VARIoT IoT vulnerabilities database

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers.". The Apache mod_isapi module can be forced to unload a specific library before the processing of a request is complete, resulting in memory corruption. This vulnerability may allow a remote attacker to execute arbitrary code. Apache is prone to a memory-corruption vulnerability. Apache versions prior to 2.2.15 are affected. For more information see vulnerability #2: SA38776 Successful exploitation requires that "mod_isapi" is enabled (disabled by default). For more information see vulnerability #2 in: SA38776 SOLUTION: Fixed in the SVN repository. ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Apache HTTP Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38776 VERIFY ADVISORY: http://secunia.com/advisories/38776/ DESCRIPTION: Some vulnerabilities have been reported in Apache HTTP Server, where one has unknown impacts and others can be exploited by malicious people to gain access to potentially sensitive information or cause a DoS (Denial of Service). 1) The "ap_proxy_ajp_request()" function in modules/proxy/mod_proxy_ajp.c of the mod_proxy_ajp module returns the "HTTP_INTERNAL_SERVER_ERROR" error code when processing certain malformed requests. This can be exploited to put the backend server into an error state until the retry timeout expired by sending specially crafted requests. 3) An error exists within the header handling when processing subrequests, which can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded Multi-Processing Module (MPM) is used. Vulnerabilities #1 and #3 are reported in version 2.2.0, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.8, 2.2.9, 2.2.11, 2.2.12, 2.2.13, and 2.2.14. SOLUTION: Fixed in httpd 2.2.15-dev. Update to version 2.2.15 as soon as it becomes available. PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor. 3) Reported in a bug report by Philip Pickett ORIGINAL ADVISORY: http://httpd.apache.org/security/vulnerabilities_22.html http://svn.apache.org/viewvc?view=revision&revision=917875 http://svn.apache.org/viewvc?view=revision&revision=917870 https://issues.apache.org/bugzilla/show_bug.cgi?id=48359 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2010-0014 Synopsis: VMware Workstation, Player, and ACE address several security issues. Issue date: 2010-09-23 Updated on: 2010-09-23 (initial release of advisory) CVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205 CVE-2010-2249 CVE-2010-0434 CVE-2010-0425 - ------------------------------------------------------------------------ 1. Summary VMware Workstation and Player address a potential installer security issue and security issues in libpng. VMware ACE Management Server (AMS) for Windows updates Apache httpd. 2. Relevant releases VMware Workstation 7.1.1 and earlier, VMware Player 3.1.1 and earlier, VMware ACE Management Server 2.7.1 and earlier, Note: VMware Server was declared End Of Availability on January 2010, support will be limited to Technical Guidance for the duration of the support term. 3. Problem Description a. VMware Workstation and Player installer security issue The Workstation 7.x and Player 3.x installers will load an index.htm file located in the current working directory on which Workstation 7.x or Player 3.x is being installed. This may allow an attacker to display a malicious file if they manage to get their file onto the system prior to installation. The issue can only be exploited at the time that Workstation 7.x or Player 3.x is being installed. The security issue is no longer present in the installer of the new versions of Workstation 7.x and Player 3.x (see table below for the version numbers). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3277 to this issue. VMware would like to thank Alexander Trofimov and Marc Esher for independently reporting this issue to VMware. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 7.x any 7.1.2 build 301548 or later * Workstation 6.5.x any not affected Player 3.x any 3.1.2 build 301548 or later * Player 2.5.x any not affected AMS any any not affected Server any any not affected Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX any ESX not affected * Note: This only affects the installer, if you have a version of Workstation or Player installed you are not vulnerable. b. Third party libpng updated to version 1.2.44 A buffer overflow condition in libpng is addressed that could potentially lead to code execution with the privileges of the application using libpng. Two potential denial of service issues are also addressed in the update. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1205, CVE-2010-0205, CVE-2010-2249 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 7.1.x any 7.1.2 build 301548 or later Workstation 6.5.x any affected, patch pending Player 3.1.x any 3.1.2 build 301548 or later Player 2.5.x any affected, patch pending AMS any any not affected Server any any affected, no patch planned Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX any ESX not affected c. VMware ACE Management Server (AMS) for Windows updates Apache httpd version 2.2.15. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0434 and CVE-2010-0425 to the issues addressed in this update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation any any not affected Player any any not affected AMS any Windows 2.7.2 build 301548 or later AMS any Linux affected, patch pending * Server any any not affected Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX any ESX not affected * Note CVE-2010-0425 is not applicable to AMS running on Linux 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Workstation 7.1.2 ------------------------ http://www.vmware.com/download/ws/ Release notes: http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html Workstation for Windows 32-bit and 64-bit with VMware Tools md5sum: 2e9715ec297dc3ca904ad2707d3e2614 sha1sum: 55b2b99f67c3dacd402fb9880999086efd264e7a Workstation for Windows 32-bit and 64-bit without VMware Tools md5sum: 066929f59aef46f11f4d9fd6c6b36e4d sha1sum: def776a28ee1a21b1ad26e836ae868551fff6fc3 VMware Player 3.1.2 ------------------- http://www.vmware.com/download/player/ Release notes: http://downloads.vmware.com/support/player31/doc/releasenotes_player312.html VMware Player for Windows 32-bit and 64-bit md5sum: 3f289cb33af5e425c92d8512fb22a7ba sha1sum: bf67240c1f410ebeb8dcb4f6d7371334bf9a6b70 VMware Player for Linux 32-bit md5sum: 11e3e3e8753e1d9abbbb92c4e3c1dfe8 sha1sum: dd1dbcdb1f4654eefc11472b68934dcb69842749 VMware Player for Linux 64-bit md5sum: 2ab08e0d4050719845a64d334ca15bb1 sha1sum: f024ad84ec831fce8667dfa9601851da5d9fa59c VMware ACE Management Server 2.7.2 ---------------------------------- http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7 Release notes: http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html ACE Management Server for Windows md5sum: 02f0072b8e48a98ed914b633f070d550 sha1sum: 94a68eac4a328d21a741879b9d063227c0dc1ce4 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425 - ------------------------------------------------------------------------ 6. Change log 2010-09-23 VMSA-2010-0014 Initial security advisory after release of Workstation 7.1.2, Player 3.1.2 and ACE Management Server 2.7.2 on 2010-09-23 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware Security Advisories http://www.vmware.com/security/advisoiries VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iEYEARECAAYFAkycSrQACgkQS2KysvBH1xmT9wCfbBUS4GYrJohz+QMLYcoiFmSh eTgAoIAmx+ilbe2myj02daLjFrVQfQII =5jlh -----END PGP SIGNATURE----- . 5-Mar-2010 Last Update. - Vendor Notification Date. 9-Feb-2010 Product. Apache HTTP Server Platform. 