VARIoT IoT vulnerabilities database
| VAR-201206-0054 | CVE-2012-1718 | Oracle Java SE of Java Runtime Environment (JRE) In Security Processing vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
The vulnerability can be exploited over multiple protocols. This issue affects the 'Security' sub-component.
This vulnerability affects the following supported versions:
7 Update 4, 6 Update 32, 5 Update 35, 1.4.2_37. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch page, listed in the References section.
* S7143872, CVE-2012-1718: Improve certificate extension processing
* S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC
* S7152811, CVE-2012-1723: Issues in client compiler
* S7157609, CVE-2012-1724: Issues with loop
* S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile
* S7110720: Issue with vm config file loadingIssue with vm config
file loading
* S7145239: Finetune package definition restriction
* S7160677: missing else in fix for 7152811
The updated packages provides icedtea6-1.11.3 which is not vulnerable
to these issues. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFP3v0dmqjQ0CJFipgRApUEAKDuHyqURe7mAlzYzLRgK4SCCjmaxACgqxmR
y5zs168WwioVV48Wj1lIeDQ=
=9Eet
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: java-1.7.0-openjdk security and bug fix update
Advisory ID: RHSA-2012:1009-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1009.html
Issue date: 2012-06-20
CVE Names: CVE-2012-1711 CVE-2012-1713 CVE-2012-1716
CVE-2012-1717 CVE-2012-1718 CVE-2012-1719
CVE-2012-1723 CVE-2012-1724 CVE-2012-1725
CVE-2012-1726
=====================================================================
1. Summary:
Updated java-1.7.0-openjdk packages that fix several security issues and
one bug are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64
3. Description:
These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.
Multiple flaws were discovered in the CORBA (Common Object Request Broker
Architecture) implementation in Java. A malicious Java application or
applet could use these flaws to bypass Java sandbox restrictions or modify
immutable object data. (CVE-2012-1711, CVE-2012-1719)
It was discovered that the SynthLookAndFeel class from Swing did not
properly prevent access to certain UI elements from outside the current
application context. A malicious Java application or applet could use this
flaw to crash the Java Virtual Machine, or bypass Java sandbox
restrictions. (CVE-2012-1716)
Multiple flaws were discovered in the font manager's layout lookup
implementation. A specially-crafted font file could cause the Java Virtual
Machine to crash or, possibly, execute arbitrary code with the privileges
of the user running the virtual machine. (CVE-2012-1713)
Multiple flaws were found in the way the Java HotSpot Virtual Machine
verified the bytecode of the class file to be executed. A specially-crafted
Java application or applet could use these flaws to crash the Java Virtual
Machine, or bypass Java sandbox restrictions. (CVE-2012-1723,
CVE-2012-1725)
It was discovered that java.lang.invoke.MethodHandles.Lookup did not
properly honor access modes. An untrusted Java application or applet could
use this flaw to bypass Java sandbox restrictions. (CVE-2012-1726)
It was discovered that the Java XML parser did not properly handle certain
XML documents. An attacker able to make a Java application parse a
specially-crafted XML file could use this flaw to make the XML parser enter
an infinite loop. (CVE-2012-1724)
It was discovered that the Java security classes did not properly handle
Certificate Revocation Lists (CRL). CRL containing entries with duplicate
certificate serial numbers could have been ignored. (CVE-2012-1718)
It was discovered that various classes of the Java Runtime library could
create temporary files with insecure permissions. A local attacker could
use this flaw to gain access to the content of such temporary files.
(CVE-2012-1717)
This update also fixes the following bug:
* Attempting to compile a SystemTap script using the jstack tapset could
have failed with an error similar to the following:
error: the frame size of 272 bytes is larger than 256 bytes
This update corrects the jstack tapset and resolves this issue. (BZ#833035)
This erratum also upgrades the OpenJDK package to IcedTea7 2.2.1. Refer to
the NEWS file, linked to in the References, for further information.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
829354 - CVE-2012-1711 OpenJDK: improper protection of CORBA data models (CORBA, 7079902)
829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606)
829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614)
829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)
829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)
829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)
829373 - CVE-2012-1723 OpenJDK: insufficient field accessibility checks (HotSpot, 7152811)
829374 - CVE-2012-1724 OpenJDK: XML parsing infinite loop (JAXP, 7157609)
829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial <init> verification (HotSpot, 7160757)
829377 - CVE-2012-1726 OpenJDK: java.lang.invoke.MethodHandles.Lookup does not honor access modes (Libraries, 7165628)
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.src.rpm
i386:
java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.i686.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.src.rpm
i386:
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.i686.rpm
java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.i686.rpm
noarch:
java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.noarch.rpm
x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.src.rpm
noarch:
java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.noarch.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.src.rpm
i386:
java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.i686.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.src.rpm
i386:
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.i686.rpm
java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.i686.rpm
noarch:
java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.noarch.rpm
x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.src.rpm
i386:
java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.i686.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.src.rpm
i386:
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.i686.rpm
java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.i686.rpm
noarch:
java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.noarch.rpm
x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-1711.html
https://www.redhat.com/security/data/cve/CVE-2012-1713.html
https://www.redhat.com/security/data/cve/CVE-2012-1716.html
https://www.redhat.com/security/data/cve/CVE-2012-1717.html
https://www.redhat.com/security/data/cve/CVE-2012-1718.html
https://www.redhat.com/security/data/cve/CVE-2012-1719.html
https://www.redhat.com/security/data/cve/CVE-2012-1723.html
https://www.redhat.com/security/data/cve/CVE-2012-1724.html
https://www.redhat.com/security/data/cve/CVE-2012-1725.html
https://www.redhat.com/security/data/cve/CVE-2012-1726.html
https://access.redhat.com/security/updates/classification/#important
http://icedtea.classpath.org/hg/release/icedtea7-2.2/file/icedtea-2.2.1/NEWS
http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFP4bdMXlSAg2UNWIIRAgLZAJ4rVT0qeWA3N7RGN/RRjkpcTqtF4wCeNbiZ
7KUEsZqVLjXnfpCmLH3lpCM=
=GGr3
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201406-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: IcedTea JDK: Multiple vulnerabilities
Date: June 29, 2014
Bugs: #312297, #330205, #340819, #346799, #352035, #353418,
#354231, #355127, #370787, #387637, #404095, #421031,
#429522, #433389, #438750, #442478, #457206, #458410,
#461714, #466822, #477210, #489570, #508270
ID: 201406-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in the IcedTea JDK, the worst
of which could lead to arbitrary code execution.
