VARIoT IoT vulnerabilities database

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment. Oracle GlassFish Server Is Web There are vulnerabilities that affect confidentiality and integrity due to incomplete handling of containers.There is a possibility that information will be leaked or altered by a third party. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. This vulnerability affects the following supported versions: GlassFish Enterprise Server 3.1.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2012:0734-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0734.html Issue date: 2012-06-13 CVE Names: CVE-2012-0551 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1721 CVE-2012-1722 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2012-0551, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 33 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 829354 - CVE-2012-1711 OpenJDK: improper protection of CORBA data models (CORBA, 7079902) 829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606) 829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614) 829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617) 829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851) 829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872) 829373 - CVE-2012-1723 OpenJDK: insufficient field accessibility checks (HotSpot, 7152811) 829374 - CVE-2012-1724 OpenJDK: XML parsing infinite loop (JAXP, 7157609) 829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial <init> verification (HotSpot, 7160757) 831353 - CVE-2012-1721 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 831354 - CVE-2012-1722 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 831355 - CVE-2012-0551 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0551.html https://www.redhat.com/security/data/cve/CVE-2012-1711.html https://www.redhat.com/security/data/cve/CVE-2012-1713.html https://www.redhat.com/security/data/cve/CVE-2012-1716.html https://www.redhat.com/security/data/cve/CVE-2012-1717.html https://www.redhat.com/security/data/cve/CVE-2012-1718.html https://www.redhat.com/security/data/cve/CVE-2012-1719.html https://www.redhat.com/security/data/cve/CVE-2012-1721.html https://www.redhat.com/security/data/cve/CVE-2012-1722.html https://www.redhat.com/security/data/cve/CVE-2012-1723.html https://www.redhat.com/security/data/cve/CVE-2012-1724.html https://www.redhat.com/security/data/cve/CVE-2012-1725.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP2PdfXlSAg2UNWIIRAmPoAKC0e7v7/kro/BSlg3WvTcUuUsY5GwCgnIxh yIn7jJFAEdlZRgCuCNL1mk0= =TbeE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Oracle GlassFish Enterprise Server Cross-Site Scripting and Request Forgery SECUNIA ADVISORY ID: SA48798 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48798/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48798 RELEASE DATE: 2012-04-18 DISCUSS ADVISORY: http://secunia.com/advisories/48798/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48798/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48798 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Security-Assessment.com has reported some vulnerabilities in Oracle GlassFish Enterprise Server, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. 1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. uploading an arbitrary WAR archive by tricking a logged-in administrator into visiting a specially crafted web page. 2) Input passed via multiple parameters to various scripts is not properly sanitised before being returned to the user. The vulnerabilities are reported in version 3.1.1 (build 12). SOLUTION: Apply patch (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Roberto Suggi Liverani, Security-Assessment.com. ORIGINAL ADVISORY: Oracle: https://blogs.oracle.com/security/entry/april_2012_critical_patch_update http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixSUNS Security-Assessment.com: http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_REST_CSRF.pdf http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_Multiple_XSS.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03441075 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03441075 Version: 1 HPSBUX02805 SSRT100919 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-08-13 Last Updated: 2012-08-13 - ----------------------------------------------------------------------------- Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. References: CVE-2012-0508, CVE-2012-0551, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725, CVE-2012-1726 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE 7.0.02 and 6.0.15 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-0508 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0551 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2012-1711 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-1713 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1716 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1718 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-1719 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2012-1720 (AV:L/AC:H/Au:N/C:P/I:P/A:P) 3.7 CVE-2012-1721 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1722 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1723 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1724 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-1725 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1726 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location http://www.hp.com/go/java HP-UX B.11.23, B.11.31 / JDK and JRE v7.0.02 or subsequent HP-UX B.11.23, B.11.31 / JDK and JRE v6.0.15 or subsequent HP-UX B.11.11, B.11.23 / JDK and JRE v6.0.15 or subsequent MANUAL ACTIONS: Yes - Update For Java v7.0 update to Java v7.0.02 or subsequent For Java v6.0 update to Java v6.0.15 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 =========== Jdk70.JDK70-COM Jdk70.JDK70-DEMO Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jre70.JRE70-COM Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.02.00 or subsequent HP-UX B.11.23 HP-UX B.11.31 =========== Jdk60.JDK60-COM Jdk60.JDK60-DEMO Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.15.00 or subsequent HP-UX B.11.11 HP-UX B.11.23 =========== Jdk60.JDK60-COM Jdk60.JDK60-DEMO Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W Jre60.JRE60-COM Jre60.JRE60-COM-DOC Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS action: install revision 1.6.0.15.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 13 August 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

An attacker can use this problem to execute arbitrary code on the affected machine for the purpose of the attack. EmbryoCore CMS is a content management system. There is a SQL injection vulnerability in EmbryoCore CMS. Because the EmbryoCore CMS fails to properly filter user-submitted input, remote attackers can exploit vulnerabilities to submit malicious SQL queries for database-sensitive information or control applications. Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible. EmbryoCore CMS 1.03 is vulnerable; other versions may also be affected

Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. nginx is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. nginx versions 1.1.3 through 1.1.18 and 1.0.7 through 1.0.14 are vulnerable; other versions may also be affected. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. Failure to do so will result in a denial of service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: nginx: User-assisted execution of arbitrary code Date: June 21, 2012 Bugs: #411751 ID: 201206-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow vulnerability in nginx could result in the execution of arbitrary code. Background ========== nginx is a robust, small, and high performance HTTP and reverse proxy server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 1.0.15 >= 1.0.15 Description =========== An error in ngx_http_mp4_module.c could cause a buffer overflow. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.15" References ========== [ 1 ] CVE-2012-2089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2089 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks. The Cisco IronPort WSA handles the key pair cache improperly. An attacker can forge any domain certificate through a man-in-the-middle attack to obtain encrypted sensitive information. Successfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions. The program offers features such as Web Reputation Filter (WBRS) and anti-malware scanning engine. AsyncOS is an operating system that runs on it. A remote attacker could exploit this vulnerability to perform a man-in-the-middle attack by injecting newly created credentials into a server-side session

Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks. When there is an error in verifying the \"basicConstraints\" parameter of the certificate in the certificate chain, it can be used to forge the certificate of any domain and obtain the encrypted information through the man-in-the-middle attack. Successfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions. The program offers features such as Web Reputation Filter (WBRS) and anti-malware scanning engine. The vulnerability is caused by the program not properly handling SSL and TLS security certificates. A remote attacker can exploit this vulnerability to implement a man-in-the-middle attack

Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file. PROMOTIC is a Windows-based SCADA software. PROMOTIC is prone to a remote code-execution vulnerability due to a use-after-free error. This may allow lead to corruption of valid data. Versions prior to PROMOTIC 8.1.7 are vulnerable

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks. Cisco IronPort WSA failed to revoke certificates through the CRL (Certificate Revocation List) or OCSP (Online Certificate Status Protocol) standards. Even if the client certificate can be created under the proxy CA context if the server-side certificate is revoked, an attacker could exploit this vulnerability to perform a MITM attack using the revoked certificate. Successfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions. The program offers features such as Web Reputation Filter (WBRS) and anti-malware scanning engine.   A successful exploitation could allow the malicious user to access sensitive information using man-in-the-middle attacks. Proof-of-concept code that exploits this vulnerability is publicly available. Cisco has not confirmed the vulnerability and software updates are not available

Fujitsu Interstage List Works has a vulnerability where, when Everyone or a group is granted permissions to access the archive folder and data through the management tool or command line, denying permissions for a specific user who belongs to these groups fails and is not reflected on the lists.A user who is denied permission to access a specific data may access and delete the list. Interstage List Works is an electronic form management software. Interstage List Works has a security vulnerability that allows malicious users to bypass security restrictions. Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions like disclosing or deleting data in archive folder; this may aid in launching further attacks. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Fujitsu Interstage List Works Archived Forms Security Bypass Weakness SECUNIA ADVISORY ID: SA48745 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48745/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48745 RELEASE DATE: 2012-04-11 DISCUSS ADVISORY: http://secunia.com/advisories/48745/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48745/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48745 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Interstage List Works, which can be exploited by malicious users to bypass certain security restrictions. This can be exploited to disclose or delete archived forms. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Apply the vendor workaround (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Fujitsu: http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_lw_201201.html JVN: http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-001932.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability.". Microsoft Forefront Unified Access Gateway is prone to a URI open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to spoof a UAG server or redirect legitimate network traffic intended for a UAG server. This may allow the attacker to masquerade as a legitimate server, aiding in further attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. Also known as "UAG Blind HTTP Redirection Vulnerability". ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Microsoft Forefront Unified Access Gateway Two Vulnerabilities SECUNIA ADVISORY ID: SA48787 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48787/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48787 RELEASE DATE: 2012-04-10 DISCUSS ADVISORY: http://secunia.com/advisories/48787/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48787/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48787 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and a vulnerability have been reported in Microsoft Forefront Unified Access Gateway, which can be exploited by malicious people to conduct spoofing attacks and disclose certain sensitive information. 1) A weakness in UAG allows redirecting users to an untrusted site e.g. spoofing a legitimate UAG Web interface. 2) An error within the default website configuration allows access to certain content from the external network. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS12-026 (KB2663860, KB2649261, KB2649262): http://technet.microsoft.com/en-us/security/bulletin/ms12-026 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System Technical Cyber Security Alert TA12-101A Microsoft Updates for Multiple Vulnerabilities Original release date: April 10, 2012 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer * Microsoft .NET Framework * Microsoft Office * Microsoft Server Software * Microsoft SQL Server * Microsoft Developer Tools * Microsoft Forefront United Access Gateway Overview There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft Server Software, Microsoft SQL Server, Microsoft Developer Tools, and Microsoft Forefront United Access Gateway. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for April 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. References * Microsoft Security Bulletin Summary for April 2012 - <http://technet.microsoft.com/en-us/security/bulletin/ms12-apr> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> * Microsoft Update - <https://www.update.microsoft.com/> * Microsoft Update Overview - <http://www.microsoft.com/security/updates/mu.aspx> * Turn Automatic Updating On or Off - <http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off> Revision History April 10, 2012: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA12-101A Feedback VU#507275" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-101A.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBT4R9vT/GkGVXE7GMAQJ9Kwf+KD4RrpgeT6CAAgILeIFesdYAGWvVBkS2 2HvmfVPJzwddWuPq66BHM+gfHHSIQ7l2zySp7U/pmAzAJ4xmsxg0Jog+R4IfOcDG qRUprowI1Uf6hdSZbsQz2Z3KJgcs3DrT7WxgTmbFVk7ezlkFUO1dn+hcAlmWSRzU nKjZBFOswTQqhrOIHit8BxKewt5vD4qwx37Rm2d8QrVaqohf40ih15ArK+VonU4b MB29KEtcNDKoaCRVBiKj1rgiGuLCVhYoz7aPq3ey4zTnFtqkU4zZR4hv+FaUJ4kO 2UCQzfsnMp3JDY+K68E+AchH0PtYOi2T5Dp3gtqdleaxr+tWOdShRg== =Iv8O -----END PGP SIGNATURE-----

Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability.". Microsoft Forefront Unified Access Gateway is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Microsoft Forefront Unified Access Gateway Two Vulnerabilities SECUNIA ADVISORY ID: SA48787 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48787/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48787 RELEASE DATE: 2012-04-10 DISCUSS ADVISORY: http://secunia.com/advisories/48787/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48787/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48787 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and a vulnerability have been reported in Microsoft Forefront Unified Access Gateway, which can be exploited by malicious people to conduct spoofing attacks and disclose certain sensitive information. 1) A weakness in UAG allows redirecting users to an untrusted site e.g. spoofing a legitimate UAG Web interface. 2) An error within the default website configuration allows access to certain content from the external network. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS12-026 (KB2663860, KB2649261, KB2649262): http://technet.microsoft.com/en-us/security/bulletin/ms12-026 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System Technical Cyber Security Alert TA12-101A Microsoft Updates for Multiple Vulnerabilities Original release date: April 10, 2012 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer * Microsoft .NET Framework * Microsoft Office * Microsoft Server Software * Microsoft SQL Server * Microsoft Developer Tools * Microsoft Forefront United Access Gateway Overview There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft Server Software, Microsoft SQL Server, Microsoft Developer Tools, and Microsoft Forefront United Access Gateway. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for April 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. References * Microsoft Security Bulletin Summary for April 2012 - <http://technet.microsoft.com/en-us/security/bulletin/ms12-apr> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> * Microsoft Update - <https://www.update.microsoft.com/> * Microsoft Update Overview - <http://www.microsoft.com/security/updates/mu.aspx> * Turn Automatic Updating On or Off - <http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off> Revision History April 10, 2012: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA12-101A Feedback VU#507275" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-101A.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBT4R9vT/GkGVXE7GMAQJ9Kwf+KD4RrpgeT6CAAgILeIFesdYAGWvVBkS2 2HvmfVPJzwddWuPq66BHM+gfHHSIQ7l2zySp7U/pmAzAJ4xmsxg0Jog+R4IfOcDG qRUprowI1Uf6hdSZbsQz2Z3KJgcs3DrT7WxgTmbFVk7ezlkFUO1dn+hcAlmWSRzU nKjZBFOswTQqhrOIHit8BxKewt5vD4qwx37Rm2d8QrVaqohf40ih15ArK+VonU4b MB29KEtcNDKoaCRVBiKj1rgiGuLCVhYoz7aPq3ey4zTnFtqkU4zZR4hv+FaUJ4kO 2UCQzfsnMp3JDY+K68E+AchH0PtYOi2T5Dp3gtqdleaxr+tWOdShRg== =Iv8O -----END PGP SIGNATURE-----

HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card. The HP ProCurve 5400 zl Switch is a network switch developed by Hewlett-Packard. Some flash cards distributed by the switch have malware, which can infect the user's system if the user connects to the flash card. Attackers can exploit this issue to infect a users's system. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: HP ProCurve 5400 zl Switch Malware Infected Compact Flash Card SECUNIA ADVISORY ID: SA48738 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48738/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48738 RELEASE DATE: 2012-04-11 DISCUSS ADVISORY: http://secunia.com/advisories/48738/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48738/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48738 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in the HP ProCurve 5400 zl Switch, which can be exploited by malicious people to compromise a users's system. Please see the vendor's advisory for a list of affected models and serial numbers. SOLUTION: Apply the vendor workaround (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03249176 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03249176 Version: 2 HPSBPV02754 SSRT100803 rev.2 - HP ProCurve 5400 zl Switch, Compact flash card contains trojan malware NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-04-26 Last Updated: 2012-04-26 Potential Security Impact: Local compromise of system integrity Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system's integrity. References: CVE-2012-0133 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This script will delete the fi(s) and directory without exposing a personal computer to the files on the compact flash. The operation of the switch is not impacted. This option is best for customers wanting to maximize the uptime of their network. Hardware Replacement Option : For those customers who have 5400 zl switch inventory that is not on their network and must be purged, this option allows for the Management Module to be replaced. Also, any customer that feels uncomfortable performing the Software Purge Option can choose the Hardware Replacement Option as well. An advanced replacement Management Module will be sent to the customer. Once it arrives, the original Management Module is returned to HP after the new one is installed. The downside to this option is that the 5400 zl switch must be powered down in order to replace the Management Module, resulting in downtime. Software Update Option (recommended) : The following Early Availability software update K.15.08.00007 is available which will automatically delete the malware trojan contents on the compact flash card if present. The software update also contains many other features and functionality enhancements for the switch. Note that updating the switch software should always be done with care and with an analysis of any potential impacts. Please refer to the release notes provided with the software update location below. For Options 1 or 2, please contact HP support: For customers with an HP Passport account, a web case can be submitted here: https://h10145.www1.hp.com/help/help_questions.aspx?l2id=48&SelectedTab=3 To talk to HP support directly, worldwide telephone numbers are available here: https://h10145.www1.hp.com/help/Help_ContactInfo.aspx?cwp=2&SelectedTab=2 For Option 3, the Early Availability software update K.15.08.00007 is available here: https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=J9533A The release notes for K.15.08.00007 is available here: http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c03277372/c03277372.pdf HISTORY Version:1 (rev.1) - 10 April 2012 Initial Release Version:2 (rev.2) - 26 April 2012 Updated case details and solution choices Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk+ZqmwACgkQ4B86/C0qfVk3EQCdELKvAW0sFV2DNpCn1cajRwTJ 0GAAoJfBY3H5ZeO9qRZvSu5lD933i78M =40Tv -----END PGP SIGNATURE-----

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles GetAliasMembership requests. When parsing the data send in the request Samba uses the field 'sids' to create a heap allocation but then uses another field, 'num_sids', to write data to the allocation. Because there is no check to see if 'num_sids' is smaller than 'sids' this could result in a heap buffer overflow that could lead to remote code execution. By sending a specially crafted packet, it is possible to cause Samba to use a different size for memory allocation than it uses for a memory copy loop. Samba is prone to a remote-code-execution vulnerability. Failed exploit attempts will cause a denial-of-service condition. Samba versions 3.0 through 3.6.3 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03365218 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03365218 Version: 1 HPSBUX02789 SSRT100824 rev.1 - HP-UX CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of Privileges NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-06-13 Last Updated: 2012-06-13 ---------------------------------------------------------------------------- - -- Potential Security Impact: Remote execution of arbitrary code, elevation of privileges Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). References: CVE-2012-1182, CVE-2012-2111 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX CIFS-Server (Samba) A.03.01.04 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1182 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-2111 (AV:N/AC:L/Au:S/C:P/I:P/A:P) 6.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software update to resolve the vulnerabilities. The update is available for download from http://software.hp.com HP-UX CIFS-Server (Samba) HP-UX Release / Apache Depot name A.03.01.05 11i v2 / B8725AA_A.03.01.05_HP-UX_B.11.23_IA_PA.depot 11i v3 / CIFS-SERVER_A.03.01.05_HP-UX_B.11.31_IA_PA.depot MANUAL ACTIONS: Yes - Update Install HP-UX CIFS-Server (Samba) A.03.01.05 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 ================== CIFS-Development.CIFS-PRG CIFS-Server.CIFS-ADMIN CIFS-Server.CIFS-DOC CIFS-Server.CIFS-LIB CIFS-Server.CIFS-RUN CIFS-Server.CIFS-UTIL action: install revision A.03.01.05 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 13 June 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Samba RPC Network Data Representation Marshalling Vulnerability SECUNIA ADVISORY ID: SA48742 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48742/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48742 RELEASE DATE: 2012-04-11 DISCUSS ADVISORY: http://secunia.com/advisories/48742/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48742/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48742 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the Network Data Representation (NDR) marshalling functionality when marshalling RPC calls and can be exploited via a specially crafted remote procedure call. The vulnerability is reported in versions prior to 3.0.37, 3.2.15, 3.3.16, 3.4.15, 3.5.13, and 3.6.3. SOLUTION: Update to version 3.0.37, 3.2.15, 3.3.16, 3.4.15, 3.5.13, or 3.6.