2.2.14 verified and possibly others. Severity Rating. High Impact. System access Attack Vector. Remote Solution Status. Upgrade to 2.2.15 (as advised by Apache) CVE reference. CVE-2010-0425 Details. The Apache HTTP Server, commonly referred to as Apache, is a popular open source web server software. mod_isapi is a core module of the Apache package that implements the Internet Server extension API. However function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability. Proof of Concept. Proof of concept code is available for this vulnerability. The payload will write a text file (sos.txt) to the Apache working directory demonstrating that code execution is possible. The code can be downloaded from the following link: http://www.senseofsecurity.com.au/advisories/SOS-10-002-pwn-isapi.cpp Furthermore, a video demonstrating the exploitation of this vulnerability using a bind shell has been created. It can be viewed at the following link: http://www.senseofsecurity.com.au/movies/SOS-10-002-apache-isapi.mp4 Solution. Discovered by. Brett Gervasoni from Sense of Security Labs. Sense of Security is a leading provider of information security and risk management solutions. Our team has expert skills in assessment and assurance, strategy and architecture, and deployment through to ongoing management. We are Australia's premier application penetration testing firm and trusted IT security advisor to many of the countries largest organisations. Sense of Security Pty Ltd Level 3, 66 King St Sydney NSW 2000 AUSTRALIA T: +61 (0)2 9290 4444 F: +61 (0)2 9290 4455 W: http://www.senseofsecurity.com.au/consulting/penetration-testing E: info@senseofsecurity.com.au Twitter: ITsecurityAU The latest version of this advisory can be found at: http://www.senseofsecurity.com.au/advisories/SOS-10-002 . ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. 1) Sensitive information may be written to the trace log file in cleartext when full SIP (Session Initiation Protocol) tracing is enabled and users connect using Basic authentication. For more information see vulnerability #3: SA38776 3) A vulnerability in the TLS protocol while handling session re-negotiations can be exploited to manipulate certain data. For more information see vulnerability #1: SA37291 4) A vulnerability in mod_proxy_ajp module can be exploited to cause a DoS (Denial of Service). For more information see vulnerability #1: SA38776 5) An error in mod_isapi module can be exploited to compromise a vulnerable system. For more information see vulnerability #2: SA38776 NOTE: Certain sensitive information may also be disclosed when running in debugging mode using the "-trace" option. SOLUTION: Apply APAR PM12247 or Fix Pack 6.1.0.31 when available (currently scheduled for 10th May 2010)

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. The Apache mod_isapi module can be forced to unload a specific library before the processing of a request is complete, resulting in memory corruption. This vulnerability may allow a remote attacker to execute arbitrary code. Apache is prone to an information-disclosure vulnerability. Attackers can leverage this issue to gain access to sensitive information; attacks may also result in denial-of-service conditions. Apache versions prior to 2.2.15 are affected. NOTE: This issue was previously described in BID 38494 (Apache Multiple Security Vulnerabilities), but has been assigned its own record to better document the vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434 http://svn.apache.org/viewvc?view=revision&revision=917867 http://httpd.apache.org/security/vulnerabilities_22.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 23ff92149bae266e77a0dee41145e112 2008.0/i586/apache-base-2.2.6-8.5mdv2008.0.i586.rpm ddad03b1e60dc5ce8e7c9153ab37d45f 2008.0/i586/apache-devel-2.2.6-8.5mdv2008.0.i586.rpm a9285879e43c043e0f34cc78fc5258e4 2008.0/i586/apache-htcacheclean-2.2.6-8.5mdv2008.0.i586.rpm 9c78955e8d90fc50c11ccc586de3b6b0 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.5mdv2008.0.i586.rpm 29152b393906d4092b002ad7f7fff4e5 2008.0/i586/apache-mod_cache-2.2.6-8.5mdv2008.0.i586.rpm 342b3554786301fb899c0d0643b9dd1f 2008.0/i586/apache-mod_dav-2.2.6-8.5mdv2008.0.i586.rpm 0af08060fc4d5c4cbc0ee3639471c89c 2008.0/i586/apache-mod_dbd-2.2.6-8.5mdv2008.0.i586.rpm 14be61e0738caf12de78792daf35442b 2008.0/i586/apache-mod_deflate-2.2.6-8.5mdv2008.0.i586.rpm de7a4078972db4b946a7005d294028fd 2008.0/i586/apache-mod_disk_cache-2.2.6-8.5mdv2008.0.i586.rpm 69aea451cea5fdfa8dce6df94e8131de 2008.0/i586/apache-mod_file_cache-2.2.6-8.5mdv2008.0.i586.rpm 0ec3642c409cbeffc75a4295fbc1d765 2008.0/i586/apache-mod_ldap-2.2.6-8.5mdv2008.0.i586.rpm 1e16a623413c47da5bc2a57a3d839931 2008.0/i586/apache-mod_mem_cache-2.2.6-8.5mdv2008.0.i586.rpm 54322826b45c5ac77c209f33923c25b5 2008.0/i586/apache-mod_proxy-2.2.6-8.5mdv2008.0.i586.rpm 8f6593751c159dac22d92dcc362fcc68 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.5mdv2008.0.i586.rpm 74c5f10e73350e8dd9eb91292fbf6710 2008.0/i586/apache-mod_ssl-2.2.6-8.5mdv2008.0.i586.rpm df03dd3122074164ab2207df1b3906f7 2008.0/i586/apache-modules-2.2.6-8.5mdv2008.0.i586.rpm 7239241849577e927dee2ec82a002380 2008.0/i586/apache-mod_userdir-2.2.6-8.5mdv2008.0.i586.rpm 5abbfef70091199964222cd403e0568f 2008.0/i586/apache-mpm-event-2.2.6-8.5mdv2008.0.i586.rpm e8baea47b9696f38cd65bb559c9ef463 2008.0/i586/apache-mpm-itk-2.2.6-8.5mdv2008.0.i586.rpm 6f2594f741cc54926d001954794fcfb3 2008.0/i586/apache-mpm-prefork-2.2.6-8.5mdv2008.0.i586.rpm 6954839d001c2955b01c1e03cbeec01d 2008.0/i586/apache-mpm-worker-2.2.6-8.5mdv2008.0.i586.rpm 482ad712e30a79f684f085fb43e93879 2008.0/i586/apache-source-2.2.6-8.5mdv2008.0.i586.rpm 90d942cb17fff4eec4eb1dc7920b0f1c 2008.0/SRPMS/apache-2.2.6-8.5mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 29c5a43bbf3ad019e438c4024b15106f 2008.0/x86_64/apache-base-2.2.6-8.5mdv2008.0.x86_64.rpm 563da7a13d54748afc8cfa7255a8bb74 2008.0/x86_64/apache-devel-2.2.6-8.5mdv2008.0.x86_64.rpm 2f1ec678f8969edd1927fcb6098f2e45 2008.0/x86_64/apache-htcacheclean-2.2.6-8.5mdv2008.0.x86_64.rpm b7b89b683f672d30c2a072ab07da14cd 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.5mdv2008.0.x86_64.rpm 924947249cf409c411c26de5d38841b3 2008.0/x86_64/apache-mod_cache-2.2.6-8.5mdv2008.0.x86_64.rpm fd976a7abea8a0d98afebfda596fb9e4 2008.0/x86_64/apache-mod_dav-2.2.6-8.5mdv2008.0.x86_64.rpm 0db499e7bd1530a5f61b01b75c162575 2008.0/x86_64/apache-mod_dbd-2.2.6-8.5mdv2008.0.x86_64.rpm a271f98bfd9fee474fd8ed6e32e7a4fd 2008.0/x86_64/apache-mod_deflate-2.2.6-8.5mdv2008.0.x86_64.rpm 9fa3c1ff2f71bdb4babd8a1ae05722ca 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.5mdv2008.0.x86_64.rpm fff28aa3fd1952d2d8b679e376020610 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.5mdv2008.0.x86_64.rpm d120a3b1941e24e3bf0404f09ca2bcc8 2008.0/x86_64/apache-mod_ldap-2.2.6-8.5mdv2008.0.x86_64.rpm eb4347aa9035aa0fe6b5026c7da10d46 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.5mdv2008.0.x86_64.rpm 4767ac49d8d2e32fae207fe0a2313ca3 2008.0/x86_64/apache-mod_proxy-2.2.6-8.5mdv2008.0.x86_64.rpm e3d0ffa255bbbccb59fda7a1282d7179 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.5mdv2008.0.x86_64.rpm 79fa1a0825bbbbcc4e72769b4520f8d3 2008.0/x86_64/apache-mod_ssl-2.2.6-8.5mdv2008.0.x86_64.rpm 70bf17490d2de9e961abcda95152f807 2008.0/x86_64/apache-modules-2.2.6-8.5mdv2008.0.x86_64.rpm a348607d816b11b0487c2e05e457a996 2008.0/x86_64/apache-mod_userdir-2.2.6-8.5mdv2008.0.x86_64.rpm 5cbfcc0a67b065e3e67e7e15f06d75ec 2008.0/x86_64/apache-mpm-event-2.2.6-8.5mdv2008.0.x86_64.rpm 4bc19735725da81eded3324c07a9a093 2008.0/x86_64/apache-mpm-itk-2.2.6-8.5mdv2008.0.x86_64.rpm 5547176fa7f2c19ba95f4ac8884bb4c7 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.5mdv2008.0.x86_64.rpm 02ff8d0c41101e3098cee705a8201575 2008.0/x86_64/apache-mpm-worker-2.2.6-8.5mdv2008.0.x86_64.rpm f2bd828f8d60254eddeda242bd7696b0 2008.0/x86_64/apache-source-2.2.6-8.5mdv2008.0.x86_64.rpm 90d942cb17fff4eec4eb1dc7920b0f1c 2008.0/SRPMS/apache-2.2.6-8.5mdv2008.0.src.rpm Mandriva Linux 2009.0: 34551cae6c61ac433ffff6fa46c7cd59 2009.0/i586/apache-base-2.2.9-12.9mdv2009.0.i586.rpm 25481b74180228902d00080d9bfc226f 2009.0/i586/apache-devel-2.2.9-12.9mdv2009.0.i586.rpm 7281a4912ddac9696b7cd416f73ed281 2009.0/i586/apache-htcacheclean-2.2.9-12.9mdv2009.0.i586.rpm bd94ed481bd5a3e16818d40dd1dbcf3a 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.9mdv2009.0.i586.rpm 3bb0ef08152e50a234daa555de7d4856 2009.0/i586/apache-mod_cache-2.2.9-12.9mdv2009.0.i586.rpm 5c0e6e70401c79e8a4842ad156d0b93e 2009.0/i586/apache-mod_dav-2.2.9-12.9mdv2009.0.i586.rpm 03eceff53b048314e6fb8fd3cb30cd2b 2009.0/i586/apache-mod_dbd-2.2.9-12.9mdv2009.0.i586.rpm