/Af2ihj7wuSv7ACeBQCfcg2V +0Zi945sHm5HZZBwd0qo6UM= =EmrA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security

Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634. This issue is being tracked by Cisco Bug ID CSCuc65634. The server provides a comprehensive identity-based access control solution for the Cisco Intelligent Information Network. When using certain configurations including TACACS+ and LDAP, passwords were not properly validated. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco Secure Access Control System Security Bypass Vulnerability SECUNIA ADVISORY ID: SA51194 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51194/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51194 RELEASE DATE: 2012-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/51194/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51194/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51194 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Secure ACS, which can be exploited by malicious people to bypass security restrictions. The vulnerability is caused due to an error when validating a password when used via the TACACS+ authentication protocol and can be exploited to gain access without authentication. Successful exploitation requires that LDAP is configured as an external identity store and knowledge of a valid username. The vulnerability is reported in versions 5.0 through 5.3. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack element in a QuickTime TeXML file. These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista, and XP. This BID is being retired. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51226 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51226/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 RELEASE DATE: 2012-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/51226/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51226/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when processing a PICT file can be exploited to cause a buffer overflow. 2) An error when processing a PICT file can be exploited to corrupt memory. 3) A use-after-free error exists in the plugin when handling "_qtactivex_" parameters within an HTML object. 5) Some errors when processing TeXML files can be exploited to cause a buffer overflows. 6) A boundary error when handling certain MIME types within a plugin can be exploited to cause a buffer overflow. 7) A use-after-free error exists in the ActiveX control when handling "Clear()" method. 8) A boundary error when processing a Targa file can be exploited to cause a buffer overflow. 9) A boundary error when processing the "rnet" box within MP4 files can be exploited to cause a buffer overflow. The vulnerabilities are reported in versions prior to 7.7.3. SOLUTION: Update to version 7.7.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Mark Yason, IBM X-Force 2) Jeremy Brown, Microsoft and Microsoft Vulnerability Research (MSVR) 3, 7) chkr_d591 via iDefense VCP 4) Alexander Gavrun via ZDI 5) Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs 6) Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs 8) Senator of Pirates 9) Kevin Szkudlapski, QuarksLab ORIGINAL ADVISORY: http://support.apple.com/kb/HT5581 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-07-1 QuickTime 7.7.3 QuickTime 7.7.3 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of REGION records in PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-1374 : Mark Yason of the IBM X-Force QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3757 : Jeremy Brown at Microsoft and Microsoft Vulnerability Research (MSVR) QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime plugin's handling of '_qtactivex_' parameters within a HTML object element. This issue was addressed through improved memory handling. This issue was addressed through improved bounds checking. These issues were addressed through improved bounds checking. CVE-ID CVE-2012-3752 : Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the QuickTime plugin's handling of MIME types. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3753 : Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime ActiveX control's handling of the Clear() method. This issue was addressed through improved memory management. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3756 : Kevin Szkudlapski of QuarksLab QuickTime 7.7.3 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 3123713755c0705babacf186f5c3571204ee3ae7 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQmpRUAAoJEPefwLHPlZEwLxkP/j9+h9Wz0TzUbGLzyQsR7J98 JFMDjzIzoyILXnKxq19oZnjxwJtmBJVJuEVX3cqTS+R/yNOQb2kox/bQUCSL7TnW YW2f2IeHAt1TndxwP82+/lmRw6z2Dt+wptmn6OhOTdeIRFnsoV7KjKnnMja2Tr2d Hysb/kAcKc0RP8dGKmlT007ktCShRqhKqVZJZ+LePaF40CxZE2G4iT6mHI9gAXsp TNfBDOwO6wEaDjApXeotmvInMqYw3EPQHMFdP1kjQyai3QEgFrGV6xpQM0p17ftW KK8/O9IxnVGTWAAA51N7nWvEXlwX7uSJB96aerFlBGYyjzPlChwgHJsXG/Be1xXa 7nrl7IRDoX2QivJnvJAugxQkkZUXB6anokn94pUKa9wrYXMH/lSDXpJuzN7BWmmt TJ2Xckrryt6p68eGwl/CaACjsFO7JHMjJiZurIFH3/ho0xXEixiXx/QJaDjiJFym ZcepjmzflDY1c4J8HLPeb1iqD7cgFuIP8eP4f5FmYpvPkkawE/pKsKQk3m8uX4fu RCXB2tfGaqws4mrSuFCL+NfD4ewKUc+kY5Kr2l2TG2q0wj4t6dbFMqsoNOUPMV64 I8xmJqXv5Vmvy17mlo+5HEZJhOwveA0mH9QDvjiQLZGykLTHeVnrLwwuQ1CHLfsX HhmkaRhwV4stZsLFzwIW =nV8Y -----END PGP SIGNATURE-----

Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file. These issues arise when the application handles specially crafted files. Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista, and XP. This BID is being retired. The following individual records exist to better document the issues: 56564 Apple QuickTime CVE-2012-3754 Use-After-Free Remote Code Execution Vulnerability 56563 Apple QuickTime CVE-2012-3751 Use-After-Free Remote Code Execution Vulnerability 56552 Apple QuickTime CVE-2012-3756 Buffer Overflow Vulnerability 56551 Apple QuickTime CVE-2012-3755 Buffer Overflow Vulnerability 56550 Apple QuickTime CVE-2012-3753 Buffer Overflow Vulnerability 56549 Apple QuickTime CVE-2011-1374 Buffer Overflow Vulnerability 56557 Apple QuickTime CVE-2012-3752 Multiple Buffer Overflow Vulnerabilities 56556 Apple QuickTime CVE-2012-3757 Memory Corruption Vulnerability 56553 Apple QuickTime CVE-2012-3758 Buffer Overflow Vulnerability. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51226 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51226/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 RELEASE DATE: 2012-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/51226/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51226/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when processing a PICT file can be exploited to cause a buffer overflow. 2) An error when processing a PICT file can be exploited to corrupt memory. 3) A use-after-free error exists in the plugin when handling "_qtactivex_" parameters within an HTML object. 4) A boundary error when handling the transform attribute of "text3GTrack" elements can be exploited to cause a buffer overflow via a specially crafted TeXML file. 5) Some errors when processing TeXML files can be exploited to cause a buffer overflows. 6) A boundary error when handling certain MIME types within a plugin can be exploited to cause a buffer overflow. 7) A use-after-free error exists in the ActiveX control when handling "Clear()" method. 8) A boundary error when processing a Targa file can be exploited to cause a buffer overflow. 9) A boundary error when processing the "rnet" box within MP4 files can be exploited to cause a buffer overflow. The vulnerabilities are reported in versions prior to 7.7.3. SOLUTION: Update to version 7.7.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Mark Yason, IBM X-Force 2) Jeremy Brown, Microsoft and Microsoft Vulnerability Research (MSVR) 3, 7) chkr_d591 via iDefense VCP 4) Alexander Gavrun via ZDI 5) Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs 6) Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs 8) Senator of Pirates 9) Kevin Szkudlapski, QuarksLab ORIGINAL ADVISORY: http://support.apple.com/kb/HT5581 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-07-1 QuickTime 7.7.3 QuickTime 7.7.3 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of REGION records in PICT files. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3757 : Jeremy Brown at Microsoft and Microsoft Vulnerability Research (MSVR) QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime plugin's handling of '_qtactivex_' parameters within a HTML object element. This issue was addressed through improved memory handling. CVE-ID CVE-2012-3751 : chkr_d591 working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of the transform attribute in text3GTrack elements. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3758 : Alexander Gavrun working with HP TippingPoint's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in the handling of style elements in QuickTime TeXML files. These issues were addressed through improved bounds checking. CVE-ID CVE-2012-3752 : Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the QuickTime plugin's handling of MIME types. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3753 : Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime ActiveX control's handling of the Clear() method. This issue was addressed through improved memory management. CVE-ID CVE-2012-3754 : CHkr_d591 working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted Targa file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Targa image files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3755 : Senator of Pirates QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3756 : Kevin Szkudlapski of QuarksLab QuickTime 7.7.3 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 3123713755c0705babacf186f5c3571204ee3ae7 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQmpRUAAoJEPefwLHPlZEwLxkP/j9+h9Wz0TzUbGLzyQsR7J98 JFMDjzIzoyILXnKxq19oZnjxwJtmBJVJuEVX3cqTS+R/yNOQb2kox/bQUCSL7TnW YW2f2IeHAt1TndxwP82+/lmRw6z2Dt+wptmn6OhOTdeIRFnsoV7KjKnnMja2Tr2d Hysb/kAcKc0RP8dGKmlT007ktCShRqhKqVZJZ+LePaF40CxZE2G4iT6mHI9gAXsp TNfBDOwO6wEaDjApXeotmvInMqYw3EPQHMFdP1kjQyai3QEgFrGV6xpQM0p17ftW KK8/O9IxnVGTWAAA51N7nWvEXlwX7uSJB96aerFlBGYyjzPlChwgHJsXG/Be1xXa 7nrl7IRDoX2QivJnvJAugxQkkZUXB6anokn94pUKa9wrYXMH/lSDXpJuzN7BWmmt TJ2Xckrryt6p68eGwl/CaACjsFO7JHMjJiZurIFH3/ho0xXEixiXx/QJaDjiJFym ZcepjmzflDY1c4J8HLPeb1iqD7cgFuIP8eP4f5FmYpvPkkawE/pKsKQk3m8uX4fu RCXB2tfGaqws4mrSuFCL+NfD4ewKUc+kY5Kr2l2TG2q0wj4t6dbFMqsoNOUPMV64 I8xmJqXv5Vmvy17mlo+5HEZJhOwveA0mH9QDvjiQLZGykLTHeVnrLwwuQ1CHLfsX HhmkaRhwV4stZsLFzwIW =nV8Y -----END PGP SIGNATURE-----

Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image. These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista, and XP. This BID is being retired. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51226 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51226/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 RELEASE DATE: 2012-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/51226/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51226/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when processing a PICT file can be exploited to cause a buffer overflow. 2) An error when processing a PICT file can be exploited to corrupt memory. 3) A use-after-free error exists in the plugin when handling "_qtactivex_" parameters within an HTML object. 4) A boundary error when handling the transform attribute of "text3GTrack" elements can be exploited to cause a buffer overflow via a specially crafted TeXML file. 5) Some errors when processing TeXML files can be exploited to cause a buffer overflows. 6) A boundary error when handling certain MIME types within a plugin can be exploited to cause a buffer overflow. 7) A use-after-free error exists in the ActiveX control when handling "Clear()" method. 8) A boundary error when processing a Targa file can be exploited to cause a buffer overflow. 9) A boundary error when processing the "rnet" box within MP4 files can be exploited to cause a buffer overflow. The vulnerabilities are reported in versions prior to 7.7.3. SOLUTION: Update to version 7.7.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Mark Yason, IBM X-Force 2) Jeremy Brown, Microsoft and Microsoft Vulnerability Research (MSVR) 3, 7) chkr_d591 via iDefense VCP 4) Alexander Gavrun via ZDI 5) Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs 6) Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs 8) Senator of Pirates 9) Kevin Szkudlapski, QuarksLab ORIGINAL ADVISORY: http://support.apple.com/kb/HT5581 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-07-1 QuickTime 7.7.3 QuickTime 7.7.3 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of REGION records in PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-1374 : Mark Yason of the IBM X-Force QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3757 : Jeremy Brown at Microsoft and Microsoft Vulnerability Research (MSVR) QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime plugin's handling of '_qtactivex_' parameters within a HTML object element. This issue was addressed through improved memory handling. CVE-ID CVE-2012-3751 : chkr_d591 working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of the transform attribute in text3GTrack elements. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3758 : Alexander Gavrun working with HP TippingPoint's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in the handling of style elements in QuickTime TeXML files. These issues were addressed through improved bounds checking. CVE-ID CVE-2012-3752 : Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the QuickTime plugin's handling of MIME types. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3753 : Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime ActiveX control's handling of the Clear() method. This issue was addressed through improved memory management. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3755 : Senator of Pirates QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3756 : Kevin Szkudlapski of QuarksLab QuickTime 7.7.3 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 3123713755c0705babacf186f5c3571204ee3ae7 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQmpRUAAoJEPefwLHPlZEwLxkP/j9+h9Wz0TzUbGLzyQsR7J98 JFMDjzIzoyILXnKxq19oZnjxwJtmBJVJuEVX3cqTS+R/yNOQb2kox/bQUCSL7TnW YW2f2IeHAt1TndxwP82+/lmRw6z2Dt+wptmn6OhOTdeIRFnsoV7KjKnnMja2Tr2d Hysb/kAcKc0RP8dGKmlT007ktCShRqhKqVZJZ+LePaF40CxZE2G4iT6mHI9gAXsp TNfBDOwO6wEaDjApXeotmvInMqYw3EPQHMFdP1kjQyai3QEgFrGV6xpQM0p17ftW KK8/O9IxnVGTWAAA51N7nWvEXlwX7uSJB96aerFlBGYyjzPlChwgHJsXG/Be1xXa 7nrl7IRDoX2QivJnvJAugxQkkZUXB6anokn94pUKa9wrYXMH/lSDXpJuzN7BWmmt TJ2Xckrryt6p68eGwl/CaACjsFO7JHMjJiZurIFH3/ho0xXEixiXx/QJaDjiJFym ZcepjmzflDY1c4J8HLPeb1iqD7cgFuIP8eP4f5FmYpvPkkawE/pKsKQk3m8uX4fu RCXB2tfGaqws4mrSuFCL+NfD4ewKUc+kY5Kr2l2TG2q0wj4t6dbFMqsoNOUPMV64 I8xmJqXv5Vmvy17mlo+5HEZJhOwveA0mH9QDvjiQLZGykLTHeVnrLwwuQ1CHLfsX HhmkaRhwV4stZsLFzwIW =nV8Y -----END PGP SIGNATURE-----

Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file. These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista, and XP. This BID is being retired. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51226 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51226/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 RELEASE DATE: 2012-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/51226/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51226/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when processing a PICT file can be exploited to cause a buffer overflow. 2) An error when processing a PICT file can be exploited to corrupt memory. 3) A use-after-free error exists in the plugin when handling "_qtactivex_" parameters within an HTML object. 4) A boundary error when handling the transform attribute of "text3GTrack" elements can be exploited to cause a buffer overflow via a specially crafted TeXML file. 5) Some errors when processing TeXML files can be exploited to cause a buffer overflows. 6) A boundary error when handling certain MIME types within a plugin can be exploited to cause a buffer overflow. 7) A use-after-free error exists in the ActiveX control when handling "Clear()" method. 8) A boundary error when processing a Targa file can be exploited to cause a buffer overflow. 9) A boundary error when processing the "rnet" box within MP4 files can be exploited to cause a buffer overflow. The vulnerabilities are reported in versions prior to 7.7.3. SOLUTION: Update to version 7.7.