Background
==========
IcedTea is a distribution of the Java OpenJDK source code built with
free build tools.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/icedtea-bin < 6.1.13.3 >= 6.1.13.3
Description
===========
Multiple vulnerabilities have been discovered in the IcedTea JDK.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, bypass intended security policies, or have other
unspecified impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All IcedTea JDK users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3"
References
==========
[ 1 ] CVE-2009-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555
[ 2 ] CVE-2010-2548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548
[ 3 ] CVE-2010-2783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783
[ 4 ] CVE-2010-3541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541
[ 5 ] CVE-2010-3548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548
[ 6 ] CVE-2010-3549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549
[ 7 ] CVE-2010-3551
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551
[ 8 ] CVE-2010-3553
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553
[ 9 ] CVE-2010-3554
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554
[ 10 ] CVE-2010-3557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557
[ 11 ] CVE-2010-3561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561
[ 12 ] CVE-2010-3562
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562
[ 13 ] CVE-2010-3564
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564
[ 14 ] CVE-2010-3565
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565
[ 15 ] CVE-2010-3566
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566
[ 16 ] CVE-2010-3567
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567
[ 17 ] CVE-2010-3568
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568
[ 18 ] CVE-2010-3569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569
[ 19 ] CVE-2010-3573
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573
[ 20 ] CVE-2010-3574
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574
[ 21 ] CVE-2010-3860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860
[ 22 ] CVE-2010-4351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351
[ 23 ] CVE-2010-4448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448
[ 24 ] CVE-2010-4450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450
[ 25 ] CVE-2010-4465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465
[ 26 ] CVE-2010-4467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467
[ 27 ] CVE-2010-4469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469
[ 28 ] CVE-2010-4470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470
[ 29 ] CVE-2010-4471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471
[ 30 ] CVE-2010-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472
[ 31 ] CVE-2010-4476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476
[ 32 ] CVE-2011-0025
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025
[ 33 ] CVE-2011-0706
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706
[ 34 ] CVE-2011-0815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815
[ 35 ] CVE-2011-0822
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822
[ 36 ] CVE-2011-0862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862
[ 37 ] CVE-2011-0864
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864
[ 38 ] CVE-2011-0865
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865
[ 39 ] CVE-2011-0868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868
[ 40 ] CVE-2011-0869
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869
[ 41 ] CVE-2011-0870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870
[ 42 ] CVE-2011-0871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871
[ 43 ] CVE-2011-0872
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872
[ 44 ] CVE-2011-3389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389
[ 45 ] CVE-2011-3521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521
[ 46 ] CVE-2011-3544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544
[ 47 ] CVE-2011-3547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547
[ 48 ] CVE-2011-3548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548
[ 49 ] CVE-2011-3551
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551
[ 50 ] CVE-2011-3552
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552
[ 51 ] CVE-2011-3553
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553
[ 52 ] CVE-2011-3554
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554
[ 53 ] CVE-2011-3556
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556
[ 54 ] CVE-2011-3557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557
[ 55 ] CVE-2011-3558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558
[ 56 ] CVE-2011-3560
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560
[ 57 ] CVE-2011-3563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563
[ 58 ] CVE-2011-3571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571
[ 59 ] CVE-2011-5035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035
[ 60 ] CVE-2012-0497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497
[ 61 ] CVE-2012-0501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501
[ 62 ] CVE-2012-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502
[ 63 ] CVE-2012-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503
[ 64 ] CVE-2012-0505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505
[ 65 ] CVE-2012-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506
[ 66 ] CVE-2012-0547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547
[ 67 ] CVE-2012-1711
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711
[ 68 ] CVE-2012-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713
[ 69 ] CVE-2012-1716
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716
[ 70 ] CVE-2012-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717
[ 71 ] CVE-2012-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718
[ 72 ] CVE-2012-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719
[ 73 ] CVE-2012-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723
[ 74 ] CVE-2012-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724
[ 75 ] CVE-2012-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725
[ 76 ] CVE-2012-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726
[ 77 ] CVE-2012-3216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216
[ 78 ] CVE-2012-3422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422
[ 79 ] CVE-2012-3423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423
[ 80 ] CVE-2012-4416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416
[ 81 ] CVE-2012-4540
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540
[ 82 ] CVE-2012-5068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068
[ 83 ] CVE-2012-5069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069
[ 84 ] CVE-2012-5070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070
[ 85 ] CVE-2012-5071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071
[ 86 ] CVE-2012-5072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072
[ 87 ] CVE-2012-5073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073
[ 88 ] CVE-2012-5074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074
[ 89 ] CVE-2012-5075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075
[ 90 ] CVE-2012-5076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076
[ 91 ] CVE-2012-5077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077
[ 92 ] CVE-2012-5081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081
[ 93 ] CVE-2012-5084
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084
[ 94 ] CVE-2012-5085
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085
[ 95 ] CVE-2012-5086
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086
[ 96 ] CVE-2012-5087
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087
[ 97 ] CVE-2012-5089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089
[ 98 ] CVE-2012-5979
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979
[ 99 ] CVE-2013-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169
[ 100 ] CVE-2013-0401
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401
[ 101 ] CVE-2013-0424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424
[ 102 ] CVE-2013-0425
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425
[ 103 ] CVE-2013-0426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426
[ 104 ] CVE-2013-0427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427
[ 105 ] CVE-2013-0428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428
[ 106 ] CVE-2013-0429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429
[ 107 ] CVE-2013-0431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431
[ 108 ] CVE-2013-0432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432
[ 109 ] CVE-2013-0433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433
[ 110 ] CVE-2013-0434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434
[ 111 ] CVE-2013-0435
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435
[ 112 ] CVE-2013-0440
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440
[ 113 ] CVE-2013-0441
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441
[ 114 ] CVE-2013-0442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442
[ 115 ] CVE-2013-0443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443
[ 116 ] CVE-2013-0444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444
[ 117 ] CVE-2013-0450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450