ba8bf1747c9e2f7ec2bf33eb1e008787 2009.0/i586/apache-mod_deflate-2.2.9-12.9mdv2009.0.i586.rpm ff5778fa39d86582aed31af480a72475 2009.0/i586/apache-mod_disk_cache-2.2.9-12.9mdv2009.0.i586.rpm a78f8625e78c6d9042ea5f2fedc48bbc 2009.0/i586/apache-mod_file_cache-2.2.9-12.9mdv2009.0.i586.rpm 96abb0973a1636bdaa35b2c0e21c0f47 2009.0/i586/apache-mod_ldap-2.2.9-12.9mdv2009.0.i586.rpm 7b79b764bcd1682fbcd2bb7609379fa6 2009.0/i586/apache-mod_mem_cache-2.2.9-12.9mdv2009.0.i586.rpm a5d2a7bf906c9fa43ee427557107c628 2009.0/i586/apache-mod_proxy-2.2.9-12.9mdv2009.0.i586.rpm 12bca18d0968c38d832c26689f394d4f 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.9mdv2009.0.i586.rpm c3fa31437a6c7d2af1a8693941b2e4ea 2009.0/i586/apache-mod_ssl-2.2.9-12.9mdv2009.0.i586.rpm dccfc75d97f49c9bb4a31f64165fbc07 2009.0/i586/apache-modules-2.2.9-12.9mdv2009.0.i586.rpm 9b6e98c2d490ad471d7efbeb9b6f1882 2009.0/i586/apache-mod_userdir-2.2.9-12.9mdv2009.0.i586.rpm 72f53c32446474225c5d789446ff31be 2009.0/i586/apache-mpm-event-2.2.9-12.9mdv2009.0.i586.rpm 0a8bef467fc6ce9dcfb019934e400ddf 2009.0/i586/apache-mpm-itk-2.2.9-12.9mdv2009.0.i586.rpm 61fbfbb3a81996278e1ecc8ecb3bbea0 2009.0/i586/apache-mpm-peruser-2.2.9-12.9mdv2009.0.i586.rpm f97488bf62a402de4e069f099d19b946 2009.0/i586/apache-mpm-prefork-2.2.9-12.9mdv2009.0.i586.rpm 3d6a60af5f36580c1d408b776e38d7cb 2009.0/i586/apache-mpm-worker-2.2.9-12.9mdv2009.0.i586.rpm 1541f5510800ca16d411cc108d2f04e7 2009.0/i586/apache-source-2.2.9-12.9mdv2009.0.i586.rpm 90dbf41f264a031f26978b06eb61e3eb 2009.0/SRPMS/apache-2.2.9-12.9mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 3c46373187c18fc2120d6d8a06fbe800 2009.0/x86_64/apache-base-2.2.9-12.9mdv2009.0.x86_64.rpm 3a8b3154ec8a6a6d5157e369c82921fe 2009.0/x86_64/apache-devel-2.2.9-12.9mdv2009.0.x86_64.rpm 8632d86e56b89dbfd78728dec530313b 2009.0/x86_64/apache-htcacheclean-2.2.9-12.9mdv2009.0.x86_64.rpm e45065f760280c82ca41b39fab3af500 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.9mdv2009.0.x86_64.rpm 7821495e78ea828b124feca1d0b5e3a4 2009.0/x86_64/apache-mod_cache-2.2.9-12.9mdv2009.0.x86_64.rpm ff24ea3ce6b79f27df1da57004b6b419 2009.0/x86_64/apache-mod_dav-2.2.9-12.9mdv2009.0.x86_64.rpm 812b0343ea5cbdce80b615aaaaa7b3d0 2009.0/x86_64/apache-mod_dbd-2.2.9-12.9mdv2009.0.x86_64.rpm 07f63e1efda4a8656fe4ce93c285c56f 2009.0/x86_64/apache-mod_deflate-2.2.9-12.9mdv2009.0.x86_64.rpm bec9164a4b906c91e8ce791d2a673475 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.9mdv2009.0.x86_64.rpm 5dec095d50fefc94ca3667ca5905c1de 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.9mdv2009.0.x86_64.rpm e06416e1c8f4b86d7bc9a2bf09d3aa47 2009.0/x86_64/apache-mod_ldap-2.2.9-12.9mdv2009.0.x86_64.rpm 985ed3db05aab9093c6c739849a8f303 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.9mdv2009.0.x86_64.rpm f02c944bd14fef95f0528413be37d793 2009.0/x86_64/apache-mod_proxy-2.2.9-12.9mdv2009.0.x86_64.rpm 016eebea88ddf78fe9d9310de6f8b110 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.9mdv2009.0.x86_64.rpm 423a7dfdee11cc5685650a9e361d560a 2009.0/x86_64/apache-mod_ssl-2.2.9-12.9mdv2009.0.x86_64.rpm 3c513f39f64b52c48a7b3f9d6dbeca06 2009.0/x86_64/apache-modules-2.2.9-12.9mdv2009.0.x86_64.rpm c53cf2be3d49a43486f11d910d153993 2009.0/x86_64/apache-mod_userdir-2.2.9-12.9mdv2009.0.x86_64.rpm 68e8876c7ae3754d6e9130ad1a6df508 2009.0/x86_64/apache-mpm-event-2.2.9-12.9mdv2009.0.x86_64.rpm 0e21625ac42276652db827a225e4946a 2009.0/x86_64/apache-mpm-itk-2.2.9-12.9mdv2009.0.x86_64.rpm 31d61231859949f0c3202892cab66070 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.9mdv2009.0.x86_64.rpm 2d7faa63bb78578104a13d7cba7ff7f6 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.9mdv2009.0.x86_64.rpm f200e178f3335664205a57c47e55a158 2009.0/x86_64/apache-mpm-worker-2.2.9-12.9mdv2009.0.x86_64.rpm 28d29f445b09a9f04ca95c55defa73b3 2009.0/x86_64/apache-source-2.2.9-12.9mdv2009.0.x86_64.rpm 90dbf41f264a031f26978b06eb61e3eb 2009.0/SRPMS/apache-2.2.9-12.9mdv2009.0.src.rpm Mandriva Linux 2009.1: 75e56f4bed0e6e528154d10f6f31e0d2 2009.1/i586/apache-base-2.2.11-10.9mdv2009.1.i586.rpm 817e9bebbc2d720ce3fb4eac3e29e331 2009.1/i586/apache-devel-2.2.11-10.9mdv2009.1.i586.rpm 53195802184e37ee1f0a264d50d6cfd9 2009.1/i586/apache-htcacheclean-2.2.11-10.9mdv2009.1.i586.rpm f739e9b0a5d4c9040666aff71b2a4de8 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.9mdv2009.1.i586.rpm ae55b8790089b2cd848158a5c82403b4 2009.1/i586/apache-mod_cache-2.2.11-10.9mdv2009.1.i586.rpm 40032b4ff396c906597ea2f091d0a82c 2009.1/i586/apache-mod_dav-2.2.11-10.9mdv2009.1.i586.rpm e9bfce9f9965db9befc0bbc7a879e873 2009.1/i586/apache-mod_dbd-2.2.11-10.9mdv2009.1.i586.rpm 247901cb194b62dcc07542a6da3b057e 2009.1/i586/apache-mod_deflate-2.2.11-10.9mdv2009.1.i586.rpm 5f77ece73f84e29d4f11fab5a6efc0ff 2009.1/i586/apache-mod_disk_cache-2.2.11-10.9mdv2009.1.i586.rpm 39bcb1885f9d8352ad9af136aeebe226 2009.1/i586/apache-mod_file_cache-2.2.11-10.9mdv2009.1.i586.rpm 233d3224ba30cc7833503c96a7c145ce 2009.1/i586/apache-mod_ldap-2.2.11-10.9mdv2009.1.i586.rpm a210e9f35669c26ad59cee64d8cede3a 2009.1/i586/apache-mod_mem_cache-2.2.11-10.9mdv2009.1.i586.rpm 7e99a85386b813662559d82225450280 2009.1/i586/apache-mod_proxy-2.2.11-10.9mdv2009.1.i586.rpm 318c104ac5f737f8becc5e6e27dc7d92 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.9mdv2009.1.i586.rpm 1634649022f993cbe2faeb47aa11efb6 2009.1/i586/apache-mod_ssl-2.2.11-10.9mdv2009.1.i586.rpm bd0b651dfb0fbfed27e68839d87b1e8f 2009.1/i586/apache-modules-2.2.11-10.9mdv2009.1.i586.rpm 2ec040a5a19ff5087dd63676dcd4d7d3 2009.1/i586/apache-mod_userdir-2.2.11-10.9mdv2009.1.i586.rpm 23f71dca2412d3d4c9f19636c6724788 2009.1/i586/apache-mpm-event-2.2.11-10.9mdv2009.1.i586.rpm e783f4497a37196cedb06ebf48e5cf88 2009.1/i586/apache-mpm-itk-2.2.11-10.9mdv2009.1.i586.rpm 69a26c4225a64cd01fead3037dfdb460 2009.1/i586/apache-mpm-peruser-2.2.11-10.9mdv2009.1.i586.rpm 9a6711b33371ada3cca710e3d077072f 2009.1/i586/apache-mpm-prefork-2.2.11-10.9mdv2009.1.i586.rpm bf8a0a578d905c83e6fb21652cf2efa8 2009.1/i586/apache-mpm-worker-2.2.11-10.9mdv2009.1.i586.rpm 27fd547651fa32ddaf2a49595f1cda94 2009.1/i586/apache-source-2.2.11-10.9mdv2009.1.i586.rpm 86177bd1b2993d442a45de0057ba3371 2009.1/SRPMS/apache-2.2.11-10.9mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: b7493b7c24c69bd4d5d46d68015c1954 2009.1/x86_64/apache-base-2.2.11-10.9mdv2009.1.x86_64.rpm e03c8ac80281ac777d47175b5eefca80 2009.1/x86_64/apache-devel-2.2.11-10.9mdv2009.1.x86_64.rpm 39286b02f42bc078fba50b7ea2d35b53 2009.1/x86_64/apache-htcacheclean-2.2.11-10.9mdv2009.1.x86_64.rpm 198fcc2117c9d576d2d4b5fee6c43ca7 2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.9mdv2009.1.x86_64.rpm f49b0c5819625b44f201f0a35387ce50 2009.1/x86_64/apache-mod_cache-2.2.11-10.9mdv2009.1.x86_64.rpm 330eb48ed00ec971568b367bab7fc1b9 2009.1/x86_64/apache-mod_dav-2.2.11-10.9mdv2009.1.x86_64.rpm 4300c5bacef317a49a2a8ef443ad6a75 2009.1/x86_64/apache-mod_dbd-2.2.11-10.9mdv2009.1.x86_64.rpm 3a72f1c99806427d4485f246657a0bfa 2009.1/x86_64/apache-mod_deflate-2.2.11-10.9mdv2009.1.x86_64.rpm b506f65c8e4f0c0f82907a958cba9dbf 2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.9mdv2009.1.x86_64.rpm a778167079f5510f54d896951bf5414e 2009.1/x86_64/apache-mod_file_cache-2.2.11-10.9mdv2009.1.x86_64.rpm efe84333004b0c1e1c1c24d05c63bc4f 2009.1/x86_64/apache-mod_ldap-2.2.11-10.9mdv2009.1.x86_64.rpm 9831767144c303e8035b72148c19acee 2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.9mdv2009.1.x86_64.rpm 77d892f2a3f4fe750e335fcd77abed27 2009.1/x86_64/apache-mod_proxy-2.2.11-10.9mdv2009.1.x86_64.rpm 4be9610034ecc78e9c5f92f076cecbbe 2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.9mdv2009.1.x86_64.rpm fa6ee038a22d7721936f4489caf9b74f 2009.1/x86_64/apache-mod_ssl-2.2.11-10.9mdv2009.1.x86_64.rpm a3ec6755a5f1642a8afc92477da13ccc 2009.1/x86_64/apache-modules-2.2.11-10.9mdv2009.1.x86_64.rpm 1ee56400bf6828c81bbea38a2d66c5cc 2009.1/x86_64/apache-mod_userdir-2.2.11-10.9mdv2009.1.x86_64.rpm df6155156b5896890dd47f72396f7624 2009.1/x86_64/apache-mpm-event-2.2.11-10.9mdv2009.1.x86_64.rpm 3c1d3f889db936fe85f2cb0a57d91470 2009.1/x86_64/apache-mpm-itk-2.2.11-10.9mdv2009.1.x86_64.rpm ce9c8d4886ba96907c878650226dc759 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.9mdv2009.1.x86_64.rpm 