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Mark Yason, IBM X-Force 2) Jeremy Brown, Microsoft and Microsoft Vulnerability Research (MSVR) 3, 7) chkr_d591 via iDefense VCP 4) Alexander Gavrun via ZDI 5) Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs 6) Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs 8) Senator of Pirates 9) Kevin Szkudlapski, QuarksLab ORIGINAL ADVISORY: http://support.apple.com/kb/HT5581 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-07-1 QuickTime 7.7.3 QuickTime 7.7.3 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of REGION records in PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-1374 : Mark Yason of the IBM X-Force QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3757 : Jeremy Brown at Microsoft and Microsoft Vulnerability Research (MSVR) QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime plugin's handling of '_qtactivex_' parameters within a HTML object element. This issue was addressed through improved memory handling. This issue was addressed through improved bounds checking. These issues were addressed through improved bounds checking. CVE-ID CVE-2012-3752 : Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the QuickTime plugin's handling of MIME types. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3753 : Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime ActiveX control's handling of the Clear() method. This issue was addressed through improved memory management. CVE-ID CVE-2012-3754 : CHkr_d591 working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted Targa file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Targa image files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3755 : Senator of Pirates QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3756 : Kevin Szkudlapski of QuarksLab QuickTime 7.7.3 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 3123713755c0705babacf186f5c3571204ee3ae7 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQmpRUAAoJEPefwLHPlZEwLxkP/j9+h9Wz0TzUbGLzyQsR7J98 JFMDjzIzoyILXnKxq19oZnjxwJtmBJVJuEVX3cqTS+R/yNOQb2kox/bQUCSL7TnW YW2f2IeHAt1TndxwP82+/lmRw6z2Dt+wptmn6OhOTdeIRFnsoV7KjKnnMja2Tr2d Hysb/kAcKc0RP8dGKmlT007ktCShRqhKqVZJZ+LePaF40CxZE2G4iT6mHI9gAXsp TNfBDOwO6wEaDjApXeotmvInMqYw3EPQHMFdP1kjQyai3QEgFrGV6xpQM0p17ftW KK8/O9IxnVGTWAAA51N7nWvEXlwX7uSJB96aerFlBGYyjzPlChwgHJsXG/Be1xXa 7nrl7IRDoX2QivJnvJAugxQkkZUXB6anokn94pUKa9wrYXMH/lSDXpJuzN7BWmmt TJ2Xckrryt6p68eGwl/CaACjsFO7JHMjJiZurIFH3/ho0xXEixiXx/QJaDjiJFym ZcepjmzflDY1c4J8HLPeb1iqD7cgFuIP8eP4f5FmYpvPkkawE/pKsKQk3m8uX4fu RCXB2tfGaqws4mrSuFCL+NfD4ewKUc+kY5Kr2l2TG2q0wj4t6dbFMqsoNOUPMV64 I8xmJqXv5Vmvy17mlo+5HEZJhOwveA0mH9QDvjiQLZGykLTHeVnrLwwuQ1CHLfsX HhmkaRhwV4stZsLFzwIW =nV8Y -----END PGP SIGNATURE-----

Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista, and XP. This BID is being retired. The following individual records exist to better document the issues: 56564 Apple QuickTime CVE-2012-3754 Use-After-Free Remote Code Execution Vulnerability 56563 Apple QuickTime CVE-2012-3751 Use-After-Free Remote Code Execution Vulnerability 56552 Apple QuickTime CVE-2012-3756 Buffer Overflow Vulnerability 56551 Apple QuickTime CVE-2012-3755 Buffer Overflow Vulnerability 56550 Apple QuickTime CVE-2012-3753 Buffer Overflow Vulnerability 56549 Apple QuickTime CVE-2011-1374 Buffer Overflow Vulnerability 56557 Apple QuickTime CVE-2012-3752 Multiple Buffer Overflow Vulnerabilities 56556 Apple QuickTime CVE-2012-3757 Memory Corruption Vulnerability 56553 Apple QuickTime CVE-2012-3758 Buffer Overflow Vulnerability. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51226 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51226/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 RELEASE DATE: 2012-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/51226/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51226/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when processing a PICT file can be exploited to cause a buffer overflow. 2) An error when processing a PICT file can be exploited to corrupt memory. 3) A use-after-free error exists in the plugin when handling "_qtactivex_" parameters within an HTML object. 4) A boundary error when handling the transform attribute of "text3GTrack" elements can be exploited to cause a buffer overflow via a specially crafted TeXML file. 5) Some errors when processing TeXML files can be exploited to cause a buffer overflows. 6) A boundary error when handling certain MIME types within a plugin can be exploited to cause a buffer overflow. 7) A use-after-free error exists in the ActiveX control when handling "Clear()" method. 