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits Brian Gorenc and an anonymous person via ZDI. ORIGINAL ADVISORY: http://www.samba.org/samba/security/CVE-2012-1182 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: samba security update Advisory ID: RHSA-2012:0465-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0465.html Issue date: 2012-04-10 CVE Names: CVE-2012-1182 ===================================================================== 1. Summary: Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.0) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6.0.z) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. (CVE-2012-1182) Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 804093 - CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.39.el5_8.src.rpm i386: libsmbclient-3.0.33-3.39.el5_8.i386.rpm samba-3.0.33-3.39.el5_8.i386.rpm samba-client-3.0.33-3.39.el5_8.i386.rpm samba-common-3.0.33-3.39.el5_8.i386.rpm samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm samba-swat-3.0.33-3.39.el5_8.i386.rpm x86_64: libsmbclient-3.0.33-3.39.el5_8.i386.rpm libsmbclient-3.0.33-3.39.el5_8.x86_64.rpm samba-3.0.33-3.39.el5_8.x86_64.rpm samba-client-3.0.33-3.39.el5_8.x86_64.rpm samba-common-3.0.33-3.39.el5_8.i386.rpm samba-common-3.0.33-3.39.el5_8.x86_64.rpm samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm samba-debuginfo-3.0.33-3.39.el5_8.x86_64.rpm samba-swat-3.0.33-3.39.el5_8.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.39.el5_8.src.rpm i386: libsmbclient-devel-3.0.33-3.39.el5_8.i386.rpm samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm x86_64: libsmbclient-devel-3.0.33-3.39.el5_8.i386.rpm libsmbclient-devel-3.0.33-3.39.el5_8.x86_64.rpm samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm samba-debuginfo-3.0.33-3.39.el5_8.x86_64.rpm Red Hat Enterprise Linux Long Life (v. 5.3 server): Source: samba-3.0.33-3.7.el5_3.5.src.rpm i386: samba-3.0.33-3.7.el5_3.5.i386.rpm samba-client-3.0.33-3.7.el5_3.5.i386.rpm samba-common-3.0.33-3.7.el5_3.5.i386.rpm samba-debuginfo-3.0.33-3.7.el5_3.5.i386.rpm samba-swat-3.0.33-3.7.el5_3.5.i386.rpm ia64: samba-3.0.33-3.7.el5_3.5.ia64.rpm samba-client-3.0.33-3.7.el5_3.5.ia64.rpm samba-common-3.0.33-3.7.el5_3.5.ia64.rpm samba-debuginfo-3.0.33-3.7.el5_3.5.ia64.rpm samba-swat-3.0.33-3.7.el5_3.5.ia64.rpm x86_64: samba-3.0.33-3.7.el5_3.5.x86_64.rpm samba-client-3.0.33-3.7.el5_3.5.x86_64.rpm samba-common-3.0.33-3.7.el5_3.5.i386.rpm samba-common-3.0.33-3.7.el5_3.5.x86_64.rpm samba-debuginfo-3.0.33-3.7.el5_3.5.i386.rpm samba-debuginfo-3.0.33-3.7.el5_3.5.x86_64.rpm samba-swat-3.0.33-3.7.el5_3.5.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.6 server): Source: samba-3.0.33-3.29.el5_6.5.src.rpm i386: libsmbclient-3.0.33-3.29.el5_6.5.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.i386.rpm samba-3.0.33-3.29.el5_6.5.i386.rpm samba-client-3.0.33-3.29.el5_6.5.i386.rpm samba-common-3.0.33-3.29.el5_6.5.i386.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.i386.rpm samba-swat-3.0.33-3.29.el5_6.5.i386.rpm ia64: libsmbclient-3.0.33-3.29.el5_6.5.ia64.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.ia64.rpm samba-3.0.33-3.29.el5_6.5.ia64.rpm samba-client-3.0.33-3.29.el5_6.5.ia64.rpm samba-common-3.0.33-3.29.el5_6.5.ia64.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.ia64.rpm samba-swat-3.0.33-3.29.el5_6.5.ia64.rpm ppc: libsmbclient-3.0.33-3.29.el5_6.5.ppc.rpm libsmbclient-3.0.33-3.29.el5_6.5.ppc64.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.ppc.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.ppc64.rpm samba-3.0.33-3.29.el5_6.5.ppc.rpm samba-client-3.0.33-3.29.el5_6.5.ppc.rpm samba-common-3.0.33-3.29.el5_6.5.ppc.rpm samba-common-3.0.33-3.29.el5_6.5.ppc64.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.ppc.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.ppc64.rpm samba-swat-3.0.33-3.29.el5_6.5.ppc.rpm s390x: libsmbclient-3.0.33-3.29.el5_6.5.s390.rpm libsmbclient-3.0.33-3.29.el5_6.5.s390x.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.s390.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.s390x.rpm samba-3.0.33-3.29.el5_6.5.s390x.rpm samba-client-3.0.33-3.29.el5_6.5.s390x.rpm samba-common-3.0.33-3.29.el5_6.5.s390.rpm samba-common-3.0.33-3.29.el5_6.5.s390x.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.s390.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.s390x.rpm samba-swat-3.0.33-3.29.el5_6.5.s390x.rpm x86_64: libsmbclient-3.0.33-3.29.el5_6.5.i386.rpm libsmbclient-3.0.33-3.29.el5_6.5.x86_64.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_6.5.x86_64.rpm samba-3.0.33-3.29.el5_6.5.x86_64.rpm samba-client-3.0.33-3.29.el5_6.5.x86_64.rpm samba-common-3.0.33-3.29.el5_6.5.i386.rpm samba-common-3.0.33-3.29.el5_6.5.x86_64.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.i386.rpm samba-debuginfo-3.0.33-3.29.el5_6.5.x86_64.rpm samba-swat-3.0.33-3.29.el5_6.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba-3.0.33-3.39.el5_8.src.rpm i386: libsmbclient-3.0.33-3.39.el5_8.i386.rpm libsmbclient-devel-3.0.33-3.39.el5_8.i386.rpm samba-3.0.33-3.39.el5_8.i386.rpm samba-client-3.0.33-3.39.el5_8.i386.rpm samba-common-3.0.33-3.39.el5_8.i386.rpm samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm samba-swat-3.0.33-3.39.el5_8.i386.rpm ia64: libsmbclient-3.0.33-3.39.el5_8.ia64.rpm libsmbclient-devel-3.0.33-3.39.el5_8.ia64.rpm samba-3.0.33-3.39.el5_8.ia64.rpm samba-client-3.0.33-3.39.el5_8.ia64.rpm samba-common-3.0.33-3.39.el5_8.ia64.rpm samba-debuginfo-3.0.33-3.39.el5_8.ia64.rpm samba-swat-3.0.33-3.39.el5_8.ia64.rpm ppc: libsmbclient-3.0.33-3.39.el5_8.ppc.rpm libsmbclient-3.0.33-3.39.el5_8.ppc64.rpm libsmbclient-devel-3.0.33-3.39.el5_8.ppc.rpm libsmbclient-devel-3.0.33-3.39.el5_8.ppc64.rpm samba-3.0.33-3.39.el5_8.ppc.rpm samba-client-3.0.33-3.39.el5_8.ppc.rpm samba-common-3.0.33-3.39.el5_8.ppc.rpm samba-common-3.0.33-3.39.el5_8.ppc64.rpm samba-debuginfo-3.0.33-3.39.el5_8.ppc.rpm samba-debuginfo-3.0.33-3.39.el5_8.ppc64.rpm samba-swat-3.0.33-3.39.el5_8.ppc.rpm s390x: libsmbclient-3.0.33-3.39.el5_8.s390.rpm libsmbclient-3.0.33-3.39.el5_8.s390x.rpm libsmbclient-devel-3.0.33-3.39.el5_8.s390.rpm libsmbclient-devel-3.0.33-3.39.el5_8.s390x.rpm samba-3.0.33-3.39.el5_8.s390x.rpm samba-client-3.0.33-3.39.el5_8.s390x.rpm samba-common-3.0.33-3.39.el5_8.s390.rpm samba-common-3.0.33-3.39.el5_8.s390x.rpm samba-debuginfo-3.0.33-3.39.el5_8.s390.rpm samba-debuginfo-3.0.33-3.39.el5_8.s390x.rpm samba-swat-3.0.33-3.39.el5_8.s390x.rpm x86_64: libsmbclient-3.0.33-3.39.el5_8.i386.rpm libsmbclient-3.0.33-3.39.el5_8.x86_64.rpm libsmbclient-devel-3.0.33-3.39.el5_8.i386.rpm libsmbclient-devel-3.0.33-3.39.el5_8.x86_64.rpm samba-3.0.33-3.39.el5_8.x86_64.rpm samba-client-3.0.33-3.39.el5_8.x86_64.rpm samba-common-3.0.33-3.39.el5_8.i386.rpm samba-common-3.0.33-3.39.el5_8.x86_64.rpm samba-debuginfo-3.0.33-3.39.el5_8.i386.rpm samba-debuginfo-3.0.33-3.39.el5_8.x86_64.rpm samba-swat-3.0.33-3.39.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm i386: libsmbclient-3.5.10-115.el6_2.i686.rpm samba-client-3.5.10-115.el6_2.i686.rpm samba-common-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-winbind-3.5.10-115.el6_2.i686.rpm samba-winbind-clients-3.5.10-115.el6_2.i686.rpm x86_64: libsmbclient-3.5.10-115.el6_2.i686.rpm libsmbclient-3.5.10-115.el6_2.x86_64.rpm samba-client-3.5.10-115.el6_2.x86_64.rpm samba-common-3.5.10-115.el6_2.i686.rpm samba-common-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-winbind-3.5.10-115.el6_2.x86_64.rpm samba-winbind-clients-3.5.10-115.el6_2.i686.rpm samba-winbind-clients-3.5.10-115.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm i386: libsmbclient-devel-3.5.10-115.el6_2.i686.rpm samba-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-doc-3.5.10-115.el6_2.i686.rpm samba-domainjoin-gui-3.5.10-115.el6_2.i686.rpm samba-swat-3.5.10-115.el6_2.i686.rpm samba-winbind-devel-3.5.10-115.el6_2.i686.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.i686.rpm x86_64: libsmbclient-devel-3.5.10-115.el6_2.i686.rpm libsmbclient-devel-3.5.10-115.el6_2.x86_64.rpm samba-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-doc-3.5.10-115.el6_2.x86_64.rpm samba-domainjoin-gui-3.5.10-115.el6_2.x86_64.rpm samba-swat-3.5.10-115.el6_2.x86_64.rpm samba-winbind-devel-3.5.10-115.el6_2.i686.rpm samba-winbind-devel-3.5.10-115.el6_2.x86_64.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm x86_64: samba-client-3.5.10-115.el6_2.x86_64.rpm samba-common-3.5.10-115.el6_2.i686.rpm samba-common-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-winbind-3.5.10-115.el6_2.x86_64.rpm samba-winbind-clients-3.5.10-115.el6_2.i686.rpm samba-winbind-clients-3.5.10-115.