85683f5c477867c69a8bfd1d4d32f800 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.9mdv2009.1.x86_64.rpm 684902be8e369ddc9c2baefd83f37841 2009.1/x86_64/apache-mpm-worker-2.2.11-10.9mdv2009.1.x86_64.rpm c3247495ef79977074487ed254b9fc70 2009.1/x86_64/apache-source-2.2.11-10.9mdv2009.1.x86_64.rpm 86177bd1b2993d442a45de0057ba3371 2009.1/SRPMS/apache-2.2.11-10.9mdv2009.1.src.rpm Mandriva Linux 2010.0: e9927cf16ed8828131df85685f290708 2010.0/i586/apache-base-2.2.14-1.4mdv2010.0.i586.rpm b781078582f12f11ce00a2a771729a12 2010.0/i586/apache-devel-2.2.14-1.4mdv2010.0.i586.rpm 8b2b02fe15ab2674182bb36e92d5d6bb 2010.0/i586/apache-htcacheclean-2.2.14-1.4mdv2010.0.i586.rpm e3117be319f6007c1e32175dab3dd269 2010.0/i586/apache-mod_authn_dbd-2.2.14-1.4mdv2010.0.i586.rpm 2e140e4a25f125845e5303f613182728 2010.0/i586/apache-mod_cache-2.2.14-1.4mdv2010.0.i586.rpm 65ab42342f5ac48ca1ef81f3a1d484c6 2010.0/i586/apache-mod_dav-2.2.14-1.4mdv2010.0.i586.rpm 7dbd27994acad24b4da011a5225754a8 2010.0/i586/apache-mod_dbd-2.2.14-1.4mdv2010.0.i586.rpm 3e0312e8616b2a93c3ded9d0e98d3e01 2010.0/i586/apache-mod_deflate-2.2.14-1.4mdv2010.0.i586.rpm 1ea13c809fd1e85f8b6ff4e73811207f 2010.0/i586/apache-mod_disk_cache-2.2.14-1.4mdv2010.0.i586.rpm eb675bb1bb1e562335295e01ed84409d 2010.0/i586/apache-mod_file_cache-2.2.14-1.4mdv2010.0.i586.rpm 9bafae0ca87da81fb45b9f9f20c56472 2010.0/i586/apache-mod_ldap-2.2.14-1.4mdv2010.0.i586.rpm 594b51bbcbce61750bb084113a35f5d0 2010.0/i586/apache-mod_mem_cache-2.2.14-1.4mdv2010.0.i586.rpm a2cbbe7507ea6cbeb565eb5bd6e58499 2010.0/i586/apache-mod_proxy-2.2.14-1.4mdv2010.0.i586.rpm 9f05ff1033b165af62c43625e2f2248d 2010.0/i586/apache-mod_proxy_ajp-2.2.14-1.4mdv2010.0.i586.rpm 5ee996ba6e070f6ce9a2ad96c38d1579 2010.0/i586/apache-mod_proxy_scgi-2.2.14-1.4mdv2010.0.i586.rpm d77c2d33a0acb0621ae01236a9bd2ea8 2010.0/i586/apache-mod_ssl-2.2.14-1.4mdv2010.0.i586.rpm cc394176445ec7e29e7058135e0d16a5 2010.0/i586/apache-modules-2.2.14-1.4mdv2010.0.i586.rpm d66e24d8bd336f344d69e5ab0e2ed665 2010.0/i586/apache-mod_userdir-2.2.14-1.4mdv2010.0.i586.rpm 4ae88b5189af8e2788261c0e8c44183e 2010.0/i586/apache-mpm-event-2.2.14-1.4mdv2010.0.i586.rpm 436cee9cce6eec793421daf8a36166f8 2010.0/i586/apache-mpm-itk-2.2.14-1.4mdv2010.0.i586.rpm 86708b2499826cca8bb771a90181f299 2010.0/i586/apache-mpm-peruser-2.2.14-1.4mdv2010.0.i586.rpm d087904ee7871d5870fa8863e14d79eb 2010.0/i586/apache-mpm-prefork-2.2.14-1.4mdv2010.0.i586.rpm 5a09521d5d7c3051f3036c734315d7c6 2010.0/i586/apache-mpm-worker-2.2.14-1.4mdv2010.0.i586.rpm 4e4674ec021b6f049694d945d2da8362 2010.0/i586/apache-source-2.2.14-1.4mdv2010.0.i586.rpm e94893f474b2777db10de23fdab07e99 2010.0/SRPMS/apache-2.2.14-1.4mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 3a9b16453f85ba791b755c70880f4bb6 2010.0/x86_64/apache-base-2.2.14-1.4mdv2010.0.x86_64.rpm 4a8f74864d709908d9a4e37371a55015 2010.0/x86_64/apache-devel-2.2.14-1.4mdv2010.0.x86_64.rpm 68c08f5e75e65d8a1ee46a487a145ad1 2010.0/x86_64/apache-htcacheclean-2.2.14-1.4mdv2010.0.x86_64.rpm b16c9e431c3a150fd711dc2563c1124c 2010.0/x86_64/apache-mod_authn_dbd-2.2.14-1.4mdv2010.0.x86_64.rpm 7ab650ea5dfcf70692b7309b6755946e 2010.0/x86_64/apache-mod_cache-2.2.14-1.4mdv2010.0.x86_64.rpm 47d19ce5b7e26832f48e2ba8416dedfb 2010.0/x86_64/apache-mod_dav-2.2.14-1.4mdv2010.0.x86_64.rpm fd4ef2c9ae898cbffd1416037f92c5ae 2010.0/x86_64/apache-mod_dbd-2.2.14-1.4mdv2010.0.x86_64.rpm 80fa6fa1a47561803bbf77ec9910afd8 2010.0/x86_64/apache-mod_deflate-2.2.14-1.4mdv2010.0.x86_64.rpm e3320d59d9ea09562a56dbb4f88222ee 2010.0/x86_64/apache-mod_disk_cache-2.2.14-1.4mdv2010.0.x86_64.rpm 4234449b5ae220e69d7ba010bad00ba6 2010.0/x86_64/apache-mod_file_cache-2.2.14-1.4mdv2010.0.x86_64.rpm b420809b9fb623d8b553208724004367 2010.0/x86_64/apache-mod_ldap-2.2.14-1.4mdv2010.0.x86_64.rpm 51a6156b7a3610cafaebe0e5ea7c9782 2010.0/x86_64/apache-mod_mem_cache-2.2.14-1.4mdv2010.0.x86_64.rpm e13d2cea8bdb4c6d962094e7d284ac30 2010.0/x86_64/apache-mod_proxy-2.2.14-1.4mdv2010.0.x86_64.rpm 95932094d507bf5b41b582b554deff2c 2010.0/x86_64/apache-mod_proxy_ajp-2.2.14-1.4mdv2010.0.x86_64.rpm c68f9ba9d1a7917afff7a317712b098a 2010.0/x86_64/apache-mod_proxy_scgi-2.2.14-1.4mdv2010.0.x86_64.rpm 370de7fb272511910ad0a8278e8e65f3 2010.0/x86_64/apache-mod_ssl-2.2.14-1.4mdv2010.0.x86_64.rpm 9a6a05d650d0947afa1a6a3645f11371 2010.0/x86_64/apache-modules-2.2.14-1.4mdv2010.0.x86_64.rpm e9b8d38fa9f94fa840c5a781c90ed412 2010.0/x86_64/apache-mod_userdir-2.2.14-1.4mdv2010.0.x86_64.rpm 3f3476045c8b28c7bfd65f496d3f24c9 2010.0/x86_64/apache-mpm-event-2.2.14-1.4mdv2010.0.x86_64.rpm 07539efe82ed475c622541c162771a27 2010.0/x86_64/apache-mpm-itk-2.2.14-1.4mdv2010.0.x86_64.rpm 74d7fd8b49f996061b375c155f1f1630 2010.0/x86_64/apache-mpm-peruser-2.2.14-1.4mdv2010.0.x86_64.rpm f88aefd516b55db68839efc32af91073 2010.0/x86_64/apache-mpm-prefork-2.2.14-1.4mdv2010.0.x86_64.rpm 4356cebc14ee955781b48b51bed98016 2010.0/x86_64/apache-mpm-worker-2.2.14-1.4mdv2010.0.x86_64.rpm f88857e7a76c59196a3736b665d94080 2010.0/x86_64/apache-source-2.2.14-1.4mdv2010.0.x86_64.rpm e94893f474b2777db10de23fdab07e99 2010.0/SRPMS/apache-2.2.14-1.4mdv2010.0.src.rpm Corporate 4.0: 668c6d9467773b4482233a474a7d792e corporate/4.0/i586/apache-base-2.2.3-1.11.20060mlcs4.i586.rpm eaf9c8c593b700877d7d833f06056fe1 corporate/4.0/i586/apache-devel-2.2.3-1.11.20060mlcs4.i586.rpm 2b29abe3f2a0b774492bac9c249aca0a corporate/4.0/i586/apache-htcacheclean-2.2.3-1.11.20060mlcs4.i586.rpm c70b3d5dd5111bdfa001cbff301f6c41 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.11.20060mlcs4.i586.rpm 7906cc2799e66bdf2fc48be55926fe98 corporate/4.0/i586/apache-mod_cache-2.2.3-1.11.20060mlcs4.i586.rpm ee55e3d1a8e6263726caa85db1bb570f corporate/4.0/i586/apache-mod_dav-2.2.3-1.11.20060mlcs4.i586.rpm d36275603d7c7eec7f593f8a7668b58c corporate/4.0/i586/apache-mod_dbd-2.2.3-1.11.20060mlcs4.i586.rpm 10eb8dac17e94a340167d142eb2e83fd corporate/4.0/i586/apache-mod_deflate-2.2.3-1.11.20060mlcs4.i586.rpm 9c70e39afb80762e7b668cea550ed67a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.11.20060mlcs4.i586.rpm 196433f929fe1198e3e760b7f1c92767 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.11.20060mlcs4.i586.rpm 3303a316fa6f7f7bcfc57361a2ca7941 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.11.20060mlcs4.i586.rpm a0d6f7df0f8654cf96e11a411ec61c79 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.11.20060mlcs4.i586.rpm 75f4397b7f0fdf966c160f8d8d088396 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.11.20060mlcs4.i586.rpm 2e20cfa63e8e6cef8c32db70a9bc9800 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.11.20060mlcs4.i586.rpm e0c7446fff348dda594a07324a1d11aa corporate/4.0/i586/apache-mod_ssl-2.2.3-1.11.20060mlcs4.i586.rpm d4c567cc1987747a48885a9b1f980a9e corporate/4.0/i586/apache-modules-2.2.3-1.11.20060mlcs4.i586.rpm 855a41782047ee044f9a21f6071d86f1 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.11.20060mlcs4.i586.rpm 08847dbd61763241c5a324a4968f8062 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.11.20060mlcs4.i586.rpm 9d8564218ed1e042aee73935b849346f corporate/4.0/i586/apache-mpm-worker-2.2.3-1.11.20060mlcs4.i586.rpm 65fdccb338608a8db640aacbaa05ff61 corporate/4.0/i586/apache-source-2.2.3-1.11.20060mlcs4.i586.rpm 09933b8326a89a171a12808354acd8cf corporate/4.0/SRPMS/apache-2.2.3-1.11.20060mlcs4.src.rpm Corporate 4.0/X86_64: f52950591695b1acf0a623ca6c3d25a7 corporate/4.0/x86_64/apache-base-2.2.3-1.11.20060mlcs4.x86_64.rpm 9a37c7ce2aee7130bd13ce7458868065 corporate/4.0/x86_64/apache-devel-2.2.3-1.11.20060mlcs4.x86_64.rpm 7aa953fcdecb937530a2ef6a0b945867 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.11.20060mlcs4.x86_64.rpm 9a0a976e094b004eb5bca13ac47d14c9 corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.11.20060mlcs4.x86_64.rpm bf78b0f1dc8c99908dba3fab47c51aa8 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm 0b6652d44db18642e0a26a675ccae2d2 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.11.20060mlcs4.x86_64.rpm 46b638e9045512672b62bff8d2996406 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.11.20060mlcs4.x86_64.rpm b8b71e3dcf4745a20ef0294342b2ea18 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.11.20060mlcs4.x86_64.rpm a97ba505ddeb185bcf9900def4151f33 