VARIoT IoT vulnerabilities database

Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth33834. The problem is Bug ID CSCth33834 It is a problem.Service disruption by a third party via network traffic (DoS) There is a possibility of being put into a state. A remote attacker could exploit this vulnerability to cause a denial of service through network traffic. This vulnerability has been confirmed by the SEC-BE-STABLE test case, also known as Bug ID CSCth33834

Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366. IOS is prone to a denial-of-service vulnerability. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249. IOS is prone to a denial-of-service vulnerability. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315. The problem is Bug ID CSCti40315 It is a problem.By a third party (1) On hook and (2) Service operation disruption by triggering off-hook (DoS) There is a possibility of being put into a state. IP Communicator is prone to a denial-of-service vulnerability. A remote attacker can exploit this vulnerability to cause a denial of service by triggering (1) hook-on or (2) hook-off message vectors. This vulnerability has been confirmed by Plantronics headset, also known as Bug ID CSCti40315

Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143. The problem is Bug ID CSCtr78143 It is a problem.Cross-site scripting by a third party (XSS) Inserting a sequence could hijack administrator authentication for the request. Exploiting these issues could allow an attacker to execute arbitrary code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database in the context of the server process. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Cisco Secure ACS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA49101 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49101/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49101 RELEASE DATE: 2012-05-09 DISCUSS ADVISORY: http://secunia.com/advisories/49101/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49101/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49101 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco Secure ACS, where some have unknown impacts and others can be exploited by malicious people to conduct script insertion, cross-site request forgery, and SQL injection attacks. 1) Some unspecified errors. No further information is currently available. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions by tricking a logged in user into visiting a malicious web site. 3) Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 4) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Update to version 5.2.0.26 patch 9. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192. The problem is Bug ID CSCtr78192 It is a problem.By any third party Web Script or HTML May be inserted. Exploiting these issues could allow an attacker to execute arbitrary code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database in the context of the server process. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Cisco Secure ACS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA49101 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49101/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49101 RELEASE DATE: 2012-05-09 DISCUSS ADVISORY: http://secunia.com/advisories/49101/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49101/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49101 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco Secure ACS, where some have unknown impacts and others can be exploited by malicious people to conduct script insertion, cross-site request forgery, and SQL injection attacks. 1) Some unspecified errors. No further information is currently available. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions by tricking a logged in user into visiting a malicious web site. 3) Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 4) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Update to version 5.2.0.26 patch 9. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Untrusted search path vulnerability in WellinTech KingView 6.53 allows local users to gain privileges via a Trojan horse DLL in the current working directory. WellinTech KingView However, there is a vulnerability that can be obtained because the processing related to the search path is inadequate. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. DLL It may be possible to get permission through the file. KingView is a product for building data information service platforms for industrial automation. WellinTech KingView loads DLL files in an unsafe manner, and an attacker builds malicious files on a remote WebDAV or SMB share, enticing the user to parse, and can load malicious libraries in the application context. WellinTech KingView is prone to a vulnerability which allows attackers to execute arbitrary code. KingView 6.53 is vulnerable; other versions may also be affected

Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078. Google Chrome Is incomplete in the processing related to element floating, (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected. This vulnerability CVE-2011-3078 Is a different vulnerability.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, other attacks may also be possible. Versions prior to Chrome 18.0.1025.168 are vulnerable. Google Chrome is a web browser developed by Google (Google). ============================================================================ Ubuntu Security Notice USN-1617-1 October 25, 2012 webkit vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Multiple security vulnerabilities were fixed in WebKit. Software Description: - webkit: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKit browser and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libjavascriptcoregtk-1.0-0 1.8.3-0ubuntu0.12.04.1 libjavascriptcoregtk-3.0-0 1.8.3-0ubuntu0.12.04.1 libwebkitgtk-1.0-0 1.8.3-0ubuntu0.12.04.1 libwebkitgtk-3.0-0 1.8.3-0ubuntu0.12.04.1 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1617-1 CVE-2011-3031, CVE-2011-3038, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3051, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3076, CVE-2011-3081, CVE-2011-3086, CVE-2011-3090, CVE-2012-1521, CVE-2012-3598, CVE-2012-3601, CVE-2012-3604, CVE-2012-3611, CVE-2012-3612, CVE-2012-3617, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3645, CVE-2012-3652, CVE-2012-3657, CVE-2012-3669, CVE-2012-3670, CVE-2012-3671, CVE-2012-3672, CVE-2012-3674, CVE-2012-3674, https://launchpad.net/bugs/1058339 Package Information: https://launchpad.net/ubuntu/+source/webkit/1.8.3-0ubuntu0.12.04.1 . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48992 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48992/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48992 RELEASE DATE: 2012-05-01 DISCUSS ADVISORY: http://secunia.com/advisories/48992/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48992/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48992 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in floats handling. 2) A use-after-free error exists within the xml parser. 3) An error exists within the IPC validation. 4) A race condition exists within the sandbox IPC. 5) A second use-after-free error exists in floats handling. SOLUTION: Update to version 18.0.1025.168. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Marty Barbella, Google Chrome Security Team and miaubiz 2) SkyLined, Google Chrome Security Team and wushi, team509 via iDefense 3) PinkiePie 4) Willem Pinckaers, Matasano. 5) miaubiz ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201205-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: May 15, 2012 Bugs: #414199 ID: 201205-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 18.0.1025.168 >= 18.0.1025.168 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-18.0.1025.168" References ========== [ 1 ] CVE-2011-3078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3078 [ 2 ] CVE-2011-3081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3081 [ 3 ] CVE-2012-1521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1521 [ 4 ] Release Notes 18.0.1025.168 http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30= .html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201205-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081. Google Chrome Is incomplete in the processing related to element floating, (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected. This vulnerability CVE-2011-3081 Is a different vulnerability.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, other attacks may also be possible. Versions prior to Chrome 18.0.1025.168 are vulnerable. Google Chrome is a web browser developed by Google (Google). ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48992 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48992/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48992 RELEASE DATE: 2012-05-01 DISCUSS ADVISORY: http://secunia.com/advisories/48992/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48992/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48992 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in floats handling. 2) A use-after-free error exists within the xml parser. 3) An error exists within the IPC validation. 4) A race condition exists within the sandbox IPC. 5) A second use-after-free error exists in floats handling. SOLUTION: Update to version 18.0.1025.168. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Marty Barbella, Google Chrome Security Team and miaubiz 2) SkyLined, Google Chrome Security Team and wushi, team509 via iDefense 3) PinkiePie 4) Willem Pinckaers, Matasano. 5) miaubiz ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201205-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: May 15, 2012 Bugs: #414199 ID: 201205-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 18.0.1025.168 >= 18.0.1025.168 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-18.0.1025.168" References ========== [ 1 ] CVE-2011-3078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3078 [ 2 ] CVE-2011-3081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3081 [ 3 ] CVE-2012-1521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1521 [ 4 ] Release Notes 18.0.1025.168 http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30= .html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201205-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-1524-1 August 08, 2012 webkit vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Multiple security vulnerabilities were fixed in WebKit. Software Description: - webkit: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKit browser and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1 libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1 libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1 libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1524-1 CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615, CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283 Package Information: https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-12-1 iTunes 10.7 iTunes 10.7 is now available and addresses the following: WebKit Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues are addressed through improved memory handling. CVE-ID CVE-2011-3016 : miaubiz CVE-2011-3021 : Arthur Gerkis CVE-2011-3027 : miaubiz CVE-2011-3032 : Arthur Gerkis CVE-2011-3034 : Arthur Gerkis CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur Gerkis CVE-2011-3036 : miaubiz CVE-2011-3037 : miaubiz CVE-2011-3038 : miaubiz CVE-2011-3039 : miaubiz CVE-2011-3040 : miaubiz CVE-2011-3041 : miaubiz CVE-2011-3042 : miaubiz CVE-2011-3043 : miaubiz CVE-2011-3044 : Arthur Gerkis CVE-2011-3050 : miaubiz CVE-2011-3053 : miaubiz CVE-2011-3059 : Arthur Gerkis CVE-2011-3060 : miaubiz CVE-2011-3064 : Atte Kettunen of OUSPG CVE-2011-3068 : miaubiz CVE-2011-3069 : miaubiz CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative CVE-2011-3073 : Arthur Gerkis CVE-2011-3074 : Slawomir Blazek CVE-2011-3075 : miaubiz CVE-2011-3076 : miaubiz CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team CVE-2011-3081 : miaubiz CVE-2011-3086 : Arthur Gerkis CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz CVE-2011-3090 : Arthur Gerkis CVE-2011-3105 : miaubiz CVE-2011-3913 : Arthur Gerkis CVE-2011-3924 : Arthur Gerkis CVE-2011-3926 : Arthur Gerkis CVE-2011-3958 : miaubiz CVE-2011-3966 : Aki Helin of OUSPG CVE-2011-3968 : Arthur Gerkis CVE-2011-3969 : Arthur Gerkis CVE-2011-3971 : Arthur Gerkis CVE-2012-0682 : Apple Product Security CVE-2012-0683 : Dave Mandelin of Mozilla CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A

Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, other attacks may also be possible. Versions prior to Chrome 18.0.1025.168 are vulnerable. Google Chrome is a web browser developed by Google (Google). ============================================================================ Ubuntu Security Notice USN-1617-1 October 25, 2012 webkit vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Multiple security vulnerabilities were fixed in WebKit. Software Description: - webkit: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKit browser and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libjavascriptcoregtk-1.0-0 1.8.3-0ubuntu0.12.04.1 libjavascriptcoregtk-3.0-0 1.8.3-0ubuntu0.12.04.1 libwebkitgtk-1.0-0 1.8.3-0ubuntu0.12.04.1 libwebkitgtk-3.0-0 1.8.3-0ubuntu0.12.04.1 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1617-1 CVE-2011-3031, CVE-2011-3038, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3051, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3076, CVE-2011-3081, CVE-2011-3086, CVE-2011-3090, CVE-2012-1521, CVE-2012-3598, CVE-2012-3601, CVE-2012-3604, CVE-2012-3611, CVE-2012-3612, CVE-2012-3617, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3645, CVE-2012-3652, CVE-2012-3657, CVE-2012-3669, CVE-2012-3670, CVE-2012-3671, CVE-2012-3672, CVE-2012-3674, CVE-2012-3674, https://launchpad.net/bugs/1058339 Package Information: https://launchpad.net/ubuntu/+source/webkit/1.8.3-0ubuntu0.12.04.1 . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48992 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48992/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48992 RELEASE DATE: 2012-05-01 DISCUSS ADVISORY: http://secunia.com/advisories/48992/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48992/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48992 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in floats handling. 2) A use-after-free error exists within the xml parser. 3) An error exists within the IPC validation. 4) A race condition exists within the sandbox IPC. 5) A second use-after-free error exists in floats handling. SOLUTION: Update to version 18.0.1025.168. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Marty Barbella, Google Chrome Security Team and miaubiz 2) SkyLined, Google Chrome Security Team and wushi, team509 via iDefense 3) PinkiePie 4) Willem Pinckaers, Matasano. 5) miaubiz ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201205-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: May 15, 2012 Bugs: #414199 ID: 201205-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 18.0.1025.168 >= 18.0.1025.168 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-18.0.1025.168" References ========== [ 1 ] CVE-2011-3078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3078 [ 2 ] CVE-2011-3081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3081 [ 3 ] CVE-2012-1521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1521 [ 4 ] Release Notes 18.0.1025.168 http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30= .html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201205-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers. ** Unsettled ** This case has not been confirmed as a vulnerability

Parallels Plesk Panel is a web host control panel with integrated web design, SaaS market and payment system. During the backup process, the PLESK panel will record the detailed log of the processing to /opt/psa/PMM/sessions (Debian/Ubuntu) and /usr/local/psa/PMM/sessions (Centos). The detailed log file is psadump. Log naming and globally readable, this file contains administrator information. Parallels Plesk Panel is prone to an insecure file-permission vulnerability. An attacker can exploit this issue to obtain sensitive information such as admin password. This may aid in further attacks

RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803. RuggedCom Rugged Operating System (ROS) contains a hard-coded user account with a predictable password. RuggedCom Inc is the world's leading manufacturer of high-performance networking and communication equipment for industrial environments. ROS also supports HTTP(S) and SSH services. It is currently incorrect whether these services use the factory, and it is also unclear whether successful or unsuccessful login attempts will be recorded. Ros is prone to a remote security vulnerability. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: RuggedCom Rugged Operating System Undocumented Account Security Issue SECUNIA ADVISORY ID: SA48963 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48963/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48963 RELEASE DATE: 2012-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/48963/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48963/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48963 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: JC CREW has reported a security issue in RuggedCom Rugged Operating System (ROS), which can be exploited by malicious people to bypass certain security restrictions. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: JC CREW ORIGINAL ADVISORY: JC CREW: http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0276.html US-CERT: http://www.kb.cert.org/vuls/id/889195 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

GE Intelligent Platforms Proficy HMI/SCADA\342\200\223iFIX is the world's leading industrial automation software solution that provides process visualization, data acquisition and data monitoring for production operations. Multiple GE Proficy products have remote buffer overflow vulnerabilities in the implementation of Ethernet interfaces. When processing Station Manager commands, user input is not properly verified. Causes an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition

GE Intelligent Platforms Proficy HMI/SCADA\342\200\223iFIX is the world's leading industrial automation software solution that provides process visualization, data acquisition and data monitoring for production operations. GE Proficy Machine Edition has an overflow vulnerability in the implementation of Trapi File Server (Trapiserver.exe), which is triggered by specially crafted HTTP messages. Causes a buffer overflow that causes a denial of service. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. GE Proficy Machine Edition 7.00 SIM 7 is vulnerable

RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session. Rugged Operating System (ROS) Has problems due to hard-coded user accounts. RuggedCom Provided by RuggedSwitch Used for series Rugged Operating System (ROS) Has user accounts that cannot be deleted. This account has a fixed username and a password that can be guessed.A remote attacker may be logged in as an administrator. RuggedCom Inc is the world's leading manufacturer of high-performance networking and communication equipment for industrial environments. This account password is based on the device's MAC address and can be easily obtained through reverse engineering. ROS also supports HTTP(S) and SSH services. It is currently incorrect whether these services use the factory, and it is also unclear whether successful or unsuccessful login attempts will be recorded. Rugged Operating System is prone to an unauthorized-access vulnerability due to a backdoor in all versions of the application. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: RuggedCom Rugged Operating System Undocumented Account Security Issue SECUNIA ADVISORY ID: SA48963 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48963/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48963 RELEASE DATE: 2012-04-25 DISCUSS ADVISORY: http://secunia.com/advisories/48963/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48963/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48963 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: JC CREW has reported a security issue in RuggedCom Rugged Operating System (ROS), which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to ROS containing an undocumented hardcoded username where the password is generated based on the MAC address and can be exploited to gain administrative access. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: JC CREW ORIGINAL ADVISORY: JC CREW: http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0276.html US-CERT: http://www.kb.cert.org/vuls/id/889195 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name. Samsung TV and BD products that support the 'Samsung Remote' mobile application are prone to multiple denial-of-service vulnerabilities

The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow. Samsung TV and BD products that support the 'Samsung Remote' mobile application are prone to multiple denial-of-service vulnerabilities. Remote attackers can exploit these issues to cause the device to crash, denying service to legitimate users

Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name. X.Org is an open source implementation of the X.Org Foundation for the X Window System. X.Org is prone to a local format-string vulnerability. An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201207-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: X.Org X Server: Privilege escalation Date: July 09, 2012 Bugs: #412609 ID: 201207-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A format string vulnerability in X.Org X Server may allow local privilege escalation or Denial of Service. NOTE: Exposure to this vulnerability is reduced in Gentoo due to X.Org X Server being built with "-D_FORTIFY_SOURCE=2" by default. Impact ====== A local attacker could gain escalated privileges or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All X.Org X Server 1.11.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.11.4-r1"= All X.Org X Server 1.10.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.10.6-r1"= X.Org X Server 1.9.x is not affected. References ========== [ 1 ] CVE-2012-2118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2118 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201207-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1502-1 July 11, 2012 xorg-server vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: The X.Org X server could be made to crash if a specially crafted input device was added. The default compiler options for the affected release should reduce the vulnerability to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: xserver-xorg-core 2:1.11.4-0ubuntu10.5 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1502-1 CVE-2012-2118 Package Information: https://launchpad.net/ubuntu/+source/xorg-server/2:1.11.4-0ubuntu10.5 . _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2118 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0299 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 00a312b53f5f738eb99136baa320b377 mbs1/x86_64/x11-server-1.11.4-12.1.mbs1.x86_64.rpm 5d7904e06c3ac9f9a2ec7ffc17e08e84 mbs1/x86_64/x11-server-common-1.11.4-12.1.mbs1.x86_64.rpm 0afd9ce4b40f61de739c6e044b18214d mbs1/x86_64/x11-server-devel-1.11.4-12.1.mbs1.x86_64.rpm cd0740f1c1b38629c715d4928b5b073c mbs1/x86_64/x11-server-source-1.11.4-12.1.mbs1.noarch.rpm f67e5502f5a3f539b63f3035b6d2bfeb mbs1/x86_64/x11-server-xdmx-1.11.4-12.1.mbs1.x86_64.rpm 0ade415fecb6b7025db51ca751713284 mbs1/x86_64/x11-server-xephyr-1.11.4-12.1.mbs1.x86_64.rpm e876de003069ff43554b5df2bb44a92c mbs1/x86_64/x11-server-xfake-1.11.4-12.1.mbs1.x86_64.rpm a063fca83d52a911533a0e65507593c5 mbs1/x86_64/x11-server-xfbdev-1.11.4-12.1.mbs1.x86_64.rpm d77deac2203fab6cd1dcff00bee9c706 mbs1/x86_64/x11-server-xnest-1.11.4-12.1.mbs1.x86_64.rpm 0d404052d4611a66228afadf3ce406c9 mbs1/x86_64/x11-server-xorg-1.11.4-12.1.mbs1.x86_64.rpm 28d31da41ae4293f0565a25c385058bd mbs1/x86_64/x11-server-xvfb-1.11.4-12.1.mbs1.x86_64.rpm f2c9457f6009e3d0f1b6cf29b575128f mbs1/SRPMS/x11-server-1.11.4-12.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZWOCmqjQ0CJFipgRAsWxAJwLgz1JpCiGvTEgKYKW/AC8wTjpsQCg6hrX 4uir2ZgG/O3KO+jNnlFYOpc= =4lwv -----END PGP SIGNATURE-----

SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Cisco Unified MeetingPlace versions prior to 7.1.2.6 (MR1) are affected. This solution provides a user environment that integrates voice, video and Web conferencing