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm x86_64: libsmbclient-3.5.10-115.el6_2.i686.rpm libsmbclient-3.5.10-115.el6_2.x86_64.rpm libsmbclient-devel-3.5.10-115.el6_2.i686.rpm libsmbclient-devel-3.5.10-115.el6_2.x86_64.rpm samba-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-doc-3.5.10-115.el6_2.x86_64.rpm samba-domainjoin-gui-3.5.10-115.el6_2.x86_64.rpm samba-swat-3.5.10-115.el6_2.x86_64.rpm samba-winbind-devel-3.5.10-115.el6_2.i686.rpm samba-winbind-devel-3.5.10-115.el6_2.x86_64.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.0): Source: samba-3.5.4-68.el6_0.3.src.rpm i386: libsmbclient-3.5.4-68.el6_0.3.i686.rpm samba-3.5.4-68.el6_0.3.i686.rpm samba-client-3.5.4-68.el6_0.3.i686.rpm samba-common-3.5.4-68.el6_0.3.i686.rpm samba-debuginfo-3.5.4-68.el6_0.3.i686.rpm samba-winbind-3.5.4-68.el6_0.3.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.3.i686.rpm ppc64: libsmbclient-3.5.4-68.el6_0.3.ppc.rpm libsmbclient-3.5.4-68.el6_0.3.ppc64.rpm samba-3.5.4-68.el6_0.3.ppc64.rpm samba-client-3.5.4-68.el6_0.3.ppc64.rpm samba-common-3.5.4-68.el6_0.3.ppc.rpm samba-common-3.5.4-68.el6_0.3.ppc64.rpm samba-debuginfo-3.5.4-68.el6_0.3.ppc.rpm samba-debuginfo-3.5.4-68.el6_0.3.ppc64.rpm samba-winbind-3.5.4-68.el6_0.3.ppc64.rpm samba-winbind-clients-3.5.4-68.el6_0.3.ppc.rpm samba-winbind-clients-3.5.4-68.el6_0.3.ppc64.rpm s390x: libsmbclient-3.5.4-68.el6_0.3.s390.rpm libsmbclient-3.5.4-68.el6_0.3.s390x.rpm samba-3.5.4-68.el6_0.3.s390x.rpm samba-client-3.5.4-68.el6_0.3.s390x.rpm samba-common-3.5.4-68.el6_0.3.s390.rpm samba-common-3.5.4-68.el6_0.3.s390x.rpm samba-debuginfo-3.5.4-68.el6_0.3.s390.rpm samba-debuginfo-3.5.4-68.el6_0.3.s390x.rpm samba-winbind-3.5.4-68.el6_0.3.s390x.rpm samba-winbind-clients-3.5.4-68.el6_0.3.s390.rpm samba-winbind-clients-3.5.4-68.el6_0.3.s390x.rpm x86_64: libsmbclient-3.5.4-68.el6_0.3.i686.rpm libsmbclient-3.5.4-68.el6_0.3.x86_64.rpm samba-3.5.4-68.el6_0.3.x86_64.rpm samba-client-3.5.4-68.el6_0.3.x86_64.rpm samba-common-3.5.4-68.el6_0.3.i686.rpm samba-common-3.5.4-68.el6_0.3.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.3.i686.rpm samba-debuginfo-3.5.4-68.el6_0.3.x86_64.rpm samba-winbind-3.5.4-68.el6_0.3.x86_64.rpm samba-winbind-clients-3.5.4-68.el6_0.3.i686.rpm samba-winbind-clients-3.5.4-68.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.1): Source: samba-3.5.6-86.el6_1.5.src.rpm i386: libsmbclient-3.5.6-86.el6_1.5.i686.rpm samba-3.5.6-86.el6_1.5.i686.rpm samba-client-3.5.6-86.el6_1.5.i686.rpm samba-common-3.5.6-86.el6_1.5.i686.rpm samba-debuginfo-3.5.6-86.el6_1.5.i686.rpm samba-winbind-3.5.6-86.el6_1.5.i686.rpm samba-winbind-clients-3.5.6-86.el6_1.5.i686.rpm ppc64: libsmbclient-3.5.6-86.el6_1.5.ppc.rpm libsmbclient-3.5.6-86.el6_1.5.ppc64.rpm samba-3.5.6-86.el6_1.5.ppc64.rpm samba-client-3.5.6-86.el6_1.5.ppc64.rpm samba-common-3.5.6-86.el6_1.5.ppc.rpm samba-common-3.5.6-86.el6_1.5.ppc64.rpm samba-debuginfo-3.5.6-86.el6_1.5.ppc.rpm samba-debuginfo-3.5.6-86.el6_1.5.ppc64.rpm samba-winbind-3.5.6-86.el6_1.5.ppc64.rpm samba-winbind-clients-3.5.6-86.el6_1.5.ppc.rpm samba-winbind-clients-3.5.6-86.el6_1.5.ppc64.rpm s390x: libsmbclient-3.5.6-86.el6_1.5.s390.rpm libsmbclient-3.5.6-86.el6_1.5.s390x.rpm samba-3.5.6-86.el6_1.5.s390x.rpm samba-client-3.5.6-86.el6_1.5.s390x.rpm samba-common-3.5.6-86.el6_1.5.s390.rpm samba-common-3.5.6-86.el6_1.5.s390x.rpm samba-debuginfo-3.5.6-86.el6_1.5.s390.rpm samba-debuginfo-3.5.6-86.el6_1.5.s390x.rpm samba-winbind-3.5.6-86.el6_1.5.s390x.rpm samba-winbind-clients-3.5.6-86.el6_1.5.s390.rpm samba-winbind-clients-3.5.6-86.el6_1.5.s390x.rpm x86_64: libsmbclient-3.5.6-86.el6_1.5.i686.rpm libsmbclient-3.5.6-86.el6_1.5.x86_64.rpm samba-3.5.6-86.el6_1.5.x86_64.rpm samba-client-3.5.6-86.el6_1.5.x86_64.rpm samba-common-3.5.6-86.el6_1.5.i686.rpm samba-common-3.5.6-86.el6_1.5.x86_64.rpm samba-debuginfo-3.5.6-86.el6_1.5.i686.rpm samba-debuginfo-3.5.6-86.el6_1.5.x86_64.rpm samba-winbind-3.5.6-86.el6_1.5.x86_64.rpm samba-winbind-clients-3.5.6-86.el6_1.5.i686.rpm samba-winbind-clients-3.5.6-86.el6_1.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm i386: libsmbclient-3.5.10-115.el6_2.i686.rpm samba-3.5.10-115.el6_2.i686.rpm samba-client-3.5.10-115.el6_2.i686.rpm samba-common-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-winbind-3.5.10-115.el6_2.i686.rpm samba-winbind-clients-3.5.10-115.el6_2.i686.rpm ppc64: libsmbclient-3.5.10-115.el6_2.ppc.rpm libsmbclient-3.5.10-115.el6_2.ppc64.rpm samba-3.5.10-115.el6_2.ppc64.rpm samba-client-3.5.10-115.el6_2.ppc64.rpm samba-common-3.5.10-115.el6_2.ppc.rpm samba-common-3.5.10-115.el6_2.ppc64.rpm samba-debuginfo-3.5.10-115.el6_2.ppc.rpm samba-debuginfo-3.5.10-115.el6_2.ppc64.rpm samba-winbind-3.5.10-115.el6_2.ppc64.rpm samba-winbind-clients-3.5.10-115.el6_2.ppc.rpm samba-winbind-clients-3.5.10-115.el6_2.ppc64.rpm s390x: libsmbclient-3.5.10-115.el6_2.s390.rpm libsmbclient-3.5.10-115.el6_2.s390x.rpm samba-3.5.10-115.el6_2.s390x.rpm samba-client-3.5.10-115.el6_2.s390x.rpm samba-common-3.5.10-115.el6_2.s390.rpm samba-common-3.5.10-115.el6_2.s390x.rpm samba-debuginfo-3.5.10-115.el6_2.s390.rpm samba-debuginfo-3.5.10-115.el6_2.s390x.rpm samba-winbind-3.5.10-115.el6_2.s390x.rpm samba-winbind-clients-3.5.10-115.el6_2.s390.rpm samba-winbind-clients-3.5.10-115.el6_2.s390x.rpm x86_64: libsmbclient-3.5.10-115.el6_2.i686.rpm libsmbclient-3.5.10-115.el6_2.x86_64.rpm samba-3.5.10-115.el6_2.x86_64.rpm samba-client-3.5.10-115.el6_2.x86_64.rpm samba-common-3.5.10-115.el6_2.i686.rpm samba-common-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-winbind-3.5.10-115.el6_2.x86_64.rpm samba-winbind-clients-3.5.10-115.el6_2.i686.rpm samba-winbind-clients-3.5.10-115.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6.0.z): Source: samba-3.5.4-68.el6_0.3.src.rpm i386: libsmbclient-devel-3.5.4-68.el6_0.3.i686.rpm samba-debuginfo-3.5.4-68.el6_0.3.i686.rpm samba-doc-3.5.4-68.el6_0.3.i686.rpm samba-domainjoin-gui-3.5.4-68.el6_0.3.i686.rpm samba-swat-3.5.4-68.el6_0.3.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.3.i686.rpm ppc64: libsmbclient-devel-3.5.4-68.el6_0.3.ppc.rpm libsmbclient-devel-3.5.4-68.el6_0.3.ppc64.rpm samba-debuginfo-3.5.4-68.el6_0.3.ppc.rpm samba-debuginfo-3.5.4-68.el6_0.3.ppc64.rpm samba-doc-3.5.4-68.el6_0.3.ppc64.rpm samba-domainjoin-gui-3.5.4-68.el6_0.3.ppc64.rpm samba-swat-3.5.4-68.el6_0.3.ppc64.rpm samba-winbind-devel-3.5.4-68.el6_0.3.ppc.rpm samba-winbind-devel-3.5.4-68.el6_0.3.ppc64.rpm s390x: libsmbclient-devel-3.5.4-68.el6_0.3.s390.rpm libsmbclient-devel-3.5.4-68.el6_0.3.s390x.rpm samba-debuginfo-3.5.4-68.el6_0.3.s390.rpm samba-debuginfo-3.5.4-68.el6_0.3.s390x.rpm samba-doc-3.5.4-68.el6_0.3.s390x.rpm samba-domainjoin-gui-3.5.4-68.el6_0.3.s390x.rpm samba-swat-3.5.4-68.el6_0.3.s390x.rpm samba-winbind-devel-3.5.4-68.el6_0.3.s390.rpm samba-winbind-devel-3.5.4-68.el6_0.3.s390x.rpm x86_64: libsmbclient-devel-3.5.4-68.el6_0.3.i686.rpm libsmbclient-devel-3.5.4-68.el6_0.3.x86_64.rpm samba-debuginfo-3.5.4-68.el6_0.3.i686.rpm samba-debuginfo-3.5.4-68.el6_0.3.x86_64.rpm samba-doc-3.5.4-68.el6_0.3.x86_64.rpm samba-domainjoin-gui-3.5.4-68.el6_0.3.x86_64.rpm samba-swat-3.5.4-68.el6_0.3.x86_64.rpm samba-winbind-devel-3.5.4-68.el6_0.3.i686.rpm samba-winbind-devel-3.5.4-68.el6_0.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: samba-3.5.6-86.el6_1.5.src.rpm i386: libsmbclient-devel-3.5.6-86.el6_1.5.i686.rpm samba-debuginfo-3.5.6-86.el6_1.5.i686.rpm samba-doc-3.5.6-86.el6_1.5.i686.rpm samba-domainjoin-gui-3.5.6-86.el6_1.5.i686.rpm samba-swat-3.5.6-86.el6_1.5.i686.rpm samba-winbind-devel-3.5.6-86.el6_1.5.i686.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.5.i686.rpm ppc64: libsmbclient-devel-3.5.6-86.el6_1.5.ppc.rpm libsmbclient-devel-3.5.6-86.el6_1.5.ppc64.rpm samba-debuginfo-3.5.6-86.el6_1.5.ppc.rpm samba-debuginfo-3.5.6-86.el6_1.5.ppc64.rpm samba-doc-3.5.6-86.el6_1.5.ppc64.rpm samba-domainjoin-gui-3.5.6-86.el6_1.5.ppc64.rpm samba-swat-3.5.6-86.el6_1.5.ppc64.rpm samba-winbind-devel-3.5.6-86.el6_1.5.ppc.rpm samba-winbind-devel-3.5.6-86.el6_1.5.ppc64.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.5.ppc64.rpm s390x: libsmbclient-devel-3.5.6-86.el6_1.5.s390.rpm libsmbclient-devel-3.5.6-86.el6_1.5.s390x.rpm samba-debuginfo-3.5.6-86.el6_1.5.s390.rpm samba-debuginfo-3.5.6-86.el6_1.5.s390x.rpm samba-doc-3.5.6-86.el6_1.5.s390x.rpm samba-domainjoin-gui-3.5.6-86.el6_1.5.s390x.rpm samba-swat-3.5.6-86.el6_1.5.s390x.rpm samba-winbind-devel-3.5.6-86.el6_1.5.s390.rpm samba-winbind-devel-3.5.6-86.el6_1.5.s390x.