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm e0ad4578f1fa0aa35ff3228d48bc6ddd corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm ed8221c22f6c1aa8f7122b41e3590b2b corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.11.20060mlcs4.x86_64.rpm b9f9d4c8a9c05601e535b274d4d2925d corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm b54558074746ad5ded4dfb8b1f98bed3 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.11.20060mlcs4.x86_64.rpm f22fd7036529b6e989ce15a064decda7 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.11.20060mlcs4.x86_64.rpm 6a1aa90a04d512268ebec80efe8c6604 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.11.20060mlcs4.x86_64.rpm 0abaf16c45ddc32a74af0a0197ee516e corporate/4.0/x86_64/apache-modules-2.2.3-1.11.20060mlcs4.x86_64.rpm 6bf9fb8cbea2382ee4599cc564cf616b corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.11.20060mlcs4.x86_64.rpm e1c5c7edde8868cfa9c50048c73cdfde corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.11.20060mlcs4.x86_64.rpm aed1f4d44d52e7c57ab5b2315d1eb5de corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.11.20060mlcs4.x86_64.rpm 79e7e8cbabd87b695079d17ea87a8f22 corporate/4.0/x86_64/apache-source-2.2.3-1.11.20060mlcs4.x86_64.rpm 09933b8326a89a171a12808354acd8cf corporate/4.0/SRPMS/apache-2.2.3-1.11.20060mlcs4.src.rpm Mandriva Enterprise Server 5: ab753cc4d946b437ae2ccb92bc693214 mes5/i586/apache-base-2.2.9-12.9mdvmes5.i586.rpm b803256b19d3d6d67c4d0a8bb393b8e8 mes5/i586/apache-devel-2.2.9-12.9mdvmes5.i586.rpm aee26793a2a498fa6dc2f265759d5814 mes5/i586/apache-htcacheclean-2.2.9-12.9mdvmes5.i586.rpm bb56d96f1f9cb12da0c93fa5e8ced62c mes5/i586/apache-mod_authn_dbd-2.2.9-12.9mdvmes5.i586.rpm db388a6e86da85b0345549a769838338 mes5/i586/apache-mod_cache-2.2.9-12.9mdvmes5.i586.rpm 709a73e958cf8ea5e0e4e6de042a9616 mes5/i586/apache-mod_dav-2.2.9-12.9mdvmes5.i586.rpm 0c56296747ba09a45f3fdb65fe98289a mes5/i586/apache-mod_dbd-2.2.9-12.9mdvmes5.i586.rpm 3919222f07bc617a67cd71bf5fcfbced mes5/i586/apache-mod_deflate-2.2.9-12.9mdvmes5.i586.rpm 2bbc3c0f442d8cae8365c876a5ded950 mes5/i586/apache-mod_disk_cache-2.2.9-12.9mdvmes5.i586.rpm 17c669c5adb8cffb402ac967a9f7a422 mes5/i586/apache-mod_file_cache-2.2.9-12.9mdvmes5.i586.rpm 1525f35fab129296b804e5f17d18a6e9 mes5/i586/apache-mod_ldap-2.2.9-12.9mdvmes5.i586.rpm 86c8298f449398214cb3b8a5f399e790 mes5/i586/apache-mod_mem_cache-2.2.9-12.9mdvmes5.i586.rpm 04768b92d82a98f509231d4c870a1623 mes5/i586/apache-mod_proxy-2.2.9-12.9mdvmes5.i586.rpm 27cdd5af7a1c4537b0aad63eba70d561 mes5/i586/apache-mod_proxy_ajp-2.2.9-12.9mdvmes5.i586.rpm 0735424a7025fd9fec0364615a89399a mes5/i586/apache-mod_ssl-2.2.9-12.9mdvmes5.i586.rpm a7ab1086cd5749fd546d006990240e8a mes5/i586/apache-modules-2.2.9-12.9mdvmes5.i586.rpm 3ceb930ab6712f703342e831e1d11eca mes5/i586/apache-mod_userdir-2.2.9-12.9mdvmes5.i586.rpm e8ec84e75a90188c5382e22f468f9cc6 mes5/i586/apache-mpm-event-2.2.9-12.9mdvmes5.i586.rpm 79139ce85dcc5852013bb94b045728b8 mes5/i586/apache-mpm-itk-2.2.9-12.9mdvmes5.i586.rpm 3ca13b36cde107ba6256f8c6881ae3ff mes5/i586/apache-mpm-peruser-2.2.9-12.9mdvmes5.i586.rpm bff93a0aae65d96a98465b8743d24097 mes5/i586/apache-mpm-prefork-2.2.9-12.9mdvmes5.i586.rpm f31d43be7ef441542cdf5277a951bd13 mes5/i586/apache-mpm-worker-2.2.9-12.9mdvmes5.i586.rpm f0a69821d26df25985425d1e240d22eb mes5/i586/apache-source-2.2.9-12.9mdvmes5.i586.rpm e77b08e4049e35c70caf5a9772fcb4d6 mes5/SRPMS/apache-2.2.9-12.9mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: b5c4364550d30cadcb8da1713da1be43 mes5/x86_64/apache-base-2.2.9-12.9mdvmes5.x86_64.rpm 65cfde8292d15799777a1c0bf127c078 mes5/x86_64/apache-devel-2.2.9-12.9mdvmes5.x86_64.rpm 11cbc22e93750a05a7c9ac978542dc0d mes5/x86_64/apache-htcacheclean-2.2.9-12.9mdvmes5.x86_64.rpm 603506340ac0226b47e837523a224ccc mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.9mdvmes5.x86_64.rpm 6b00730124b1155e9e2093b2703549b0 mes5/x86_64/apache-mod_cache-2.2.9-12.9mdvmes5.x86_64.rpm 85996a15d22fc079e980caa59e8d4ec4 mes5/x86_64/apache-mod_dav-2.2.9-12.9mdvmes5.x86_64.rpm 23536fc192a03183b4205cccd26ca9a8 mes5/x86_64/apache-mod_dbd-2.2.9-12.9mdvmes5.x86_64.rpm 92e853e261b90443477cffe13d2003c2 mes5/x86_64/apache-mod_deflate-2.2.9-12.9mdvmes5.x86_64.rpm 9cfe368d3426e7db68eb3028f5859252 mes5/x86_64/apache-mod_disk_cache-2.2.9-12.9mdvmes5.x86_64.rpm 7def06fe5ea594bff7c2c56b0fd702cd mes5/x86_64/apache-mod_file_cache-2.2.9-12.9mdvmes5.x86_64.rpm 8d5e9d9068fd593b39049135b952de3a mes5/x86_64/apache-mod_ldap-2.2.9-12.9mdvmes5.x86_64.rpm 08d7f342b798fbac376b3b98d9b63a8d mes5/x86_64/apache-mod_mem_cache-2.2.9-12.9mdvmes5.x86_64.rpm bc4ae67984c3ff95a6e743f055bdb820 mes5/x86_64/apache-mod_proxy-2.2.9-12.9mdvmes5.x86_64.rpm c7001da2dda0f9f6c123deedc6838c92 mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.9mdvmes5.x86_64.rpm ccebc8825a1e0cfe646e69ac3f69979c mes5/x86_64/apache-mod_ssl-2.2.9-12.9mdvmes5.x86_64.rpm f6e8bd9997495e029c5116946309e674 mes5/x86_64/apache-modules-2.2.9-12.9mdvmes5.x86_64.rpm 0df2b76a7584cdd338ea3a07dc638f91 mes5/x86_64/apache-mod_userdir-2.2.9-12.9mdvmes5.x86_64.rpm 0da8cb061c0e998873ae918632779c91 mes5/x86_64/apache-mpm-event-2.2.9-12.9mdvmes5.x86_64.rpm 4a10c80635de94349ecea9d2a4f47f6f mes5/x86_64/apache-mpm-itk-2.2.9-12.9mdvmes5.x86_64.rpm 85226385f0c88832485bf4cd5971bccc mes5/x86_64/apache-mpm-peruser-2.2.9-12.9mdvmes5.x86_64.rpm bb68e58098534428bb50f440a5b527e6 mes5/x86_64/apache-mpm-prefork-2.2.9-12.9mdvmes5.x86_64.rpm 359057702b8979d498c01e290ada60bf mes5/x86_64/apache-mpm-worker-2.2.9-12.9mdvmes5.x86_64.rpm 1ab2afc3b67ebef018b54326e1316192 mes5/x86_64/apache-source-2.2.9-12.9mdvmes5.x86_64.rpm e77b08e4049e35c70caf5a9772fcb4d6 mes5/SRPMS/apache-2.2.9-12.9mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLkqZUmqjQ0CJFipgRAi2DAKDqzmVn1xVe0S9g4aPVNUZ1agLOfQCgyOLQ CroOeqtSuQuKm9aO+TC3+rE= =g/4G -----END PGP SIGNATURE----- . Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways. A local attacker could gain escalated privileges. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache HTTP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.22-r1" References ========== [ 1 ] CVE-2010-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408 [ 2 ] CVE-2010-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434 [ 3 ] CVE-2010-1452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452 [ 4 ] CVE-2010-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791 [ 5 ] CVE-2011-3192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192 [ 6 ] CVE-2011-3348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348 [ 7 ] CVE-2011-3368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368 [ 8 ] CVE-2011-3607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607 [ 9 ] CVE-2011-4317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317 [ 10 ] CVE-2012-0021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021 [ 11 ] CVE-2012-0031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031 [ 12 ] CVE-2012-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053 [ 13 ] CVE-2012-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-25.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Apache HTTP Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38776 VERIFY ADVISORY: http://secunia.com/advisories/38776/ DESCRIPTION: Some vulnerabilities have been reported in Apache HTTP Server, where one has unknown impacts and others can be exploited by malicious people to gain access to potentially sensitive information or cause a DoS (Denial of Service). 1) The "ap_proxy_ajp_request()" function in modules/proxy/mod_proxy_ajp.c of the mod_proxy_ajp module returns the "HTTP_INTERNAL_SERVER_ERROR" error code when processing certain malformed requests. This can be exploited to put the backend server into an error state until the retry timeout expired by sending specially crafted requests. 