VARIoT IoT vulnerabilities database
VAR-200512-0611 | CVE-2005-4092 | Apple QuickTime fails to properly handle corrupt media files |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor.
These issues arise when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats.
Successful exploits of these issues may allow remote attackers to trigger a denial-of-service condition or to gain unauthorized access. This issue affects both Mac OS X and Microsoft Windows releases of the software.
This issue may be triggered when the application processes a malformed movie (.MOV) file.
Successful exploitation will result in execution of arbitrary code in the context of the currently logged in user.
This issue affects Apple QuickTime 7.0.3 and iTunes 6.0.1. Earlier versions may also be affected. Multiple buffer overflow vulnerabilities exist in QuickTime.qts.
This specific flaw exists within the QuickTime.qts file which many
applications access QuickTime's functionality through. By specially
crafting atoms within a movie file, a direct heap overwrite is
triggered, and reliable code execution is then possible.
Technical Details:
Technical Description:
The code in QuickTime.qts responsible for the size of the Sample
Description Table entries from the 'stsd' atom in a QuickTime-format
movie on the heap. According to developer.apple.com, the format of the
Sample Description Atom is as follows:
Field Description
----------------------------------------------------------------
Size 32-bit int
Data Format 4 char code
Reserved 6 bytes that must be 0
Data Reference Index 16-bit int
Hint Track Version 16-bit unsigned int
Last compatible hint track version 16-bit unsigned int
Max Packet Size 32-bit int
Additional Data Table Variable
By setting the size of the Sample Description Table to a size of 00 15 -
00 D0 will cause a heap-based overflow. By supplying the "Last
compatible hint track version" field with the value of 00 05 - 00 09, an
insufficiently-sized heap block will be allocated, resulting in a
classic complete heap memory overwrite
during the RtlAllocateHeap() function and the attacker can control
memory with data taken from the filename of the .MOV file. This
vulnerability can be successfully exploited via an embedded media player
in an HTML page, email, or HTML link.
References
QuickTime: QuickTime File Format
http://developer.apple.com/documentation/QuickTime/QTFF/index.html
Protection:
Retina Network Security Scanner has been updated to identify this
vulnerability.
Vendor Status:
Apple has released a patch for this vulnerability. The patch is
available via the Updates section of the affected applications.
This vulnerability has been assigned the CVE identifier CVE-2005-4092.
Credit:
Discovery: Karl Lynn
Greetings:
0x41414141
Copyright (c) 1998-2006 eEye Digital Security
Permission is hereby granted for the redistribution of this alert
electronically. It is not to be edited in any way without express
consent of eEye. If you wish to reprint the whole or any part of this
alert in any other medium excluding electronic medium, please email
alert@eEye.com for permission.
Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are no warranties, implied or express, with regard to this information.
In no event shall the author be liable for any direct or indirect
damages whatsoever arising out of or in connection with the use or
spread of this information.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-011A
Apple QuickTime Vulnerabilities
Original release date: January 11, 2006
Last revised: January 11, 2006
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows XP
* Microsoft Windows 2000
Overview
Apple has released QuickTime 7.0.4 to correct multiple
vulnerabilities. The impacts of these vulnerabilities include
execution of arbitrary code and denial of service.
I.
(CAN-2005-3713)
II. Impact
The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes.
III. Solution
Upgrade
Upgrade to QuickTime 7.0.4.