[ 118 ] CVE-2013-0809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809
[ 119 ] CVE-2013-1475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475
[ 120 ] CVE-2013-1476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476
[ 121 ] CVE-2013-1478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478
[ 122 ] CVE-2013-1480
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480
[ 123 ] CVE-2013-1484
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484
[ 124 ] CVE-2013-1485
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485
[ 125 ] CVE-2013-1486
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486
[ 126 ] CVE-2013-1488
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488
[ 127 ] CVE-2013-1493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493
[ 128 ] CVE-2013-1500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500
[ 129 ] CVE-2013-1518
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518
[ 130 ] CVE-2013-1537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537
[ 131 ] CVE-2013-1557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557
[ 132 ] CVE-2013-1569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569
[ 133 ] CVE-2013-1571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571
[ 134 ] CVE-2013-2383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383
[ 135 ] CVE-2013-2384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384
[ 136 ] CVE-2013-2407
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407
[ 137 ] CVE-2013-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412
[ 138 ] CVE-2013-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415
[ 139 ] CVE-2013-2417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417
[ 140 ] CVE-2013-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419
[ 141 ] CVE-2013-2420
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420
[ 142 ] CVE-2013-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421
[ 143 ] CVE-2013-2422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422
[ 144 ] CVE-2013-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423
[ 145 ] CVE-2013-2424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424
[ 146 ] CVE-2013-2426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426
[ 147 ] CVE-2013-2429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429
[ 148 ] CVE-2013-2430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430
[ 149 ] CVE-2013-2431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431
[ 150 ] CVE-2013-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436
[ 151 ] CVE-2013-2443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443
[ 152 ] CVE-2013-2444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444
[ 153 ] CVE-2013-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445
[ 154 ] CVE-2013-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446
[ 155 ] CVE-2013-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447
[ 156 ] CVE-2013-2448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448
[ 157 ] CVE-2013-2449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449
[ 158 ] CVE-2013-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450
[ 159 ] CVE-2013-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451
[ 160 ] CVE-2013-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452
[ 161 ] CVE-2013-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453
[ 162 ] CVE-2013-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454
[ 163 ] CVE-2013-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455
[ 164 ] CVE-2013-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456
[ 165 ] CVE-2013-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457
[ 166 ] CVE-2013-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458
[ 167 ] CVE-2013-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459
[ 168 ] CVE-2013-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460
[ 169 ] CVE-2013-2461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461
[ 170 ] CVE-2013-2463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463
[ 171 ] CVE-2013-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465
[ 172 ] CVE-2013-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469
[ 173 ] CVE-2013-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470
[ 174 ] CVE-2013-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471
[ 175 ] CVE-2013-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472
[ 176 ] CVE-2013-2473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473
[ 177 ] CVE-2013-3829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829
[ 178 ] CVE-2013-4002
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002
[ 179 ] CVE-2013-5772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772
[ 180 ] CVE-2013-5774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774
[ 181 ] CVE-2013-5778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778
[ 182 ] CVE-2013-5780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780
[ 183 ] CVE-2013-5782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782
[ 184 ] CVE-2013-5783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783
[ 185 ] CVE-2013-5784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784
[ 186 ] CVE-2013-5790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790
[ 187 ] CVE-2013-5797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797
[ 188 ] CVE-2013-5800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800
[ 189 ] CVE-2013-5802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802
[ 190 ] CVE-2013-5803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803
[ 191 ] CVE-2013-5804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804
[ 192 ] CVE-2013-5805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805
[ 193 ] CVE-2013-5806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806
[ 194 ] CVE-2013-5809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809
[ 195 ] CVE-2013-5814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814
[ 196 ] CVE-2013-5817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817
[ 197 ] CVE-2013-5820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820
[ 198 ] CVE-2013-5823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823
[ 199 ] CVE-2013-5825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825
[ 200 ] CVE-2013-5829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829
[ 201 ] CVE-2013-5830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830
[ 202 ] CVE-2013-5840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840
[ 203 ] CVE-2013-5842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842
[ 204 ] CVE-2013-5849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849
[ 205 ] CVE-2013-5850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850
[ 206 ] CVE-2013-5851
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851
[ 207 ] CVE-2013-6629
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629
[ 208 ] CVE-2013-6954
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954
[ 209 ] CVE-2014-0429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429
[ 210 ] CVE-2014-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446
[ 211 ] CVE-2014-0451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451
[ 212 ] CVE-2014-0452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452
[ 213 ] CVE-2014-0453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453
[ 214 ] CVE-2014-0456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456
[ 215 ] CVE-2014-0457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457
[ 216 ] CVE-2014-0458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458
[ 217 ] CVE-2014-0459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459
[ 218 ] CVE-2014-0460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460
[ 219 ] CVE-2014-0461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461
[ 220 ] CVE-2014-1876
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876
[ 221 ] CVE-2014-2397
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397
[ 222 ] CVE-2014-2398
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398
[ 223 ] CVE-2014-2403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403
[ 224 ] CVE-2014-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412
[ 225 ] CVE-2014-2414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414
[ 226 ] CVE-2014-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421
[ 227 ] CVE-2014-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423
[ 228 ] CVE-2014-2427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-32.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
uCosminexus Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA49578
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49578/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49578
RELEASE DATE:
2012-06-15
DISCUSS ADVISORY:
http://secunia.com/advisories/49578/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49578/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49578
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Hitachi has acknowledged multiple vulnerabilities in uCosminexus
products, which can be exploited by malicious, local users to
disclose potentially sensitive information, manipulate certain data,
and cause a DoS (Denial of Service) and by malicious people to
conduct cross-site scripting attacks, disclose potentially sensitive
information, manipulate certain data, cause a DoS (Denial of
Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled
version of Cosminexus Developer's Kit for Java.