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.5.s390x.rpm x86_64: libsmbclient-devel-3.5.6-86.el6_1.5.i686.rpm libsmbclient-devel-3.5.6-86.el6_1.5.x86_64.rpm samba-debuginfo-3.5.6-86.el6_1.5.i686.rpm samba-debuginfo-3.5.6-86.el6_1.5.x86_64.rpm samba-doc-3.5.6-86.el6_1.5.x86_64.rpm samba-domainjoin-gui-3.5.6-86.el6_1.5.x86_64.rpm samba-swat-3.5.6-86.el6_1.5.x86_64.rpm samba-winbind-devel-3.5.6-86.el6_1.5.i686.rpm samba-winbind-devel-3.5.6-86.el6_1.5.x86_64.rpm samba-winbind-krb5-locator-3.5.6-86.el6_1.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm i386: libsmbclient-devel-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-doc-3.5.10-115.el6_2.i686.rpm samba-domainjoin-gui-3.5.10-115.el6_2.i686.rpm samba-swat-3.5.10-115.el6_2.i686.rpm samba-winbind-devel-3.5.10-115.el6_2.i686.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.i686.rpm ppc64: libsmbclient-devel-3.5.10-115.el6_2.ppc.rpm libsmbclient-devel-3.5.10-115.el6_2.ppc64.rpm samba-debuginfo-3.5.10-115.el6_2.ppc.rpm samba-debuginfo-3.5.10-115.el6_2.ppc64.rpm samba-doc-3.5.10-115.el6_2.ppc64.rpm samba-domainjoin-gui-3.5.10-115.el6_2.ppc64.rpm samba-swat-3.5.10-115.el6_2.ppc64.rpm samba-winbind-devel-3.5.10-115.el6_2.ppc.rpm samba-winbind-devel-3.5.10-115.el6_2.ppc64.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.ppc64.rpm s390x: libsmbclient-devel-3.5.10-115.el6_2.s390.rpm libsmbclient-devel-3.5.10-115.el6_2.s390x.rpm samba-debuginfo-3.5.10-115.el6_2.s390.rpm samba-debuginfo-3.5.10-115.el6_2.s390x.rpm samba-doc-3.5.10-115.el6_2.s390x.rpm samba-domainjoin-gui-3.5.10-115.el6_2.s390x.rpm samba-swat-3.5.10-115.el6_2.s390x.rpm samba-winbind-devel-3.5.10-115.el6_2.s390.rpm samba-winbind-devel-3.5.10-115.el6_2.s390x.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.s390x.rpm x86_64: libsmbclient-devel-3.5.10-115.el6_2.i686.rpm libsmbclient-devel-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-doc-3.5.10-115.el6_2.x86_64.rpm samba-domainjoin-gui-3.5.10-115.el6_2.x86_64.rpm samba-swat-3.5.10-115.el6_2.x86_64.rpm samba-winbind-devel-3.5.10-115.el6_2.i686.rpm samba-winbind-devel-3.5.10-115.el6_2.x86_64.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm i386: libsmbclient-3.5.10-115.el6_2.i686.rpm samba-3.5.10-115.el6_2.i686.rpm samba-client-3.5.10-115.el6_2.i686.rpm samba-common-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-winbind-3.5.10-115.el6_2.i686.rpm samba-winbind-clients-3.5.10-115.el6_2.i686.rpm x86_64: libsmbclient-3.5.10-115.el6_2.i686.rpm libsmbclient-3.5.10-115.el6_2.x86_64.rpm samba-3.5.10-115.el6_2.x86_64.rpm samba-client-3.5.10-115.el6_2.x86_64.rpm samba-common-3.5.10-115.el6_2.i686.rpm samba-common-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-winbind-3.5.10-115.el6_2.x86_64.rpm samba-winbind-clients-3.5.10-115.el6_2.i686.rpm samba-winbind-clients-3.5.10-115.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/samba-3.5.10-115.el6_2.src.rpm i386: libsmbclient-devel-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-doc-3.5.10-115.el6_2.i686.rpm samba-domainjoin-gui-3.5.10-115.el6_2.i686.rpm samba-swat-3.5.10-115.el6_2.i686.rpm samba-winbind-devel-3.5.10-115.el6_2.i686.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.i686.rpm x86_64: libsmbclient-devel-3.5.10-115.el6_2.i686.rpm libsmbclient-devel-3.5.10-115.el6_2.x86_64.rpm samba-debuginfo-3.5.10-115.el6_2.i686.rpm samba-debuginfo-3.5.10-115.el6_2.x86_64.rpm samba-doc-3.5.10-115.el6_2.x86_64.rpm samba-domainjoin-gui-3.5.10-115.el6_2.x86_64.rpm samba-swat-3.5.10-115.el6_2.x86_64.rpm samba-winbind-devel-3.5.10-115.el6_2.i686.rpm samba-winbind-devel-3.5.10-115.el6_2.x86_64.rpm samba-winbind-krb5-locator-3.5.10-115.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1182.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPhKMWXlSAg2UNWIIRAk8XAKCPxrS7IDoIlqr0tNZZiZEE3bCLIwCfZ0DY qQZ8Iim8i5o7EbExdP7Kkjc= =Q/7p -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-1423-1 April 13, 2012 samba vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Samba could be made to run programs as the administrator if it received specially crafted network traffic. Software Description: - samba: SMB/CIFS file, print, and login server for Unix Details: Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. (CVE-2012-1182) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: samba 2:3.5.11~dfsg-1ubuntu2.2 Ubuntu 11.04: samba 2:3.5.8~dfsg-1ubuntu2.4 Ubuntu 10.04 LTS: samba 2:3.4.7~dfsg-1ubuntu3.9 Ubuntu 8.04 LTS: samba 3.0.28a-1ubuntu4.18 In general, a standard system update will make all the necessary changes. Background ========== Samba is a suite of SMB and CIFS client/server programs. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-fs/samba < 3.5.15 >= 3.5.15 Description =========== Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Furthermore, a local attacker may be able to cause a Denial of Service condition or obtain sensitive information in a Samba credentials file. Workaround ========== There is no known workaround at this time. Resolution ========== All Samba users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/samba-3.5.15" References ========== [ 1 ] CVE-2009-2906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2906 [ 2 ] CVE-2009-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2948 [ 3 ] CVE-2010-0728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0728 [ 4 ] CVE-2010-1635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1635 [ 5 ] CVE-2010-1642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1642 [ 6 ] CVE-2010-2063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2063 [ 7 ] CVE-2010-3069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3069 [ 8 ] CVE-2011-0719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0719 [ 9 ] CVE-2011-1678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1678 [ 10 ] CVE-2011-2724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2724 [ 11 ] CVE-2012-0870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0870 [ 12 ] CVE-2012-1182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1182 [ 13 ] CVE-2012-2111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2111 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-22.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

The D20/D200 Substation Controller is the gateway to the SCADA master, downstream substation, and feeder of the IED. General Electric (GE) The D20ME is part of the GE D20Substation Controller product. The General Electric D20/D200 device contains multiple buffer overflow vulnerabilities in the TFTP server, allowing remote attackers to perform denial of service attacks on devices or to execute arbitrary code in the context of the application. D20/D200 Substation Controller is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition

Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL. Siemens Scalance X Switches is a switch device developed by Siemens. Siemens Scalance X Switches has security vulnerabilities that can be exploited by malicious users for denial of service attacks. When the embedded WEB server processes the HTTP request, there is an error, and the attacker sends a specially made request to the management WEB interface to restart the device. The following modules are affected by this vulnerability: * Scalance X414-3E* Scalance X308-2M* Scalance X-300EEC* Scalance XR-300* Scalance X-300. Successfully exploiting this issue allows an attacker to reboot the affected device, denying service to legitimate users. The following versions are vulnerable: Scalance X414-3E running firmware versions prior to 3.7.1 Scalance X switches running firmware versions prior to 3.7.2. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Siemens Scalance X Switches HTTP Request Handling Denial of Service SECUNIA ADVISORY ID: SA48730 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48730/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48730 RELEASE DATE: 2012-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/48730/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48730/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48730 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Siemens Scalance X Switches, which can be exploited by malicious people to cause a DoS (Denial of Service). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits J\xfcrgen Bilberger, Daimler TSS GmbH. ORIGINAL ADVISORY: Siemens SSA-130874: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-130874.