Appendix A. References
* US-CERT Vulnerability Note VU#629845 -
<http://www.kb.cert.org/vuls/id/629845>
* US-CERT Vulnerability Note VU#921193 -
<http://www.kb.cert.org/vuls/id/921193>
* US-CERT Vulnerability Note VU#115729 -
<http://www.kb.cert.org/vuls/id/115729>
* US-CERT Vulnerability Note VU#150753 -
<http://www.kb.cert.org/vuls/id/150753>
* US-CERT Vulnerability Note VU#913449 -
<http://www.kb.cert.org/vuls/id/913449>
* CVE-2005-2340 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340>
* CVE-2005-4092 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092>
* CVE-2005-3707 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707>
* CVE-2005-3710 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710>
* CVE-2005-3713 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713>
* Security Content for QuickTime 7.0.4 -
<http://docs.info.apple.com/article.html?artnum=303101>
* QuickTime 7.0.4 -
<http://www.apple.com/support/downloads/quicktime704.html>
* About the Mac OS X 10.4.4 Update (Delta) -
<http://docs.info.apple.com/article.html?artnum=302810>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-011A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
January 11, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj
34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey
AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/
HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL
osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy
0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw==
=5Kiq
-----END PGP SIGNATURE-----
VAR-200512-0526 | CVE-2005-3989 | Avaya TN2602AP IP Media Resource 320 Remote Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets. Avaya TN2602AP IP Media Resource 320 is prone to a remote denial of service vulnerability.
A successful attack can result in a memory leak and lead to a denial of service condition due to a crash.
Avaya TN2602AP IP Media Resource 320 versions prior to vintage 9 firmware are vulnerable to this issue.
The vulnerability is caused due to an unspecified error. This can be
exploited to cause memory leaks, which can potentially cause a DoS
via specially crafted packets.
SOLUTION:
Update to vintage 9 firmware.
http://support.avaya.com/japple/css/japple?temp.documentID=236667&temp.productID=136527&temp.releaseID=228560&temp.bucketID=108025&PAGE=Document#TN2602
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://support.avaya.com/elmodocs2/security/ASA-2005-231.pdf
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0187 | CVE-2005-3886 | Cisco Security Agent Unknown local protection bypass and privilege elevation vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software. This issue only affects computers running affected versions of Cisco Security Agent on the Microsoft Windows platform.
Further details are not currently available, this BID will be updated as information becomes available. Cisco Security Agent adopts behavior-based evaluation criteria to identify and protect servers and terminal computers, instead of relying only on signature matching for analysis and identification, successfully solving the security risks brought by unknown viruses.
The vulnerability is caused due to an unspecified error in CSA on the
Windows platform. This can be exploited by malicious users to gain
SYSTEM privileges on a vulnerable system.
The vulnerability has been reported in the following versions:
* Cisco CSA version 4.5.0 (all builds) managed and standalone
agents.
* Cisco CSA version 4.5.1 (all builds) managed and standalone
agents.
* Cisco CSA version 4.5.0 (build 573) for CallManager.
* Cisco CSA version 4.5.1 (build 628) for CallManager.
* Cisco CSA version 4.5.1 (build 616) for Intelligent Contact
Management (ICM), IPCC Enterprise, and IPCC Hosted.
* Cisco CSA version 4.5.0 ( build 573) for Cisco Voice Portal (CVP)
3.0 and 3.1.
SOLUTION:
Update to version 4.5.1.639.
Management Center for Cisco Security Agents:
http://www.cisco.com/pcgi-bin/tablebuild.pl/csa
CSA for CallManager:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des
CSA for ICM, IPCC Enterprise, and IPCC Hosted:
http://www.cisco.com/pcgi-bin/tablebuild.pl/csa10-crypto
CSA for CVP 3.0 and 3.1:
http://www.cisco.com/pcgi-bin/tablebuild.pl/csa-cvp-20
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20051129-csa.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0198 | CVE-2005-3897 | Apple Safari Javascript BODY Event denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function. Safari is prone to a denial-of-service vulnerability. Apple Safari is a web browser software
VAR-200511-0152 | CVE-2005-3921 |
Cisco IOS HTTP Server Vulnerabilities in arbitrary command insertion
Related entries in the VARIoT exploits database: VAR-E-200511-0416 |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers. Cisco IOS include HTTP Server Is show buffers Memory dump results were generated dynamically using commands etc. Web When displaying a page, the output result is not properly sanitized, so there is a vulnerability that allows arbitrary commands to be inserted.An arbitrary command may be executed and as a result, administrator privileges may be obtained. Cisco IOS HTTP service is prone to an HTML-injection vulnerability.