3) An error exists within the header handling when processing subrequests, which can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded Multi-Processing Module (MPM) is used. Vulnerabilities #1 and #3 are reported in version 2.2.0, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.8, 2.2.9, 2.2.11, 2.2.12, 2.2.13, and 2.2.14. SOLUTION: Fixed in httpd 2.2.15-dev. Update to version 2.2.15 as soon as it becomes available. PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor. 3) Reported in a bug report by Philip Pickett ORIGINAL ADVISORY: http://httpd.apache.org/security/vulnerabilities_22.html http://svn.apache.org/viewvc?view=revision&revision=917875 http://svn.apache.org/viewvc?view=revision&revision=917870 https://issues.apache.org/bugzilla/show_bug.cgi?id=48359 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2010-0014 Synopsis: VMware Workstation, Player, and ACE address several security issues. Issue date: 2010-09-23 Updated on: 2010-09-23 (initial release of advisory) CVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205 CVE-2010-2249 CVE-2010-0434 CVE-2010-0425 - ------------------------------------------------------------------------ 1. Summary VMware Workstation and Player address a potential installer security issue and security issues in libpng. VMware ACE Management Server (AMS) for Windows updates Apache httpd. 2. Relevant releases VMware Workstation 7.1.1 and earlier, VMware Player 3.1.1 and earlier, VMware ACE Management Server 2.7.1 and earlier, Note: VMware Server was declared End Of Availability on January 2010, support will be limited to Technical Guidance for the duration of the support term. 3. Problem Description a. VMware Workstation and Player installer security issue The Workstation 7.x and Player 3.x installers will load an index.htm file located in the current working directory on which Workstation 7.x or Player 3.x is being installed. This may allow an attacker to display a malicious file if they manage to get their file onto the system prior to installation. The issue can only be exploited at the time that Workstation 7.x or Player 3.x is being installed. The security issue is no longer present in the installer of the new versions of Workstation 7.x and Player 3.x (see table below for the version numbers). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3277 to this issue. VMware would like to thank Alexander Trofimov and Marc Esher for independently reporting this issue to VMware. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 7.x any 7.1.2 build 301548 or later * Workstation 6.5.x any not affected Player 3.x any 3.1.2 build 301548 or later * Player 2.5.x any not affected AMS any any not affected Server any any not affected Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX any ESX not affected * Note: This only affects the installer, if you have a version of Workstation or Player installed you are not vulnerable. b. Third party libpng updated to version 1.2.44 A buffer overflow condition in libpng is addressed that could potentially lead to code execution with the privileges of the application using libpng. Two potential denial of service issues are also addressed in the update. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1205, CVE-2010-0205, CVE-2010-2249 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 7.1.x any 7.1.2 build 301548 or later Workstation 6.5.x any affected, patch pending Player 3.1.x any 3.1.2 build 301548 or later Player 2.5.x any affected, patch pending AMS any any not affected Server any any affected, no patch planned Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX any ESX not affected c. VMware ACE Management Server (AMS) for Windows updates Apache httpd version 2.2.15. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0434 and CVE-2010-0425 to the issues addressed in this update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation any any not affected Player any any not affected AMS any Windows 2.7.2 build 301548 or later AMS any Linux affected, patch pending * Server any any not affected Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX any ESX not affected * Note CVE-2010-0425 is not applicable to AMS running on Linux 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Workstation 7.1.2 ------------------------ http://www.vmware.com/download/ws/ Release notes: http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html Workstation for Windows 32-bit and 64-bit with VMware Tools md5sum: 2e9715ec297dc3ca904ad2707d3e2614 sha1sum: 55b2b99f67c3dacd402fb9880999086efd264e7a Workstation for Windows 32-bit and 64-bit without VMware Tools md5sum: 066929f59aef46f11f4d9fd6c6b36e4d sha1sum: def776a28ee1a21b1ad26e836ae868551fff6fc3 VMware Player 3.1.2 ------------------- http://www.vmware.com/download/player/ Release notes: http://downloads.vmware.com/support/player31/doc/releasenotes_player312.html VMware Player for Windows 32-bit and 64-bit md5sum: 3f289cb33af5e425c92d8512fb22a7ba sha1sum: bf67240c1f410ebeb8dcb4f6d7371334bf9a6b70 VMware Player for Linux 32-bit md5sum: 11e3e3e8753e1d9abbbb92c4e3c1dfe8 sha1sum: dd1dbcdb1f4654eefc11472b68934dcb69842749 VMware Player for Linux 64-bit md5sum: 2ab08e0d4050719845a64d334ca15bb1 sha1sum: f024ad84ec831fce8667dfa9601851da5d9fa59c VMware ACE Management Server 2.7.2 ---------------------------------- http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7 Release notes: http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html ACE Management Server for Windows md5sum: 02f0072b8e48a98ed914b633f070d550 sha1sum: 94a68eac4a328d21a741879b9d063227c0dc1ce4 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425 - ------------------------------------------------------------------------ 6. Change log 2010-09-23 VMSA-2010-0014 Initial security advisory after release of Workstation 7.1.2, Player 3.1.2 and ACE Management Server 2.7.2 on 2010-09-23 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware Security Advisories http://www.vmware.com/security/advisoiries VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iEYEARECAAYFAkycSrQACgkQS2KysvBH1xmT9wCfbBUS4GYrJohz+QMLYcoiFmSh eTgAoIAmx+ilbe2myj02daLjFrVQfQII =5jlh -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-908-1 March 10, 2010 apache2 vulnerabilities CVE-2010-0408, CVE-2010-0434 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.10 Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.15 Ubuntu 8.10: apache2.2-common 2.2.9-7ubuntu3.6 Ubuntu 9.04: apache2.2-common 2.2.11-2ubuntu2.6 Ubuntu 9.10: apache2.2-common 2.2.12-1ubuntu2.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. (CVE-2010-0408) It was discovered that Apache did not properly handle headers in subrequests under certain conditions. (CVE-2010-0434) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.10.diff.gz Size/MD5: 132089 426096b5df2f66afdc5238e1a36ad7ae http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.10.dsc Size/MD5: 1159 89f54b0237d3770822f4dcfa62bfa873 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.10_all.deb Size/MD5: 2126014 e9b8c902a850462498ab760300ff6cac amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.10_amd64.deb Size/MD5: 834550 7bfe05f8ccc35b49e8998bc75f114e44 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.10_amd64.deb Size/MD5: 229650 ebc761664f68ccd5805e63eaecc1fba6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.10_amd64.deb Size/MD5: 224730 da6f9cd05b7a8feaa738a91d67f39c74 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.10_amd64.deb Size/MD5: 229224 e087b7f813d42f2622c5292ce30f1ffa http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.10_amd64.deb Size/MD5: 172968 37cfdc9dd428d96eb91e11c94edc4988 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.10_amd64.deb Size/MD5: 173760 3269814929d4a742c3aa4df43b125238 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.10_amd64.deb Size/MD5: 95562 782b22fdd2dca1031065c5d4d6fa6931 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.10_amd64.deb Size/MD5: 37614 448a6d1968f64595bb30644a50ec9dee http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.10_amd64.deb Size/MD5: 287158 882d910084c66b442bbdcd04643b67b2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.10_amd64.deb Size/MD5: 145732 27844ce798fe5a89b0a612254a31a9ce i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.10_i386.deb Size/MD5: 787934 252a6dcbd54e8107a2e78faaa2cf233a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.10_i386.deb Size/MD5: 204202 7859818455e0b7729e5c5a7b1351b824 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.10_i386.deb Size/MD5: 200134 