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to CVE-1999-0116. The Sony BRAVIA KDL-32CX525 is an HD LCD TV. A denial of service vulnerability exists in Sony BRAVIA TV that originated from errors in processing datagrams. An attacker could exploit the vulnerability to cause a device to stop responding and eventually shut down with a brute force attack. This vulnerability exists in the KDL-32CX525 release and other versions may be affected. Bravia Tv is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Sony BRAVIA TV Datagram Flooding Denial of Service SECUNIA ADVISORY ID: SA48705 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48705/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48705 RELEASE DATE: 2012-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/48705/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48705/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48705 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Sony BRAVIA TV, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is reported in KDL-32CX525. SOLUTION: No fix is currently available. PROVIDED AND/OR DISCOVERED BY: Gabriel Menezes Nunes ORIGINAL ADVISORY: Gabriel Menezes Nunes: http://archives.neohapsis.com/archives/bugtraq/2012-04/0043.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service. CoDeSys is a PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. CoDeSys has an Access Verification Bypass vulnerability that allows an attacker to exploit an exploit for unauthorized access or to perform unauthorized configuration changes, including arbitrary code execution. The CoDeSys Runtime Toolkit does not require user authentication when connecting devices, allowing an attacker to gain administrator privileges on the device and thereby control the application device. The WAGO IPC 758-870 is prone to a security-bypass vulnerability caused by a hard-coded password. CoDeSys is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authentication. Successfully exploiting this issue may also result in arbitrary code-execution. 3S-Smart Software Solutions CoDeSys is a set of PLC (Programmable Logic Controller) software programming tools from 3S-Smart Software Solutions in Germany. Runtime Toolkit is the runtime toolkit of CoDeSys. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: CoDeSys Authentication Bypass and Directory Traversal Vulnerabilities SECUNIA ADVISORY ID: SA51847 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51847/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51847 RELEASE DATE: 2013-01-14 DISCUSS ADVISORY: http://secunia.com/advisories/51847/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51847/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51847 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Digital Bond has reported two vulnerabilities in CoDeSys, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. 1) An error within the authentication mechanism does not properly restrict access to the device and can be exploited to perform certain administrative tasks. 2) Certain input passed to the file transfer functionality is not properly verified before being used to access files. This can be exploited to read, delete, or upload arbitrary files via directory traversal sequences. The vulnerabilities are reported in versions 2.3.x and 2.4.x. SOLUTION: Apply patches (please contact the vendor for more information). PROVIDED AND/OR DISCOVERED BY: Reid Wightman, Digital Bond. ORIGINAL ADVISORY: ICS-CERT (ICSA-13-011-01): http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-01.pdf CoDeSys: http://www.codesys.com/news-events/press-releases/detail/article/sicherheitsluecke-in-codesys-v23-laufzeitsystem.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . SEC Consult Vulnerability Lab Security Advisory < 20171130-0 > ======================================================================= title: Critical CODESYS vulnerabilities product: WAGO PFC 200 Series, see "Vulnerable / tested versions" vulnerable version: plclinux_rt 2.4.7.0, see "Vulnerable / tested versions" fixed version: PFC200 FW11 CVE number: - impact: critical homepage: https://www.codesys.com found: 2017-07-28 by: T. Weber (Office Vienna) SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich https://www.sec-consult.com ======================================================================= Vendor description: ------------------- "The WAGO-I/O-SYSTEM is a flexible fieldbus-independent solution for decentralized automation tasks. With the relay, function and interface modules, as well as overvoltage protection, WAGO provides a suitable interface for any application." Source: http://global.wago.com/en/products/product-catalog/ components-automation/overview/index.jsp "The PFC family of controllers offers advanced compact, computing power for PLC programming and process visualization. Programmable in accordance with IEC 61131-3 600, PFC controllers feature a 600 MHz ARM Cortex A8 processor that offers high speed processing and support of 64 bit variables." Source: http://www.wago.us/products/components-for-automation/modular-io-system-series-750-753/programmable-fieldbus-controller/pfc200/index.jsp Business recommendation: ------------------------ Because of the use in industrial and safety-critical environments the patch has to be applied as soon as it is available. We explicitly point out to all users in this sector that this device series in the mentioned device series with firmware 02.07.07(10) should not be connected directly to the internet (or even act as gateway) since it is very likely that an attacker can compromise the whole network via such an device. SEC Consult recommends not to use this product in a production environment until a thorough security review has been performed by security professionals. Vulnerability overview/description: ----------------------------------- The "plclinux_rt" service accepts different unauthenticated actions. This vulnerability contains the architectural security problems described by Reid Wightman. The SDK of "plclinux_rt" is written by the same vendor (3S). Therefore, the file commands of "Digital Bond's 3S CODESYS Tools", created around 2012 are applicable. (See https://ics-cert.us-cert.gov/advisories/ICSA-13-011-01) The CODESYS command-line is protected with login credentials, that's why the shell of the mentioned tools does not provide root access out of the box. But after some investigation it was clear that there are further functions which are reachable without using the command-line and without any authentication. These functions in "plclinux_rt" can be triggered by sending the correct TCP payload on the bound port (by default 2455). Some of the triggerable functions are: * Arbitrary file read/write/delete (also covered by "Digital Bond's Tools") * Step over a function in the currently executed PLC program * Cycle step any function in the currently executed PLC program * Delete the current variable list of the currently executed PLC program * And more functions... Since SSH is activated by default, an unauthenticated attacker can rewrite "/etc/shadow" and gain root privileges easily via these attack vectors! 1) Critical Improper Authentication / Design Issue Files can be fetched, written and deleted. Running tasks on the PLC can be restarted, stepped and crashed. An attacker can therefore replace the password hash in the shadow file. A memory corruption (and potential reverse-shell) is also possible via arbitrary TCP packets. There are potentially more commands which can be triggered, but this was not covered by the short security crash test. Proof of concept: ----------------- As there is no patch available yet, the detailed proof of concept information has been removed from this advisory. 