An attacker can submit malicious HTML and script code through the '/level/15/exec/-/buffers/assigned' and '/level/15/exec/-/buffers/all' scripts. This code may run in the browser of an administrator when they attempt to view the contents of memory buffers through the vulnerable scripts of the HTTP service.
IOS 11.0 through 12.4 are affected. IOS XR is not vulnerable.
This issue is documented by Cisco Bug ID CSCsc64976.
NOTE: Since this is an HTML-injection vulnerability that targets users of the IOS web interface, devices with the HTTP service disabled are not affected. The attacker can also run arbitrary commands on a vulnerable device.
Successful exploits may allow the attacker to manipulate routing information, create accounts, and access all other functionality available to administrators.
The vulnerability is caused due to the memory dump feature of the
HTTP server not properly sanitising the data in received packets
before displaying them to the user in a HTML formatted page when the
user views the "/level/15/exec/-/buffers/assigned/dump" link. This
can be exploited to execute arbitrary script code in a user's browser
session when the user views a memory dump containing malicious
Javascript/HTML code from a received packet. E.g. changing
the "enable" password by injecting HTML code that requests for the
"/level/15/configure/-/enable/secret/" link.
SOLUTION:
Disable active scripting when viewing memory dumps.
PROVIDED AND/OR DISCOVERED BY:
Hugo Vazquez Carames
ORIGINAL ADVISORY:
http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
The vulnerability is related to:
SA17780
The vulnerability has been reported in IOS 11.2(8.11)SA6.
SOLUTION:
Update to Cisco IOS 12.
Alternatively, disable CDP functionality if it is not required, or
disable the web administration interface
VAR-200511-0220 | CVE-2005-3821 | vTiger CRM Cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
vtiger CRM is prone to an SQL injection vulnerability, an arbitrary local file include vulnerability and an arbitrary file upload vulnerability.
Several of the issues disclosed by SEC-CONSULT in their referenced security advisory, were previously discussed in BID 15562 (VTiger CRM Multiple Input Validation Vulnerabilities). Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information.
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17693
VERIFY ADVISORY:
http://secunia.com/advisories/17693/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Christopher Kunz has reported some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion, and SQL injection attacks, disclose
sensitive information, and compromise a vulnerable system.
1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
2) An input validation error in the RSS aggregation module can be
exploited to inject arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when data from the malicious RSS feed is viewed.
3) Input passed to the "date" parameter and the username field when
logging into the administration section isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
This can further be exploited to bypass the authentication process
and access the administration section where sensitive user data can
be disclosed or manipulated.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
4) Input passed to the "action" and "module" parameters isn't
properly verified, before it is used to include files.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been reported in version 4.2 and prior.
Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Christopher Kunz, Hardened PHP Project
ORIGINAL ADVISORY:
http://www.hardened-php.net/advisory_232005.105.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0223 | CVE-2005-3824 | vTiger CRM uploads Module allows uploading arbitrary file vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
vtiger CRM is prone to an SQL injection vulnerability, an arbitrary local file include vulnerability and an arbitrary file upload vulnerability.
Several of the issues disclosed by SEC-CONSULT in their referenced security advisory, were previously discussed in BID 15562 (VTiger CRM Multiple Input Validation Vulnerabilities). Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information.
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17693
VERIFY ADVISORY:
http://secunia.com/advisories/17693/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Christopher Kunz has reported some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion, and SQL injection attacks, disclose
sensitive information, and compromise a vulnerable system.
1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
2) An input validation error in the RSS aggregation module can be
exploited to inject arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when data from the malicious RSS feed is viewed.
3) Input passed to the "date" parameter and the username field when
logging into the administration section isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
This can further be exploited to bypass the authentication process
and access the administration section where sensitive user data can
be disclosed or manipulated.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
4) Input passed to the "action" and "module" parameters isn't
properly verified, before it is used to include files.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been reported in version 4.2 and prior.
Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Christopher Kunz, Hardened PHP Project
ORIGINAL ADVISORY:
http://www.hardened-php.net/advisory_232005.105.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0222 | CVE-2005-3823 | vTiger CRM Users Remote module free PHP Code execution vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
vtiger CRM is prone to an SQL injection vulnerability, an arbitrary local file include vulnerability and an arbitrary file upload vulnerability.
Several of the issues disclosed by SEC-CONSULT in their referenced security advisory, were previously discussed in BID 15562 (VTiger CRM Multiple Input Validation Vulnerabilities). Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information.
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17693
VERIFY ADVISORY:
http://secunia.com/advisories/17693/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Christopher Kunz has reported some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion, and SQL injection attacks, disclose
sensitive information, and compromise a vulnerable system.
1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
2) An input validation error in the RSS aggregation module can be
exploited to inject arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when data from the malicious RSS feed is viewed.
3) Input passed to the "date" parameter and the username field when
logging into the administration section isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
This can further be exploited to bypass the authentication process
and access the administration section where sensitive user data can
be disclosed or manipulated.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
4) Input passed to the "action" and "module" parameters isn't
properly verified, before it is used to include files.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been reported in version 4.2 and prior.
Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Christopher Kunz, Hardened PHP Project
ORIGINAL ADVISORY:
http://www.hardened-php.net/advisory_232005.105.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0221 | CVE-2005-3822 | vTiger CRM Multiple SQL Injection vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
vtiger CRM is prone to an SQL injection vulnerability, an arbitrary local file include vulnerability and an arbitrary file upload vulnerability.
Several of the issues disclosed by SEC-CONSULT in their referenced security advisory, were previously discussed in BID 15562 (VTiger CRM Multiple Input Validation Vulnerabilities). Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information.
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17693
VERIFY ADVISORY:
http://secunia.com/advisories/17693/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Christopher Kunz has reported some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion, and SQL injection attacks, disclose
sensitive information, and compromise a vulnerable system.
1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
2) An input validation error in the RSS aggregation module can be
exploited to inject arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when data from the malicious RSS feed is viewed.
3) Input passed to the "date" parameter and the username field when
logging into the administration section isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
This can further be exploited to bypass the authentication process
and access the administration section where sensitive user data can
be disclosed or manipulated.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
4) Input passed to the "action" and "module" parameters isn't
properly verified, before it is used to include files.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been reported in version 4.2 and prior.
Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Christopher Kunz, Hardened PHP Project
ORIGINAL ADVISORY:
http://www.hardened-php.net/advisory_232005.105.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0218 | CVE-2005-3819 |
vTiger CRM Multiple SQL Injection vulnerability
Related entries in the VARIoT exploits database: VAR-E-200511-0129 |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to gain administrative access, retrieve username and password pairs, steal cookie-based authentication credentials and retrieve arbitrary local files in the context of the Web server process; other attacks are also possible.
Some of these issues may be related to those discussed in BID 11740 (SugarCRM Multiple Input Validation Vulnerabilities) discovered by James Bercegay and Damon Wood of the GulfTech Security Research Team, as vtiger is a fork of the SugarCRM project.
An independent study by Daniel Fabian of SEC-CONSULT has confirmed the existence of several of these issues. Please see the referenced advisory for more information. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information.
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17693
VERIFY ADVISORY:
http://secunia.com/advisories/17693/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Christopher Kunz has reported some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion, and SQL injection attacks, disclose
sensitive information, and compromise a vulnerable system.
1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
2) An input validation error in the RSS aggregation module can be
exploited to inject arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when data from the malicious RSS feed is viewed.
3) Input passed to the "date" parameter and the username field when
logging into the administration section isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
This can further be exploited to bypass the authentication process
and access the administration section where sensitive user data can
be disclosed or manipulated.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
4) Input passed to the "action" and "module" parameters isn't
properly verified, before it is used to include files. This can be
exploited to include arbitrary files from local resources.