For more information:
SA49472
Please see the vendor's advisory for a list of affected products.
ORIGINAL ADVISORY:
HS12-015:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-015/index.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201206-0336 | CVE-2012-0677 | Apple iTunes Heap-based buffer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. Apple iTunes is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. iTunes is a free application for your Mac or PC. It lets you organize and play digital music and video on your computer. It can automatically download new music, app, and book purchases across all your devices and computers. And it’s a store that has everything you need to be entertained. Anywhere. a specially crafted .M3U file. Successful exploitation could allow execution of arbitrary code on the affected node.<br/><br/> --------------------------------------------------------------------------------<br/><br/><code> (940.fc0): Access violation - code c0000005 (!!! second chance !!!)<br/> eax=41414141 ebx=08508cd8 ecx=41414141 edx=052a6528 esi=052a64b0 edi=0559ef20<br/> eip=41414141 esp=0012d8e8 ebp=7c90ff2d iopl=0 nv up ei pl nz na pe nc<br/> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206<br/><unloaded_card.dll>+0x41414130:<br/> 41414141 ?? ???<br/><br/> ~~~<br/><br/> (6b0.a04): Access violation - code c0000005 (!!! second chance !!!)<br/> eax=41414141 ebx=00000000 ecx=00000014 edx=41414141 esi=41414141 edi=0187e10d<br/> eip=0187deec esp=0b0cfcd0 ebp=0b0cfcf0 iopl=0 nv up ei pl nz na pe nc<br/> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206<br/> Defaulted to export symbols for C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll -<br/> CoreFoundation!CFWriteStreamCreateWithAllocatedBuffers+0x40:<br/> 0187deec 8b00 mov eax,dword ptr [eax] ds:0023:41414141=????????<br/></unloaded_card.dll></code><br/> --------------------------------------------------------------------------------<br/><br/>Tested on: Microsoft Windows XP Professional SP3 EN (32bit)Microsoft Windows 7 Ultimate SP1 EN (64bit). Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-06-11-1 iTunes 10.6.3
iTunes 10.6.3 is now available and addresses the following:
iTunes
Available for: Mac OS X v10.5 or later, Windows 7, Vista,
XP SP2 or later
Impact: Importing a maliciously crafted .m3u playlist may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of .m3u
playlists.
CVE-ID
CVE-2012-0677 : Gjoko Krstic of Zero Science Lab
WebKit
Available for: Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in WebKit.
CVE-ID
CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome
Security Team
iTunes 10.6.3 may be obtained from:
http://www.apple.com/itunes/download/
For Mac OS X:
The download file is named: "iTunes10.6.3.dmg"
Its SHA-1 digest is: e673e5cbd2955130efbc92a788fff178e66bd155
For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 2618f701f1d1a853e33138a57bec193bcd08438e
For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: 3806af762a066fde3d7e83f86a429ae40175561e
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJP1iVwAAoJEPefwLHPlZEwwCwQAK3GHSCBWGFlkIdf5A14STjH
418W8jBN7fYpZL04wnBxFC4n6r9213/TAIq+FBQAUpS1Q4442qWbJ7DUPCU34+aC
1nhRhL6vXCrfsIqZB7YdsGIrcSw3iAKpyszCyDfE6l4oqwQuGzeUsZ89ZTxvKMLw
QYelU0izAJHcBKDJ+GiQCSZjoYgOha9dW1rDE50EIc274SoyZqHBV1hs2fSkslMq
GWKgg3KGSt1QGf9dX9bE2Zgb6QYVXTr092/VuIvAP6GUn5ltMJ4Qu1+GUhzQXykj
6Av3gtrwoWHg7iG3X66+A3XQ6oIjKHTplA8LDC5a3g1bcECaJI/QDxfC4xIyIqhT
HUJPy1FH6cFKTVGEF7h4HvcQKjpbt20UuCE4a9Om8PPw2P/iaBNnS+jV5AQ/RVwL
nfhxNQkNg0rYmFfUFjNWajjK+YWgjTN/Ny3Ba4hTl66PV5OSHtkQtIJtDTJcAxP0
7hX/CaEU9TnJl5HKmlhNv1PvqMmM951N39ODbf+zG23yVw+2hmE1SWDcJxAAv1LD
sCMFh5vesPb/7Bvbc1Qi23lX27gjYA3bzPnwREdEQ+9nyiKbwFAvIZ5KwszIdmlR
qIlGpIvpQOJYEC3aVq7tDlABkwF7pBaAGOQqYpP8O+iM7kJNDGCVaGWEL2OuVHjY
bGLlmB3ueonyCP+g94nH
=IxYx
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iTunes Two Vulnerabilities
SECUNIA ADVISORY ID:
SA49489
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49489/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49489
RELEASE DATE:
2012-06-12
DISCUSS ADVISORY:
http://secunia.com/advisories/49489/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49489/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49489
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has reported two vulnerabilities in Apple iTunes, which can be
exploited by malicious people to compromise a user's system.
2) A vulnerability is caused due to a bundled vulnerable version of
WebKit.
For more information see vulnerability #3 in:
SA48454
NOTE: This vulnerability does not affect the application on OS X Lion
systems.
SOLUTION:
Update to version 10.6.3.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Gjoko Krstic, Zero Science Lab.