8) A boundary error when processing a Targa file can be exploited to cause a buffer overflow. 9) A boundary error when processing the "rnet" box within MP4 files can be exploited to cause a buffer overflow. The vulnerabilities are reported in versions prior to 7.7.3. SOLUTION: Update to version 7.7.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Mark Yason, IBM X-Force 2) Jeremy Brown, Microsoft and Microsoft Vulnerability Research (MSVR) 3, 7) chkr_d591 via iDefense VCP 4) Alexander Gavrun via ZDI 5) Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs 6) Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs 8) Senator of Pirates 9) Kevin Szkudlapski, QuarksLab ORIGINAL ADVISORY: http://support.apple.com/kb/HT5581 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-07-1 QuickTime 7.7.3 QuickTime 7.7.3 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of REGION records in PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-1374 : Mark Yason of the IBM X-Force QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3757 : Jeremy Brown at Microsoft and Microsoft Vulnerability Research (MSVR) QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime plugin's handling of '_qtactivex_' parameters within a HTML object element. This issue was addressed through improved memory handling. CVE-ID CVE-2012-3751 : chkr_d591 working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of the transform attribute in text3GTrack elements. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3758 : Alexander Gavrun working with HP TippingPoint's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in the handling of style elements in QuickTime TeXML files. These issues were addressed through improved bounds checking. CVE-ID CVE-2012-3752 : Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the QuickTime plugin's handling of MIME types. This issue was addressed through improved bounds checking. This issue was addressed through improved memory management. CVE-ID CVE-2012-3754 : CHkr_d591 working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted Targa file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Targa image files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3755 : Senator of Pirates QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3756 : Kevin Szkudlapski of QuarksLab QuickTime 7.7.3 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 3123713755c0705babacf186f5c3571204ee3ae7 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQmpRUAAoJEPefwLHPlZEwLxkP/j9+h9Wz0TzUbGLzyQsR7J98 JFMDjzIzoyILXnKxq19oZnjxwJtmBJVJuEVX3cqTS+R/yNOQb2kox/bQUCSL7TnW YW2f2IeHAt1TndxwP82+/lmRw6z2Dt+wptmn6OhOTdeIRFnsoV7KjKnnMja2Tr2d Hysb/kAcKc0RP8dGKmlT007ktCShRqhKqVZJZ+LePaF40CxZE2G4iT6mHI9gAXsp TNfBDOwO6wEaDjApXeotmvInMqYw3EPQHMFdP1kjQyai3QEgFrGV6xpQM0p17ftW KK8/O9IxnVGTWAAA51N7nWvEXlwX7uSJB96aerFlBGYyjzPlChwgHJsXG/Be1xXa 7nrl7IRDoX2QivJnvJAugxQkkZUXB6anokn94pUKa9wrYXMH/lSDXpJuzN7BWmmt TJ2Xckrryt6p68eGwl/CaACjsFO7JHMjJiZurIFH3/ho0xXEixiXx/QJaDjiJFym ZcepjmzflDY1c4J8HLPeb1iqD7cgFuIP8eP4f5FmYpvPkkawE/pKsKQk3m8uX4fu RCXB2tfGaqws4mrSuFCL+NfD4ewKUc+kY5Kr2l2TG2q0wj4t6dbFMqsoNOUPMV64 I8xmJqXv5Vmvy17mlo+5HEZJhOwveA0mH9QDvjiQLZGykLTHeVnrLwwuQ1CHLfsX HhmkaRhwV4stZsLFzwIW =nV8Y -----END PGP SIGNATURE-----

Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type. These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista, and XP. This BID is being retired. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51226 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51226/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 RELEASE DATE: 2012-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/51226/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51226/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when processing a PICT file can be exploited to cause a buffer overflow. 2) An error when processing a PICT file can be exploited to corrupt memory. 3) A use-after-free error exists in the plugin when handling "_qtactivex_" parameters within an HTML object. 4) A boundary error when handling the transform attribute of "text3GTrack" elements can be exploited to cause a buffer overflow via a specially crafted TeXML file. 5) Some errors when processing TeXML files can be exploited to cause a buffer overflows. 