This can further be exploited to include and execute arbitrary PHP
code injected into the "vtigercrm.log" log file.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been reported in version 4.2 and prior.
Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Christopher Kunz, Hardened PHP Project
ORIGINAL ADVISORY:
http://www.hardened-php.net/advisory_232005.105.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0217 | CVE-2005-3818 |
vTiger CRM Multiple cross-site scripting vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200511-0131, VAR-E-200511-0130 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
vTiger CRM is prone to multiple SQL injection, HTML injection, cross-site scripting and local file include vulnerabilities.
An attacker can exploit these issues to gain administrative access, retrieve username and password pairs, steal cookie-based authentication credentials and retrieve arbitrary local files in the context of the Web server process; other attacks are also possible.
Some of these issues may be related to those discussed in BID 11740 (SugarCRM Multiple Input Validation Vulnerabilities) discovered by James Bercegay and Damon Wood of the GulfTech Security Research Team, as vtiger is a fork of the SugarCRM project.
An independent study by Daniel Fabian of SEC-CONSULT has confirmed the existence of several of these issues. Please see the referenced advisory for more information. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information.
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17693
VERIFY ADVISORY:
http://secunia.com/advisories/17693/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Christopher Kunz has reported some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion, and SQL injection attacks, disclose
sensitive information, and compromise a vulnerable system.
1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
3) Input passed to the "date" parameter and the username field when
logging into the administration section isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
This can further be exploited to bypass the authentication process
and access the administration section where sensitive user data can
be disclosed or manipulated.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
4) Input passed to the "action" and "module" parameters isn't
properly verified, before it is used to include files. This can be
exploited to include arbitrary files from local resources.
This can further be exploited to include and execute arbitrary PHP
code injected into the "vtigercrm.log" log file.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been reported in version 4.2 and prior.
Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Christopher Kunz, Hardened PHP Project
ORIGINAL ADVISORY:
http://www.hardened-php.net/advisory_232005.105.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0219 | CVE-2005-3820 | VTiger CRM Multiple Input Validation Vulnerabilities |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file. vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
vTiger CRM is prone to multiple SQL injection, HTML injection, cross-site scripting and local file include vulnerabilities.
An attacker can exploit these issues to gain administrative access, retrieve username and password pairs, steal cookie-based authentication credentials and retrieve arbitrary local files in the context of the Web server process; other attacks are also possible.
Some of these issues may be related to those discussed in BID 11740 (SugarCRM Multiple Input Validation Vulnerabilities) discovered by James Bercegay and Damon Wood of the GulfTech Security Research Team, as vtiger is a fork of the SugarCRM project.
An independent study by Daniel Fabian of SEC-CONSULT has confirmed the existence of several of these issues. Please see the referenced advisory for more information. Users are advised to consult that BID for other vulnerabilities affecting vtiger. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information.
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17693
VERIFY ADVISORY:
http://secunia.com/advisories/17693/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
vtiger CRM 4.x
http://secunia.com/product/6211/
DESCRIPTION:
Christopher Kunz has reported some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion, and SQL injection attacks, disclose
sensitive information, and compromise a vulnerable system.
1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
2) An input validation error in the RSS aggregation module can be
exploited to inject arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when data from the malicious RSS feed is viewed.
3) Input passed to the "date" parameter and the username field when
logging into the administration section isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
This can further be exploited to bypass the authentication process
and access the administration section where sensitive user data can
be disclosed or manipulated.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
4) Input passed to the "action" and "module" parameters isn't
properly verified, before it is used to include files.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been reported in version 4.2 and prior.
Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified.
PROVIDED AND/OR DISCOVERED BY:
Christopher Kunz, Hardened PHP Project
ORIGINAL ADVISORY:
http://www.hardened-php.net/advisory_232005.105.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0342 | CVE-2005-3786 | Novell ZENworks remote diagnosis Console One Unauthorized access vulnerability |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One. Novell ZENworks Remote Diagnostics is prone to an unauthorized access vulnerability.