2) Adam Barth and Abhishek Arya, Google Chrome Security Team.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5318
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201206-0104 | CVE-2012-2753 | Check Point Vulnerabilities that can be authorized in multiple products |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory. DLL It may be possible to get permission through the file. Check Point Endpoint Connect is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. Check Point Endpoint Security is a set of endpoint security solutions from Check Point Company in the United States. This solution combines firewall, network access control, anti-virus, anti-spyware, data security and other functions to ensure that terminal PCs are free from Web-based threats. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Check Point Endpoint Connect Insecure Library Loading Vulnerability
SECUNIA ADVISORY ID:
SA49432
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49432/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49432
RELEASE DATE:
2012-06-11
DISCUSS ADVISORY:
http://secunia.com/advisories/49432/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49432/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49432
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Check Point EndPoint Connect,
which can be exploited by malicious people to compromise a user's
system.
The vulnerability is caused due to the application loading certain
libraries in an insecure manner. This can be exploited to load
arbitrary libraries by tricking a user into opening unspecified file
types located on a remote WebDAV or SMB share.
Successful exploitation allows execution of arbitrary code.
SOLUTION:
Apply available hotfixes.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Moshe Zioni, Comsec Consulting.
ORIGINAL ADVISORY:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480&src=securityAlerts
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
A user with local disk access can carefuly construct a DLL that suits a pattern
that is being traversed by the client and implement it somewhere along the
search path and the client will load it seamlessly.
Impact
==========
After the DLL has been implemented, an unsuspected user that will run the
program will cause it to load, resulting in arbitrary code execution with
user's privilege level.
Solution
==========
Apply the appropriate Hotfix released by Checkpoint (one line URL):
https://supportcenter.checkpoint.com/supportcenter/portal?
eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480
Credits
==========
The issue was responsibly reported by Moshe Zioni from Comsec Global Consulting.
Timeline
===========
11 June 2012
Checkpoint officialy announce a Hotfix for the issue
6 June 2012
Checkpoint reported on finishing a fix to the reported issue
16 May 2012
Further correspondance (Comsec-Checkpoint) took place, discussing a remidiation
15 May 2012
First response from Checkpoint Security Team
15 May 2012
Bug reported by Moshe Zioni from Comsec Global Consulting
References
===========
Checkpoint
http://www.checkpoint.com/
Comsec Global Consulting
http://www.comsecglobal.com/
| VAR-201206-0236 | CVE-2012-1825 | ForeScout CounterACT Cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter. ForeScout Provided by CounterACT Contains a cross-site scripting vulnerability. ForeScout Provided by CounterACT of Web The interface contains a cross-site scripting vulnerability. Details are provided by the developer ForeScout Security Advisory 12-01 ( Registered users only ) (http://updates.forescout.com/support) Please confirm.An arbitrary script may be executed on the user's web browser. ForeScout CounterACT is an automated security control platform. ForeScout CounterACT 'username' and 'loginname' have cross-site scripting vulnerabilities, since the input passed to the state via the \"username\" and \"loginname\" parameters is not properly filtered before returning to the user, the attacker can exploit the vulnerability in the context of the affected site. Execute arbitrary HTML and script code in the user's browser session. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
ForeScout CounterACT "username" and "loginname" Cross-Site Scripting
Vulnerabilities
SECUNIA ADVISORY ID:
SA49481
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49481/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49481
RELEASE DATE:
2012-06-11
DISCUSS ADVISORY:
http://secunia.com/advisories/49481/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49481/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49481
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in ForeScout CounterACT, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
The vulnerabilities are reported in the following versions:
* 6.3.3.2 prior to Hotfix 4.12050.
* 6.3.4.0 prior to Hotfix 10.0.
* 6.3.4.1 prior to Hotfix 6.0.
* 6.3.4.10 prior to Hotfix 1.0.
SOLUTION:
Apply available hotfixes.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
US-CERT credits Travis Lee
ORIGINAL ADVISORY:
US-CERT:
http://www.kb.cert.org/vuls/id/815532
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201207-0327 | CVE-2012-1493 |
plural F5 In product SSH Login vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0489, VAR-E-201206-0488, VAR-E-201206-0487 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. F5 BIG-IP is a device product for application delivery services manufactured by F5 Network, which is mainly used for load balancing, business acceleration optimization and other purposes. F5 BIG-IP (11.x 10.x 9.x version) There is a set of public SSH public-private key pairs in the device file system, which can be used for user permission verification, and the root user authority is obtained after the verification is passed. The vulnerability can be used to remotely obtain management control of the device, and further launch attacks against related network information systems. Multiple F5 Products are prone to an unauthorized-access vulnerability.
A remote attacker can exploit this issue to gain unauthorized root access to affected devices. Successfully exploiting this issue allows attackers to completely compromise the devices.
The following products are affected:
BIG-IP LTM
BIG-IP GTM
BIG-IP ASM
BIG-IP Link Controller
BIG-IP PSM
BIG-IP WOM
BIG-IP APM
BIG-IP Analytics
BIG-IP Edge Gateway
Enterprise Manager. Malicious actors could exploit this vulnerability to manipulate the affected system. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
F5 Products Unspecified SSH Configuration Security Issue
SECUNIA ADVISORY ID:
SA49396
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49396/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49396
RELEASE DATE:
2012-06-08
DISCUSS ADVISORY:
http://secunia.com/advisories/49396/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49396/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49396
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A security issue has been reported in multiple F5 products, which can
be exploited by malicious people to compromise a vulnerable system.
The security issue is caused due to an unspecified configuration
error. No further information is currently available.