7) A use-after-free error exists in the ActiveX control when handling "Clear()" method. 8) A boundary error when processing a Targa file can be exploited to cause a buffer overflow. 9) A boundary error when processing the "rnet" box within MP4 files can be exploited to cause a buffer overflow. The vulnerabilities are reported in versions prior to 7.7.3. SOLUTION: Update to version 7.7.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Mark Yason, IBM X-Force 2) Jeremy Brown, Microsoft and Microsoft Vulnerability Research (MSVR) 3, 7) chkr_d591 via iDefense VCP 4) Alexander Gavrun via ZDI 5) Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs 6) Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs 8) Senator of Pirates 9) Kevin Szkudlapski, QuarksLab ORIGINAL ADVISORY: http://support.apple.com/kb/HT5581 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-07-1 QuickTime 7.7.3 QuickTime 7.7.3 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of REGION records in PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-1374 : Mark Yason of the IBM X-Force QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3757 : Jeremy Brown at Microsoft and Microsoft Vulnerability Research (MSVR) QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime plugin's handling of '_qtactivex_' parameters within a HTML object element. This issue was addressed through improved memory handling. CVE-ID CVE-2012-3751 : chkr_d591 working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of the transform attribute in text3GTrack elements. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3758 : Alexander Gavrun working with HP TippingPoint's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in the handling of style elements in QuickTime TeXML files. These issues were addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3753 : Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime ActiveX control's handling of the Clear() method. This issue was addressed through improved memory management. CVE-ID CVE-2012-3754 : CHkr_d591 working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted Targa file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Targa image files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3755 : Senator of Pirates QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3756 : Kevin Szkudlapski of QuarksLab QuickTime 7.7.3 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 3123713755c0705babacf186f5c3571204ee3ae7 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQmpRUAAoJEPefwLHPlZEwLxkP/j9+h9Wz0TzUbGLzyQsR7J98 JFMDjzIzoyILXnKxq19oZnjxwJtmBJVJuEVX3cqTS+R/yNOQb2kox/bQUCSL7TnW YW2f2IeHAt1TndxwP82+/lmRw6z2Dt+wptmn6OhOTdeIRFnsoV7KjKnnMja2Tr2d Hysb/kAcKc0RP8dGKmlT007ktCShRqhKqVZJZ+LePaF40CxZE2G4iT6mHI9gAXsp TNfBDOwO6wEaDjApXeotmvInMqYw3EPQHMFdP1kjQyai3QEgFrGV6xpQM0p17ftW KK8/O9IxnVGTWAAA51N7nWvEXlwX7uSJB96aerFlBGYyjzPlChwgHJsXG/Be1xXa 7nrl7IRDoX2QivJnvJAugxQkkZUXB6anokn94pUKa9wrYXMH/lSDXpJuzN7BWmmt TJ2Xckrryt6p68eGwl/CaACjsFO7JHMjJiZurIFH3/ho0xXEixiXx/QJaDjiJFym ZcepjmzflDY1c4J8HLPeb1iqD7cgFuIP8eP4f5FmYpvPkkawE/pKsKQk3m8uX4fu RCXB2tfGaqws4mrSuFCL+NfD4ewKUc+kY5Kr2l2TG2q0wj4t6dbFMqsoNOUPMV64 I8xmJqXv5Vmvy17mlo+5HEZJhOwveA0mH9QDvjiQLZGykLTHeVnrLwwuQ1CHLfsX HhmkaRhwV4stZsLFzwIW =nV8Y -----END PGP SIGNATURE-----

Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT element. These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista, and XP. This BID is being retired. The following individual records exist to better document the issues: 56564 Apple QuickTime CVE-2012-3754 Use-After-Free Remote Code Execution Vulnerability 56563 Apple QuickTime CVE-2012-3751 Use-After-Free Remote Code Execution Vulnerability 56552 Apple QuickTime CVE-2012-3756 Buffer Overflow Vulnerability 56551 Apple QuickTime CVE-2012-3755 Buffer Overflow Vulnerability 56550 Apple QuickTime CVE-2012-3753 Buffer Overflow Vulnerability 56549 Apple QuickTime CVE-2011-1374 Buffer Overflow Vulnerability 56557 Apple QuickTime CVE-2012-3752 Multiple Buffer Overflow Vulnerabilities 56556 Apple QuickTime CVE-2012-3757 Memory Corruption Vulnerability 56553 Apple QuickTime CVE-2012-3758 Buffer Overflow Vulnerability. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51226 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51226/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 RELEASE DATE: 2012-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/51226/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51226/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when processing a PICT file can be exploited to cause a buffer overflow. 2) An error when processing a PICT file can be exploited to corrupt memory. 3) A use-after-free error exists in the plugin when handling "_qtactivex_" parameters within an HTML object. 4) A boundary error when handling the transform attribute of "text3GTrack" elements can be exploited to cause a buffer overflow via a specially crafted TeXML file. 5) Some errors when processing TeXML files can be exploited to cause a buffer overflows. 6) A boundary error when handling certain MIME types within a plugin can be exploited to cause a buffer overflow. 7) A use-after-free error exists in the ActiveX control when handling "Clear()" method. 8) A boundary error when processing a Targa file can be exploited to cause a buffer overflow. 9) A boundary error when processing the "rnet" box within MP4 files can be exploited to cause a buffer overflow. The vulnerabilities are reported in versions prior to 7.7.3. SOLUTION: Update to version 7.7.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Mark Yason, IBM X-Force 2) Jeremy Brown, Microsoft and Microsoft Vulnerability Research (MSVR) 3, 7) chkr_d591 via iDefense VCP 4) Alexander Gavrun via ZDI 5) Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs 6) Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs 8) Senator of Pirates 9) Kevin Szkudlapski, QuarksLab ORIGINAL ADVISORY: http://support.apple.com/kb/HT5581 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-07-1 QuickTime 7.7.3 QuickTime 7.7.3 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of REGION records in PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-1374 : Mark Yason of the IBM X-Force QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PICT files. This issue was addressed through improved bounds checking. This issue was addressed through improved memory handling. CVE-ID CVE-2012-3751 : chkr_d591 working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of the transform attribute in text3GTrack elements. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3758 : Alexander Gavrun working with HP TippingPoint's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in the handling of style elements in QuickTime TeXML files. These issues were addressed through improved bounds checking. CVE-ID CVE-2012-3752 : Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the QuickTime plugin's handling of MIME types. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3753 : Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime ActiveX control's handling of the Clear() method. This issue was addressed through improved memory management. CVE-ID CVE-2012-3754 : CHkr_d591 working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted Targa file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Targa image files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3755 : Senator of Pirates QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3756 : Kevin Szkudlapski of QuarksLab QuickTime 7.7.3 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 3123713755c0705babacf186f5c3571204ee3ae7 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQmpRUAAoJEPefwLHPlZEwLxkP/j9+h9Wz0TzUbGLzyQsR7J98 JFMDjzIzoyILXnKxq19oZnjxwJtmBJVJuEVX3cqTS+R/yNOQb2kox/bQUCSL7TnW YW2f2IeHAt1TndxwP82+/lmRw6z2Dt+wptmn6OhOTdeIRFnsoV7KjKnnMja2Tr2d Hysb/kAcKc0RP8dGKmlT007ktCShRqhKqVZJZ+LePaF40CxZE2G4iT6mHI9gAXsp TNfBDOwO6wEaDjApXeotmvInMqYw3EPQHMFdP1kjQyai3QEgFrGV6xpQM0p17ftW KK8/O9IxnVGTWAAA51N7nWvEXlwX7uSJB96aerFlBGYyjzPlChwgHJsXG/Be1xXa 7nrl7IRDoX2QivJnvJAugxQkkZUXB6anokn94pUKa9wrYXMH/lSDXpJuzN7BWmmt TJ2Xckrryt6p68eGwl/CaACjsFO7JHMjJiZurIFH3/ho0xXEixiXx/QJaDjiJFym ZcepjmzflDY1c4J8HLPeb1iqD7cgFuIP8eP4f5FmYpvPkkawE/pKsKQk3m8uX4fu RCXB2tfGaqws4mrSuFCL+NfD4ewKUc+kY5Kr2l2TG2q0wj4t6dbFMqsoNOUPMV64 I8xmJqXv5Vmvy17mlo+5HEZJhOwveA0mH9QDvjiQLZGykLTHeVnrLwwuQ1CHLfsX HhmkaRhwV4stZsLFzwIW =nV8Y -----END PGP SIGNATURE-----