This vulnerability may facilitate disclosure of sensitive data and may aid in other attacks against a vulnerable computer.
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972567.htm
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098818.htm
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0294 | CVE-2005-3774 | Cisco PIX fails to verify TCP checksum |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination. Versions of Cisco PIX firewalls do not validate the checksum of transiting TCP packets. Attackers may be able to use this problem to create a sustained denial-of-service under certain conditions. Cisco PIX Firewall Is illegal TCP SYN When a packet is processed, the packet and source and destination information for a certain period of time (IP Address and port ) There is a function that rejects packets that match, and there is a vulnerability that prevents communication from a legitimate host if the source information of the wrong packet is spoofed by that of a legitimate host.From a specific source TCP Communication is interrupted for a certain period of time (DoS) It may be in a state.
This issue allows attackers to temporarily block network traffic to arbitrarily targeted TCP services. By repeating the attack, a prolonged denial-of-service condition is possible. Cisco PIX is a hardware firewall solution. Remote attackers may use this loophole to cause a denial of service attack on legitimate access sources. So an attacker can send a specially crafted TCP packet with a wrong checksum, setting the source/destination IP and port to a legitimate host. Once the PIX firewall receives such a message, it cannot establish a new TCP session with the credentials specified in the malicious message. The default time is 2 minutes and 2 seconds, and then it will resume normal operation. Gavrilenko has reported a vulnerability in Cisco PIX,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
The vulnerability is caused due to the firewall failing to verify the
checksum of a TCP SYN packet before it is allowed through the firewall
and a connection state is setup to track the half-open connection.
Packets with incorrect checksum values will be silently discarded by
the destination host without a RST reply. This causes the connection
state to be held up to two minutes before it is cleared. In the
meantime, legitimate SYN packets with the same protocol, IP
addresses, and ports are discarded by the firewall.
Successful exploitation allows an attacker to prevent a host from
establishing connections to another host through the firewall.
The vulnerability has been reported in PIX 6.3 and PIX/ASA 7.0.
SOLUTION:
The vendor recommends the following workaround.
1) Issue the commands "clear xlate" or "clear local-host <ip address
on the higher security level interface>" to allow the firewall to
pass connections again.
2) Modify the default TCP embryonic connection timeout to a lower
value. e.g. 10 seconds.
3) Configure TCP Intercept to allow PIX to proxy all TCP connection
attempts originated from behind any firewall interface after the
first connection. This will have a performance impact.
PROVIDED AND/OR DISCOVERED BY:
Konstantin V. Gavrilenko, Arhont Ltd
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200512-0893 | CVE-2005-4678 | Apple Safari Remote attack vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Safari is prone to a remote security vulnerability.
The problem is that the browser fails to show the correct URL in the
status bar if an image control has been enclosed in a hyperlink and
uses a form to specify the destination URL. This may cause a user to
follow a link to a seemingly trusted website when in fact the browser
opens a malicious website.
This is related to:
SA17565
Example:
<form action="[malicious site]">
<a href="[trusted site]"><input type="image" src="[image]"></a>
</form>
The weakness has been confirmed in version 2.0.2 (416.12). Other
versions may also be affected.
SOLUTION:
Do not follow links from untrusted sources.
PROVIDED AND/OR DISCOVERED BY:
Reported in Safari by marc.
Originally discovered in Internet Explorer and Opera by Claudio
"Sverx".
OTHER REFERENCES:
SA17565:
http://secunia.com/advisories/17565/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200512-0135 | CVE-2005-4323 | Hitachi Collaboration Schedule Unknown denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to cause a denial of service of unspecified impact via repeated invalid requests to the Schedule component.
This vulnerability may be triggered by multiple invalid requests sent to the schedule.