The security issue affects the following products and versions:
* BIG-IP LTM versions 9.x, 10.x, and 11.x
* BIG-IP GTM versions 9.x, 10.x, and 11.x
* BIG-IP ASM versions 9.x, 10.x, and 11.x
* BIG-IP Link Controller versions 9.x, 10.x, and 11.x
* BIG-IP PSM versions 9.x, 10.x, and 11.x
* BIG-IP WOM versions 10.x and 11.x
* BIG-IP APM versions 10.x and 11.x
* BIG-IP Edge Gateway versions 10.x and 11.x
* BIG-IP Analytics versions 11.x
* Enterprise Manager versions 1.x and 2.x
SOLUTION:
Update to the fixed versions. Please see vendor's advisory for more
details.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Florent Daignier, Matta Consulting.
ORIGINAL ADVISORY:
http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201206-0354 | CVE-2012-2037 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034. This vulnerability CVE-2012-2034 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.236"
References
==========
[ 1 ] CVE-2012-0779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779
[ 2 ] CVE-2012-2034
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2034
[ 3 ] CVE-2012-2035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2035
[ 4 ] CVE-2012-2036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2036
[ 5 ] CVE-2012-2037
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2037
[ 6 ] CVE-2012-2038
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2038
[ 7 ] CVE-2012-2039
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2039
[ 8 ] CVE-2012-2040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2040
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-21.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0722-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0722.html
Issue date: 2012-06-12
CVE Names: CVE-2012-2034 CVE-2012-2035 CVE-2012-2036
CVE-2012-2037 CVE-2012-2038 CVE-2012-2039
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
Several security flaws were found in the way flash-plugin displayed certain
SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-2034,
CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2039)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially-crafted web
page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
830310 - CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2039 flash-plugin: multiple code execution flaws (APSB12-14)
830311 - CVE-2012-2038 flash-plugin: information disclosure flaw (APSB12-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-2034.html
https://www.redhat.com/security/data/cve/CVE-2012-2035.html
https://www.redhat.com/security/data/cve/CVE-2012-2036.html
https://www.redhat.com/security/data/cve/CVE-2012-2037.html
https://www.redhat.com/security/data/cve/CVE-2012-2038.html
https://www.redhat.com/security/data/cve/CVE-2012-2039.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFP10/1XlSAg2UNWIIRAt0QAJ9cWmHh2pD6CwG2vlYYSFnpHJY2rgCghiNF
ixtzEGNgHcJfH27QkDYqNLk=
=picc
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201206-0353 | CVE-2012-2036 | Adobe Flash Player and Adobe AIR Integer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player is prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application or disclose sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.236"
References
==========
[ 1 ] CVE-2012-0779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779
[ 2 ] CVE-2012-2034
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2034
[ 3 ] CVE-2012-2035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2035
[ 4 ] CVE-2012-2036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2036
[ 5 ] CVE-2012-2037
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2037
[ 6 ] CVE-2012-2038
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2038
[ 7 ] CVE-2012-2039
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2039
[ 8 ] CVE-2012-2040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2040
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-21.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0722-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0722.html
Issue date: 2012-06-12
CVE Names: CVE-2012-2034 CVE-2012-2035 CVE-2012-2036
CVE-2012-2037 CVE-2012-2038 CVE-2012-2039
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3.
Several security flaws were found in the way flash-plugin displayed certain
SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-2034,
CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2039)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially-crafted web
page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
830310 - CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2039 flash-plugin: multiple code execution flaws (APSB12-14)
830311 - CVE-2012-2038 flash-plugin: information disclosure flaw (APSB12-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-2034.html
https://www.redhat.com/security/data/cve/CVE-2012-2035.html
https://www.redhat.com/security/data/cve/CVE-2012-2036.html
https://www.redhat.com/security/data/cve/CVE-2012-2037.html
https://www.redhat.com/security/data/cve/CVE-2012-2038.html
https://www.redhat.com/security/data/cve/CVE-2012-2039.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFP10/1XlSAg2UNWIIRAt0QAJ9cWmHh2pD6CwG2vlYYSFnpHJY2rgCghiNF
ixtzEGNgHcJfH27QkDYqNLk=
=picc
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201206-0355 | CVE-2012-2038 | Flash Player issue in implementations of the Same Origin Policy |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Flash Player contains an issue in implementations of the Same Origin Policy. SoundMixer.computeSpectrum() method, included in Flash Player, contains an issue in implementations of the Same Origin Policy. Mitsuaki Shiraishi of Symantec Japan, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker may obtain sound spectrum data that user playing in violation of the same-origin policy. Adobe Flash Player is prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application or disclose sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Attackers can exploit this vulnerability to obtain sensitive information by bypassing expected access restrictions with unknown vectors.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.236"
References
==========
[ 1 ] CVE-2012-0779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779
[ 2 ] CVE-2012-2034
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2034
[ 3 ] CVE-2012-2035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2035
[ 4 ] CVE-2012-2036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2036
[ 5 ] CVE-2012-2037
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2037
[ 6 ] CVE-2012-2038
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2038
[ 7 ] CVE-2012-2039
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2039
[ 8 ] CVE-2012-2040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2040
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-21.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0722-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0722.html
Issue date: 2012-06-12
CVE Names: CVE-2012-2034 CVE-2012-2035 CVE-2012-2036
CVE-2012-2037 CVE-2012-2038 CVE-2012-2039
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
Several security flaws were found in the way flash-plugin displayed certain
SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-2034,
CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2039)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially-crafted web
page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
830310 - CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2039 flash-plugin: multiple code execution flaws (APSB12-14)
830311 - CVE-2012-2038 flash-plugin: information disclosure flaw (APSB12-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-2034.html
https://www.redhat.com/security/data/cve/CVE-2012-2035.html
https://www.redhat.com/security/data/cve/CVE-2012-2036.html
https://www.redhat.com/security/data/cve/CVE-2012-2037.html
https://www.redhat.com/security/data/cve/CVE-2012-2038.html
https://www.redhat.com/security/data/cve/CVE-2012-2039.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFP10/1XlSAg2UNWIIRAt0QAJ9cWmHh2pD6CwG2vlYYSFnpHJY2rgCghiNF
ixtzEGNgHcJfH27QkDYqNLk=
=picc
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201206-0357 | CVE-2012-2040 | Adobe Flash Player and Adobe AIR Vulnerability that can be obtained by the right installer |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory. Adobe Flash Player is prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application or disclose sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to open a specially crafted SWF
file, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.236"
References
==========
[ 1 ] CVE-2012-0779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779
[ 2 ] CVE-2012-2034
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2034
[ 3 ] CVE-2012-2035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2035
[ 4 ] CVE-2012-2036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2036
[ 5 ] CVE-2012-2037
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2037
[ 6 ] CVE-2012-2038
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2038
[ 7 ] CVE-2012-2039
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2039
[ 8 ] CVE-2012-2040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2040
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-21.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201206-0356 | CVE-2012-2039 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. Adobe Flash Player is prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application or disclose sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.236"
References
==========
[ 1 ] CVE-2012-0779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779
[ 2 ] CVE-2012-2034
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2034
[ 3 ] CVE-2012-2035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2035
[ 4 ] CVE-2012-2036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2036
[ 5 ] CVE-2012-2037
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2037
[ 6 ] CVE-2012-2038
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2038
[ 7 ] CVE-2012-2039
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2039
[ 8 ] CVE-2012-2040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2040
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-21.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0722-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0722.html
Issue date: 2012-06-12
CVE Names: CVE-2012-2034 CVE-2012-2035 CVE-2012-2036
CVE-2012-2037 CVE-2012-2038 CVE-2012-2039
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
Several security flaws were found in the way flash-plugin displayed certain
SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-2034,
CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2039)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially-crafted web
page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
830310 - CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2039 flash-plugin: multiple code execution flaws (APSB12-14)
830311 - CVE-2012-2038 flash-plugin: information disclosure flaw (APSB12-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-2034.html
https://www.redhat.com/security/data/cve/CVE-2012-2035.html
https://www.redhat.com/security/data/cve/CVE-2012-2036.html
https://www.redhat.com/security/data/cve/CVE-2012-2037.html
https://www.redhat.com/security/data/cve/CVE-2012-2038.html
https://www.redhat.com/security/data/cve/CVE-2012-2039.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFP10/1XlSAg2UNWIIRAt0QAJ9cWmHh2pD6CwG2vlYYSFnpHJY2rgCghiNF
ixtzEGNgHcJfH27QkDYqNLk=
=picc
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201206-0352 | CVE-2012-2035 | Adobe Flash Player and Adobe AIR Vulnerable to stack-based buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player is prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application or disclose sensitive information. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.236"
References
==========
[ 1 ] CVE-2012-0779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779
[ 2 ] CVE-2012-2034
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2034
[ 3 ] CVE-2012-2035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2035
[ 4 ] CVE-2012-2036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2036
[ 5 ] CVE-2012-2037
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2037
[ 6 ] CVE-2012-2038
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2038
[ 7 ] CVE-2012-2039
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2039
[ 8 ] CVE-2012-2040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2040
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-21.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0722-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0722.html
Issue date: 2012-06-12
CVE Names: CVE-2012-2034 CVE-2012-2035 CVE-2012-2036
CVE-2012-2037 CVE-2012-2038 CVE-2012-2039
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
Several security flaws were found in the way flash-plugin displayed certain
SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-2034,
CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2039)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially-crafted web
page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
830310 - CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2039 flash-plugin: multiple code execution flaws (APSB12-14)
830311 - CVE-2012-2038 flash-plugin: information disclosure flaw (APSB12-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-2034.html
https://www.redhat.com/security/data/cve/CVE-2012-2035.html
https://www.redhat.com/security/data/cve/CVE-2012-2036.html
https://www.redhat.com/security/data/cve/CVE-2012-2037.html
https://www.redhat.com/security/data/cve/CVE-2012-2038.html
https://www.redhat.com/security/data/cve/CVE-2012-2039.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFP10/1XlSAg2UNWIIRAt0QAJ9cWmHh2pD6CwG2vlYYSFnpHJY2rgCghiNF
ixtzEGNgHcJfH27QkDYqNLk=
=picc
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201206-0362 | CVE-2012-2034 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 7.5 Severity: HIGH |
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037. This vulnerability CVE-2012-2037 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.236"
References
==========
[ 1 ] CVE-2012-0779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779
[ 2 ] CVE-2012-2034
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2034
[ 3 ] CVE-2012-2035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2035
[ 4 ] CVE-2012-2036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2036
[ 5 ] CVE-2012-2037
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2037
[ 6 ] CVE-2012-2038
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2038
[ 7 ] CVE-2012-2039
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2039
[ 8 ] CVE-2012-2040
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2040
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-21.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0722-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0722.html
Issue date: 2012-06-12
CVE Names: CVE-2012-2034 CVE-2012-2035 CVE-2012-2036
CVE-2012-2037 CVE-2012-2038 CVE-2012-2039
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes several security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
Several security flaws were found in the way flash-plugin displayed certain
SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-2034,
CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2039)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially-crafted web
page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
830310 - CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2039 flash-plugin: multiple code execution flaws (APSB12-14)
830311 - CVE-2012-2038 flash-plugin: information disclosure flaw (APSB12-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.20-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.20-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.20-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.20-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-2034.html
https://www.redhat.com/security/data/cve/CVE-2012-2035.html
https://www.redhat.com/security/data/cve/CVE-2012-2036.html
https://www.redhat.com/security/data/cve/CVE-2012-2037.html
https://www.redhat.com/security/data/cve/CVE-2012-2038.html
https://www.redhat.com/security/data/cve/CVE-2012-2039.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFP10/1XlSAg2UNWIIRAt0QAJ9cWmHh2pD6CwG2vlYYSFnpHJY2rgCghiNF
ixtzEGNgHcJfH27QkDYqNLk=
=picc
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201208-0291 | CVE-2012-4355 |
Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354. Sielco Sistemi Winlog Pro SCADA and Winlog Lite SCADA of TCPIPS_Story.dll Contains a vulnerability that allows arbitrary code execution. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Winlog Pro is prone to the following security vulnerabilities:
1. Multiple code-execution vulnerabilities.
2. A stack-based buffer-overflow vulnerability.
3. A directory-traversal vulnerability.
Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0290 | CVE-2012-4354 |
Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Vulnerabilities in TCPIPS_Story.dll in versions of Sielco Sistemi Winlog Pro prior to SCADA 2.07.17 and versions prior to Winlog Lite SCADA 2.07.17. Winlog Pro is prone to the following security vulnerabilities:
1. Multiple code-execution vulnerabilities.
2. A stack-based buffer-overflow vulnerability.
3. A directory-traversal vulnerability.
Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0289 | CVE-2012-4353 |
Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function, a different vulnerability than CVE-2012-3815. NOTE: some of these details are obtained from third party information. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Winlog Pro is prone to the following security vulnerabilities:
1. Multiple code-execution vulnerabilities.
2. A stack-based buffer-overflow vulnerability.
3. A directory-traversal vulnerability.
Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible.
Winlog Pro 2.07.16 and prior are vulnerable. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0288 | CVE-2012-4359 |
Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Denial of service vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. A vulnerability exists in Sielco Sistemi Winlog Pro versions prior to SCADA 2.07.18 and versions prior to Winlog Lite SCADA 2.07.18. The vulnerability stems from the unverified ‘realloc’ function return value. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is prone to the following security vulnerabilities:
1. Multiple code-execution vulnerabilities.
2. A stack-based buffer-overflow vulnerability.
3. A directory-traversal vulnerability.
Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in RunTime.exe when
processing packets and can be exploited to cause a stack-based buffer
overflow via a specially crafted packet sent to TCP port 46824.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0287 | CVE-2012-4358 |
Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Denial of service vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. A vulnerability exists in Sielco Sistemi Winlog Pro versions prior to SCADA 2.07.17 and versions prior to Winlog Lite SCADA 2.07.17. The vulnerability stems from the unverified ‘realloc’ function return value. Winlog Pro is prone to the following security vulnerabilities:
1. Multiple code-execution vulnerabilities.
2. A stack-based buffer-overflow vulnerability.
3. A directory-traversal vulnerability.
Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in RunTime.exe when
processing packets and can be exploited to cause a stack-based buffer
overflow via a specially crafted packet sent to TCP port 46824.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0286 | CVE-2012-4357 |
Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Arbitrary code execution vulnerability
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Vulnerabilities in array indexes in Sielco Sistemi Winlog Pro versions prior to SCADA 2.07.17 and versions prior to Winlog Lite SCADA 2.07.17. Winlog Pro is prone to the following security vulnerabilities:
1. Multiple code-execution vulnerabilities.
2. A stack-based buffer-overflow vulnerability.
3. A directory-traversal vulnerability.
Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible.
Winlog Pro 2.07.16 and prior are vulnerable. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in RunTime.exe when
processing packets and can be exploited to cause a stack-based buffer
overflow via a specially crafted packet sent to TCP port 46824.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0285 | CVE-2012-4356 |
Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Multiple Directory Traversal Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201206-0149, VAR-E-201206-0148 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98. For opening files Opcode 0x78 and .. ( Dot dot ) Port number with pathname including 46824 To TCP packet For reading files Opcode (1) 0x96 , (2) 0x97 , (3) 0x98 Port number with 46824 To TCP packet. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Read file operations to read any file. Winlog Pro is prone to the following security vulnerabilities:
1. Multiple code-execution vulnerabilities.
2. A stack-based buffer-overflow vulnerability.
3. A directory-traversal vulnerability.
Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible.
Winlog Pro 2.07.16 and prior are vulnerable. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA49395
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49395/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE:
2012-06-06
DISCUSS ADVISORY:
http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
m1k3 has discovered a vulnerability in Winlog, which can be exploited
by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in RunTime.exe when
processing packets and can be exploited to cause a stack-based buffer
overflow via a specially crafted packet sent to TCP port 46824.
Successful exploitation allows execution of arbitrary code, but
requires a project to be configured for TCP server mode (not by
default).
The vulnerability is confirmed in version 2.07.14. Other versions may
also be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
m1k3
ORIGINAL ADVISORY:
http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201206-0072 | CVE-2012-2596 |
Siemens WinCC of Web Application XPath Vulnerability to read settings in function
Related entries in the VARIoT exploits database: VAR-E-201206-0992 |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters. There is a security vulnerability in the implementation, and an attacker can use the vulnerability to read or write system settings. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible. The vulnerability is related to 'XML injection' attacks.
The vulnerability is caused due to an input sanitisation error within
the DiagAgent web server and can be exploited to cause a buffer
overflow and crash the DiagAgent.
Successful exploitation requires the DiagAgent web server to be
enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA49341
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49341/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE:
2012-06-07
DISCUSS ADVISORY:
http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and some vulnerabilities have been reported in Siemens
SIMATIC WinCC, which can be exploited by malicious users to disclose
potentially sensitive information and system information and
manipulate certain data and by malicious people to conduct spoofing
and cross-site scripting attacks. This can be exploited to manipulate XPath
queries by injecting arbitrary XPath code and e.g.
2) Certain input passed via a filename to two unspecified web
applications is not properly verified before being used to display
files. This can be exploited to disclose the contents of arbitrary
files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not
properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to
redirect users. This can be exploited to redirect a user to an
arbitrary website e.g. when a user clicks a specially crafted link to
the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION:
Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey
Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis
Baranov, and Andrey Medov, Positive Technologies.
4) Reported by the vendor.
ORIGINAL ADVISORY:
Siemens:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------