dc6ecf58a2877af8233c2022ff26c193 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.10_i386.deb Size/MD5: 203674 4d1017b6964f5dba1baf3a8f6605659a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.10_i386.deb Size/MD5: 172992 67ae3a23063006ba0c7b85996a216f0b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.10_i386.deb Size/MD5: 173764 fcff9551d128201554386ca20b4cad04 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.10_i386.deb Size/MD5: 93528 61dcc7a007dd827c0853c43dd817a53c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.10_i386.deb Size/MD5: 37610 1f5ef7a7233531c6ca3389103ad31081 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.10_i386.deb Size/MD5: 263174 cfb02840f6dfaaedbf6b3afc09781c53 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.10_i386.deb Size/MD5: 133598 417b4a1b229447ad9b3f4a6fcfb23de2 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.10_powerpc.deb Size/MD5: 860642 48ff1bc6cb2f03809199402b276d3c79 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.10_powerpc.deb Size/MD5: 221616 ce06bf591c2af7dac0f21c64179b6b9f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.10_powerpc.deb Size/MD5: 217250 854c8b46a495752ce561bc64f69926a6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.10_powerpc.deb Size/MD5: 221100 6094b4cda7e06af45d46e82931037912 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.10_powerpc.deb Size/MD5: 172980 bf6bda9d816af33d521aef4d0d19d910 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.10_powerpc.deb Size/MD5: 173760 3ed3d7f93b21bf01acde0cda9f81e3f6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.10_powerpc.deb Size/MD5: 105290 bab3bec77e0fd96f8f6d71a925c6c4a6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.10_powerpc.deb Size/MD5: 37612 f950cac274a27ddd8c3e3ba0d51c6e67 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.10_powerpc.deb Size/MD5: 282738 fec6bcf82912a5eb03663ff9897a2730 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.10_powerpc.deb Size/MD5: 142828 7a5f915bc7c92ad390b1b84f02b05167 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.10_sparc.deb Size/MD5: 805156 d9a317d7cd5165c41b311425c4cd227a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.10_sparc.deb Size/MD5: 211746 08b1d3606bda53788af291b3b5848601 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.10_sparc.deb Size/MD5: 207470 8154c23c5caaceea57ee8350d829a78d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.10_sparc.deb Size/MD5: 211134 65758f643c7bcc58881076faed925e43 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.10_sparc.deb Size/MD5: 172970 ba40003b159c9a955dfdd4dd45d30404 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.10_sparc.deb Size/MD5: 173748 856ec4539cb6137db9edd4abb623852e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.10_sparc.deb Size/MD5: 94610 8420b4b80fb4e1a9fa39e4b04e12578a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.10_sparc.deb Size/MD5: 37616 2b84d8a572d75fd4d3a10acfdecb8d0e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.10_sparc.deb Size/MD5: 269164 1ee1afbfba811a082a82114ced122943 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.10_sparc.deb Size/MD5: 131556 ac64fc4b82792216551a68654da5aca7 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.15.diff.gz Size/MD5: 143511 9ae15355b3b33bfffd57b7c387a623af http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.15.dsc Size/MD5: 1382 c73a33ddb07551037f66f941f7c09f67 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.15_all.deb Size/MD5: 1929148 986e20d917416ba04256f2b65f58af23 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.15_all.deb Size/MD5: 73044 8797cead9183b7b45e26a87f85c03a61 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.15_all.deb Size/MD5: 6258176 9ddd16e5a205eda2c6a15ec769a9e9ce http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.15_all.deb Size/MD5: 45970 f63af256575964b262bbb41999cc0a72 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.15_amd64.deb Size/MD5: 253208 84c7f752e5e232464ccf193902b39a77 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.15_amd64.deb Size/MD5: 248818 e5edc28f76ec94116740b83f7f8d76cd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.15_amd64.deb Size/MD5: 252604 49e3c70c1f97daf2707ae3bf5f0e943f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.15_amd64.deb Size/MD5: 205706 3b163e56ebd2f5992eef86803679dffd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.15_amd64.deb Size/MD5: 206460 19cb7386cdf00c156f64b9f2c4bc1250 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.15_amd64.deb Size/MD5: 141812 38463dc035875bba573a420aeb78fc55 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.15_amd64.deb Size/MD5: 804224 7e23a2e17dfa6f8a37588b42c37590e9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.15_i386.deb Size/MD5: 236194 5e191cc83788c2e66635413453771481 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.15_i386.deb Size/MD5: 231720 c079f54cbdb931cab220c8c587f3936b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.15_i386.deb Size/MD5: 235446 f64813b7af3c9975d86b4c28892e759b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.15_i386.deb Size/MD5: 205716 077591e2e4cdca278f2784f97ad3f8d3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.15_i386.deb Size/MD5: 206484 51e99c350efa425ed768720c4c98313b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.15_i386.deb Size/MD5: 140770 d328f36ab33f61f3157024501909a139 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.15_i386.deb Size/MD5: 755798 927a56f1405f1309893050ea9237f994 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.15_lpia.deb Size/MD5: 235722 876be7a8737de0a515f21aa629a09d45 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.15_lpia.deb Size/MD5: 231362 2078e50363d811291351a1c27bc58c0b http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.15_lpia.deb Size/MD5: 234856 0c7d564fd292dbc12b74de8a3484aab5 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.15_lpia.deb Size/MD5: 205722 9eb8e1d684b3a96c93ff0f86cc709adb http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.15_lpia.deb Size/MD5: 206492 f340746f1893e25a720000bb560b0676 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.15_lpia.deb Size/MD5: 141342 baeccaadd0e91b7045b7358a6c7cbda8 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.15_lpia.deb Size/MD5: 749976 b83e2963384a68fe52faa734017b57d0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.15_powerpc.deb Size/MD5: 254284 d31f219bd5eda15bceb06bc9e25eabab http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.15_powerpc.deb Size/MD5: 249736 c66c5975b356db9cf6b42a042271c6e3 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.15_powerpc.deb Size/MD5: 253842 5247b89584455be5623c404b24796cec http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.15_powerpc.deb Size/MD5: 205728 58d1431d486459d641db835ad4a35fc2 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.15_powerpc.deb Size/MD5: 206490 a722a8aa18f08ab19ab127dfda9443a7 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.15_powerpc.deb Size/MD5: 158536 47458a0cbd6cfa4bdc06e97d67741e75 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.15_powerpc.deb Size/MD5: 906298 aeccf21a452a6fe9c369ebb2b0b04a4e sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.15_sparc.deb Size/MD5: 237516 4326c5061f9c765db5d0bcc01e1669be http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.15_sparc.deb Size/MD5: 233278 0d5babd2b04b62bad540b8ee17fbe06e http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.15_sparc.deb Size/MD5: 236708 f6699f5dfaf29a1eaecf637e9fdcbdf0 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.15_sparc.deb Size/MD5: 205724 da2a97a28c9c2914c55ccc1606ae77e9 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.15_sparc.deb Size/MD5: 206490 9ac523aa40acc889678392b2f061725f http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.15_sparc.deb Size/MD5: 143976 7cc95b10718a6252dc6fa8cc58045192 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.15_sparc.deb Size/MD5: 765616 5f1cca257dcce7bb56fe342236b9ea1b Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.6.diff.gz Size/MD5: 139326 10707e14c87b5b776a073113a94c6a1b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.6.dsc Size/MD5: 1789 