No further details have been provided. These are due to a lack of proper sanitization of user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
ORIGINAL ADVISORY:
http://www.hitachi-support.com/security_e/vuls_e/HS05-023_e/index-e.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200512-0134 | CVE-2005-4322 | Hitachi Product Multiple Cross-Site Scripting Vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to inject arbitrary web script or HTML via the (1) Schedule and (2) Calendar components. These are due to a lack of proper sanitization of user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
TITLE:
Hitachi Products Cross-Site Scripting and Denial of Service
SECUNIA ADVISORY ID:
SA17634
VERIFY ADVISORY:
http://secunia.com/advisories/17634/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, DoS
WHERE:
>From remote
SOFTWARE:
Cosminexus 6.x
http://secunia.com/product/5795/
Groupmax Collaboration Portal 6.x
http://secunia.com/product/6162/
Groupmax Collaboration Web Client 7.x
http://secunia.com/product/6161/
DESCRIPTION:
Some vulnerabilities have been reported in various Hitachi products,
which can be exploited by malicious people to conduct cross-site
scripting attacks and cause a DoS (Denial of Service).
ORIGINAL ADVISORY:
http://www.hitachi-support.com/security_e/vuls_e/HS05-023_e/index-e.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0004 | CVE-2005-2938 | APPLE iTunes Unlisted Windows Search path vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. iTunes is Apple's player software for iPod and mp3 files. Multiple Vendor Insecure Call to CreateProcess() Vulnerability
iDEFENSE Security Advisory 11.15.05
www.idefense.com/application/poi/display?id=340&type=vulnerabilities
November 15, 2005
I. BACKGROUND
The Microsoft Windows API includes the CreateProcess() function as a
means to create a new process and it's primary thread.
CreateProcessAsUser() is similar but allows for the process to be run in
the security context of a particular user.
II. DESCRIPTION
The format of the CreateProcess() function is as follows:
BOOL CreateProcess(
LPCTSTR lpApplicationName,
LPTSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCTSTR lpCurrentDirectory,
LPSTARTUPINFO lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
);
The 'lpApplicationName' variable contains the name of the module to be
executed. However, this can be a NULL value, in which case, the module
name to be executed will be the first white space-delimited token in the
lpCommandLine string.
It is a known issue, that if lpApplicationName contains a NULL value and
the full module path in the lpCommandLine variable contains white space
and is not enclosed in quotation marks, it is possible that an alternate
application will be executed. Consider the following scenario:
CreateProcess(
NULL,
c:\program files\sub dir\program.exe,
...
);
In this case, the system will successively expand the string when
interpreting the file path, until a module is encountered to execute.
The string used in the above example would be interpreted as follows:
c:\program.exe files\sub dir\program name
c:\program files\sub.exe dir\program name
c:\program files\sub dir\program.exe
Therefore, if a file named program.exe existed in the c:\ directory, it
would be executed instead of the intended application. This is a known
issue, discussed directly in the API documentation:
http://msdn.microsoft.com/library/en-us/dllproc/base/createprocessasuser.asp
III. ANALYSIS
Despite the fact that this is a known issue, several popular
applications, insecurely call the CreateProcess() and
CreateProcessAsUser() functions. This creates a scenario whereby
arbitrary code could be executed. In the scenario detailed above, if an
attacker were able to install arbitrary code in a file at
c:\program.exe, when the vulnerable application was launched, the code
would be executed. The arbitrary code would generally be executed under
the privileges of the executing user but could also be launched with
elevated privilegs if an insecure call were made CreateProcessAsUser()
using elevated privileges. This attack would involve some form of social
engineering or need to be combined with another attack to first get the
arbitrary code installed in the correct location.