1) Critical Improper Authentication / Design Issue Two payloads are specified here as proof of concept for file manipulation. Four payloads for live program manipulation are also listed. File read and delete without any authentication. Read "/etc/shadow": echo '[PoC removed]' | xxd -r -p | nc <PLC-IP> <Port> Delete "/etc/test": echo '[PoC removed]' | xxd -r -p | nc <PLC-IP> <Port> Runnning PLC tasks could be modified with the following payloads: Step over function: echo '[PoC removed]' | xxd -r -p | nc <PLC-IP> <Port> Cycle step function: echo '[PoC removed]' | xxd -r -p | nc <PLC-IP> <Port> Delete variable list (produces stack-trace / denial of service): echo '[PoC removed]' | xxd -r -p | nc <PLC-IP> <Port> The actual function is chosen by the 7th byte in the latter payloads. E.g.: 0x31 -> read file 0x36 -> delete file 0x0a -> step over 0x24 -> cycle step 0x15 -> delete variable list There are much more functions hidden in the "plclinux_rt" binary. This is just an excerpt of a few available functions. These functions can be examined from "SrvComputeService". Two pseudo code snippets generated by IDA Pro shows some examples (the functionality can be quickly determined from the corresponding debug message): [PoC removed from this advisory] Vulnerable / tested versions: ----------------------------- WAGO PFC200 Series / Firmware 02.07.07(10) (17 affected devices) 750-8202 750-8202/025-000 750-8202/025-001 750-8202/025-002 750-8202/040-001 750-8203 750-8203/025-000 750-8204 750-8204/025-000 750-8206 750-8206/025-000 750-8206/025-001 750-8207 750-8207/025-000 750-8207/025-001 750-8208 750-8208/025-000 The WAGO contact stated during a call that all PLCs of the 750-88X Series are not vulnerable due to a custom fix from WAGO. The contact also stated that the PLCs of the 750-810X (PFC100) series are also not vulnerable because they have CODESYS 3.5 deployed. Devices of any other vendor which use the CODESYS 2.3.X/2.4.X runtime are potentially prone to the same vulnerability. Vendor contact timeline: ------------------------ 2017-08-02: Contacting vendor through info@wago.com and set the publication date to 2017-09-21. 2017-08-09: Sending a reminder to info@wago.com 2017-08-16: Found a dedicated security contact of WAGO. Contacting this employee via e-mail. 2017-08-17: Contact responds that he will read the redirected e-mail from info@wago.com. Sending e-mail to contact that the message sent to info@wago.com does not contain the actual advisory and that an encrypted channel should be used for transmission. 2017-08-22: Sending reminder to contact and re-transmitting the responsible disclosure policy and all possible ways to transmit the advisory. 2017-08-29: Uploading advisory to WAGO ShareFile. 2017-09-15: Telephone call with WAGO contact. Discussion about the vulnerability. Fix will be available in the next firmware version. Vendor clarified that series 750-88X is not prone to the reported vulnerability. Set the publication date to 2017-09-28. 2017-09-26: Telephone call with vendor. Vendor is working on a fix of the vulnerabilities. Set the publication date to 2017-10-12. 2017-10-06: Sending a reminder to the vendor; No answer. 2017-10-11: Sending a reminder to the vendor. Vendor states that they are working on an update and a timeline for the fix will be provided on 2017-10-13. 2017-10-13: Asked for an update; No answer. 2017-10-17: Informing the vendor that the publication date was set to 2017-10-23. 2017-10-19: Vendor responds that vulnerability in PFC200 series will be patched in firmware version FW12. Set publication date to 2017-10-27 and asked the vendor for a time-line regarding the PFC100 series. 2017-10-20: Vendor responds that PFC100 series is not vulnerable since it does not contain CODESYS 2.4 run-time. Vendor corrected the firmware to version FW11. The patch will be available in January 2018. 2017-10-30: Informed vendor that the advisory will be published on 2017-11-30. 2017-11-30: Advisory release Solution: --------- Update your WAGO PFC200 Series to firmware version FW11 as soon as it is available. In the meantime, see the workaround section. Workaround: ----------- Delete "plclinux_rt" or close the programming port (2455). Network access to the device should be restricted. Advisory URL: ------------- https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Vulnerability Lab SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich About SEC Consult Vulnerability Lab The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/career/index.html Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/contact/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult EOF T. Weber / @2017

The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. The Siemens SCALANCE S-series security modules can be used to protect all Ethernet devices from unauthorized access. The WEB configuration interface provided by the Siemens SCALANCE firewall does not impose a mandatory time delay on the failed login, allowing the attacker to detect a large number of passwords in a short period of time and perform brute force attacks. The following devices are affected by this vulnerability: * Scalance S602 V2* Scalance S612 V2* Scalance S613 V2. The Profinet DCP protocol handles errors that can make the firewall unresponsive or interrupt an established VPN tunnel through a specially crafted DCP frame. Siemens Scalance Firewall filters inbound and outbound network connections in a variety of ways to secure a trusted industrial network. Siemens Scalance Firewall has multiple vulnerabilities in its implementation that can be exploited by malicious users to perform brute force attacks or cause denial of service. Siemens Scalance Firewall is prone to a denial-of-service vulnerability and a security-bypass weakness. Attackers can exploit these issues to cause denial-of-service conditions or conduct brute-force attacks. Profinet DCP There was an error in the protocol processing. The vulnerability is due to the unlimited number of verification times. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Siemens Scalance Firewall Two Vulnerabilities SECUNIA ADVISORY ID: SA48680 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48680/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48680 RELEASE DATE: 2012-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/48680/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48680/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48680 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability and a weakness have been reported in Siemens Scalance Firewall, which can be exploited by malicious people to conduct brute-force attacks or cause a DoS (Denial of Service). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Adam Hahn and Manimaran Govindarasu, Iowa State University. ORIGINAL ADVISORY: Siemens SSA-268149: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Sony Bravia KDL-32CX525 is a smart TV device. The Sony Bravia KDL-32CX525 has a security vulnerability that allows an attacker to crash an application and cause a denial of service attack. Sony Bravia is prone to a remote denial-of-service vulnerability

Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame. The Siemens SCALANCE S-series security modules can be used to protect all Ethernet devices from unauthorized access. The WEB configuration interface provided by the Siemens SCALANCE firewall does not impose a mandatory time delay on the failed login, allowing the attacker to detect a large number of passwords in a short period of time and perform brute force attacks. The following devices are affected by this vulnerability: * Scalance S602 V2* Scalance S612 V2* Scalance S613 V2. The Profinet DCP protocol handles errors that can make the firewall unresponsive or interrupt an established VPN tunnel through a specially crafted DCP frame. Siemens Scalance Firewall filters inbound and outbound network connections in a variety of ways to secure a trusted industrial network. Siemens Scalance Firewall has multiple vulnerabilities in its implementation that can be exploited by malicious users to perform brute force attacks or cause denial of service. Siemens Scalance Firewall is prone to a denial-of-service vulnerability and a security-bypass weakness. Attackers can exploit these issues to cause denial-of-service conditions or conduct brute-force attacks. Profinet DCP There was an error in the protocol processing. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Siemens Scalance Firewall Two Vulnerabilities SECUNIA ADVISORY ID: SA48680 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48680/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48680 RELEASE DATE: 2012-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/48680/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48680/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48680 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability and a weakness have been reported in Siemens Scalance Firewall, which can be exploited by malicious people to conduct brute-force attacks or cause a DoS (Denial of Service). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Adam Hahn and Manimaran Govindarasu, Iowa State University. ORIGINAL ADVISORY: Siemens SSA-268149: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777. This vulnerability CVE-2012-1777 Is a different vulnerability.By local users sudo There is a possibility that the authority is acquired through the program. Firepass is prone to a local security vulnerability. This vulnerability has been verified by a user account capable of executing PHP scripts