IV. DETECTION
The following applications have been confirmed to be vulnerable:
Vendor: RealNetworks
Application: RealPlayer 10.5
Files: realplay.exe
realjbox.exe
Vendor: Kaspersky
Application: Kaspersky Anti-Virus for Windows File Servers 5.0
(English) - Installation File
Files: kav5.0trial_winfsen.exe
Vendor: Apple
Application: iTunes 4.7.1.30
Files: iTunesHelper.exe
Vendor: VMWare
Application: VMWare Workstation 5.0.0 build-13124
Files: VMwareTray.exe
VMwareUser.exe
Vendor: Microsoft
Application: Microsoft Antispyware 1.0.509 (Beta 1)
Files: GIANTAntiSpywareMain.exe
gcASNotice.exe
gcasServ.exe
gcasSWUpdater.exe
GIANTAntiSpywareUpdater.exe
Note: The vulnerability in Microsoft Antispyware was previously
discussed on the Full-Disclosure mailing list
(http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/033909.html)
but remains unpatched.
V. WORKAROUND
Ensure that unexpected files are not stored in locations that can be
used for this attack. Windows XP SP2 will alert a user of the existence
of a file named c:\program.exe when it first boots, however, any path
containing white space where a vulnerable application is stored could be
used in this attack.
VI. VENDOR RESPONSE
The following vendor responses have been provided.
Apple:
"Due to the way iTunes 5 launches its helper application, multiple
system paths are searched for which program to run. iTunes 6 addresses this
issue and can be obtained from http://www.apple.com/itunes/download/.
Credit to iDEFENSE for reporting this issue to us."
Kaspersky:
"We are currently looking into the problem, and it seems that this is
not present in the current version of KAV for File Servers."
Microsoft:
"Microsoft has confirmed that the Beta 2 version of its Antispyware
product, targeted for release later this year, will address the issue
reported by iDEFENSE."
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
following names to this issue.
RealNetworks RealPlayer 10.5
CAN-2005-2936
Kaspersky Anti-Virus 5.0
CAN-2005-2937
Apple iTunes 4.7.1.30
CAN-2005-2938
VMWare Workstation 5.0.0 build-13124
CAN-2005-2939
Microsoft Antispyware 1.0.509 (Beta 1)
CAN-2005-2940
Theses are candidates for inclusion in the CVE list
(http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
09/19/2005 Initial vendor notification
11/15/2005 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events
http://labs.idefense.com
X. LEGAL NOTICES
Copyright \xa9 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information
VAR-200605-0040 | CVE-2006-2298 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ I SAKMP (Internet Security Association and Key Management Protocol) Authentication, key management, and SA (security association) of 3 A collective term for multiple protocols. ISAKMP Derived from IKE Is IPSec Key exchange protocol for encrypted communication. In many environments IKEv1 Is used. IKE Communication by phase 1 And phase 2 Divided into phases 1 Then establish a secure communication path, ISAKMP SA Called IKE Exchange own messages. In multiple products ISAKMP/IKE Implementation is illegal ISAKMP Phase 1 There is a problem that causes abnormal behavior when receiving this packet because there is a flaw in the processing of the packet. IKE When a deliberately created packet is sent by a remote attacker with specific information for communication by ISAKMP Services or devices that implement the may be in a service outage.Please refer to the “Overview” for the impact of this vulnerability.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200511-0112 | CVE-2005-3668 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Multiple buffer overflows in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ I SAKMP (Internet Security Association and Key Management Protocol) Authentication, key management, and SA (security association) of 3 A collective term for multiple protocols. ISAKMP Derived from IKE Is IPSec Key exchange protocol for encrypted communication. In many environments IKEv1 Is used. IKE Communication by phase 1 And phase 2 Divided into phases 1 Then establish a secure communication path, ISAKMP SA Called IKE Exchange own messages. In multiple products ISAKMP/IKE Implementation is illegal ISAKMP Phase 1 There is a problem that causes abnormal behavior when receiving this packet because there is a flaw in the processing of the packet. IKE When a deliberately created packet is sent by a remote attacker with specific information for communication by ISAKMP Services or devices that implement the may be in a service outage.Please refer to the “Overview” for the impact of this vulnerability.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------