74082691bed2864c646f3a8ac3a16eb4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.6_all.deb Size/MD5: 2041858 706b343b84044f2f532e0941ee93ff03 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.6_all.deb Size/MD5: 6537860 6a767abce0dd1e61107a459fbf029691 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.6_all.deb Size/MD5: 45626 84e04ec49010cfac41f939c27b9c9a31 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.6_amd64.deb Size/MD5: 255130 68f5cf8b5548d407b51d6db614c6b9b2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.6_amd64.deb Size/MD5: 249326 796985e36b4ad3423909947fcca71966 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.6_amd64.deb Size/MD5: 254478 45e12d6d18cadeb552888ca1395a81c4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.6_amd64.deb Size/MD5: 208652 63e0d760fcaf0bd82a661336fe39cae6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.6_amd64.deb Size/MD5: 84610 8a594fba559844dba85496f60e84b7f7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.6_amd64.deb Size/MD5: 82966 6becc4c35b209a8a09a9715f9e8f44f0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.6_amd64.deb Size/MD5: 209682 b28ea955f642c5a9cd3854da82843ef0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.6_amd64.deb Size/MD5: 147882 b83148d248dbb4ac13fd57db5ce2650c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.6_amd64.deb Size/MD5: 820544 934937ebb87e765ada13608b50b2bd84 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.6_i386.deb Size/MD5: 241500 53f66d0add4830740f819855f679ad0e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.6_i386.deb Size/MD5: 236122 50550a1af2dfb61ac9da7e28367c036e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.6_i386.deb Size/MD5: 240782 6d9798847ab81e1d565f1be057a4626e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.6_i386.deb Size/MD5: 208662 d1f85491999b1c89f4fbe3c523c854e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.6_i386.deb Size/MD5: 84042 470d82a4b6a25286ac4b21f6e59dd373 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.6_i386.deb Size/MD5: 82444 ecf0e6f5465f9f9e38058e756891c8fe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.6_i386.deb Size/MD5: 209682 72e627fd62be2175f1caf6979aa33528 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.6_i386.deb Size/MD5: 146726 09954f0d419252bba5a954c4a749c56d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.6_i386.deb Size/MD5: 778764 0cbf3c7a7d0fcb2cdf4c15239c7c9ab7 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.6_lpia.deb Size/MD5: 238456 c307976b4b9dda8e908db9aab888487f http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.6_lpia.deb Size/MD5: 233076 df1ab53d9ba76510482ea9e81e0c05ed http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.6_lpia.deb Size/MD5: 237732 d7a685c6e7c7f85e4596e446c5f81116 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.6_lpia.deb Size/MD5: 208660 dad1c46c1e379ad508874730419357c1 http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.6_lpia.deb Size/MD5: 83998 70e9d64a0b2003a3431af50686dbb3a9 http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.6_lpia.deb Size/MD5: 82426 14ba830d1f933a00e49bfcb834f01333 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.6_lpia.deb Size/MD5: 209688 e2ad15523a015b78aa1d79a457977f6f http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.6_lpia.deb Size/MD5: 146418 2ea6c8dd9e2e67ca9ca01b5368e8a492 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.6_lpia.deb Size/MD5: 766738 939fd23c53ad2e3856950b539c49e572 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.6_powerpc.deb Size/MD5: 261634 1fd498222280f99f3baa05e76b8b3134 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.6_powerpc.deb Size/MD5: 256204 ddb9aebbba56b1247d744c24d620c311 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.6_powerpc.deb Size/MD5: 260994 18d27f39cb23053b475b9c797ed4a0b9 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.6_powerpc.deb Size/MD5: 208672 a63ee94b91522612a0d9baf8cf8be1e9 http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.6_powerpc.deb Size/MD5: 84694 442e717226809ef8450ec6640d985165 http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.6_powerpc.deb Size/MD5: 83042 075c585197c7424b0f075791c26d7fff http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.6_powerpc.deb Size/MD5: 209692 5f3226ac36647403501e70aea30ae295 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.6_powerpc.deb Size/MD5: 161152 f5aef8d2db2ce2f0a61610d220b8554f http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.6_powerpc.deb Size/MD5: 926422 6ee1f22222dc895c7d4e90a22c6e82e4 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.6_sparc.deb Size/MD5: 246832 44d9328891ed6a5b27b8b7ca17dd1e65 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.6_sparc.deb Size/MD5: 241392 3132cdcdd9ff2390f33c004ba0d06c25 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.6_sparc.deb Size/MD5: 246146 a22417d0af89d571057186566cba70d6 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.6_sparc.deb Size/MD5: 208658 3a9623afdc7080fdd8ed7571ec44f93b http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.6_sparc.deb Size/MD5: 84230 23a679c07ac52f14db5d5502c797fbe0 http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.6_sparc.deb Size/MD5: 82596 58f1b8c280a18ff5714fcde8f31bb767 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.6_sparc.deb Size/MD5: 209684 7d0b63fc5c72b67fb67056f75003507d http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.6_sparc.deb Size/MD5: 151052 bc015d14efdd9b781416fcd4dcbaf3da http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.6_sparc.deb Size/MD5: 784092 3d4f997fd5cb3372e23e7a7b5b33a818 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.6.diff.gz Size/MD5: 142681 9290c7aa5d38184a259ed1e8b31f302e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.6.dsc Size/MD5: 1796 c92dc8b9df72439a68fb9acabe825d34 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.6_all.deb Size/MD5: 2219398 a59488ae00cefb2d9e763986951b46f7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.6_all.deb Size/MD5: 46768 d4959ab1a2fcac6febf73d72af47c8ea http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.6_all.deb Size/MD5: 6948418 f6ad43ce72bed437112d0474764c4e72 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.6_amd64.deb Size/MD5: 259164 b493228cb147781d7ae20e832a859c6e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.6_amd64.deb Size/MD5: 253356 111e4f5738a5c1d25a4c0539dfb3eb01 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.6_amd64.deb Size/MD5: 258546 953c300480822f9bba76921a551342ff http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.6_amd64.deb Size/MD5: 213416 9a208bf91694f084f124f7cdb7086ae5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.6_amd64.deb Size/MD5: 214372 5c138ead01971ef4e25c6f2fc4a8c081 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.6_amd64.deb Size/MD5: 151268 c10773d75fc13a933af172f8c25ed928 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.6_amd64.deb Size/MD5: 827176 9c5f22af93970e386b3392ea6496012a http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.6_amd64.deb Size/MD5: 87926 053a597373bfafedc54c7f56bbc4d36f http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.6_amd64.deb Size/MD5: 86272 99845d4c0c7e1fb6106e12ef89d6b1de i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.6_i386.deb Size/MD5: 245642 a4975d08a72dbbc7a0c9a1ecb467a625 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.6_i386.deb Size/MD5: 240198 2c67ecad0ff90d9c3cac969c69cc6403 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.6_i386.deb Size/MD5: 245072 cc06f54e8e72c9ef88f18c637258c296 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.6_i386.deb Size/MD5: 213426 5692c703a7442e93cd6c201d0b784609 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.6_i386.deb Size/MD5: 214390 22e7a59f09641e26a56398e8165548a4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.6_i386.deb Size/MD5: 150168 7c2dc8f846d3d11985fb4ea4c9e40714 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.6_i386.deb Size/MD5: 784518 23be691c35729ab36f7764aeb02ef4c1 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.6_i386.deb Size/MD5: 87310 2af044869390444fa21197f6bde2c8f0 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.6_i386.deb Size/MD5: 85706 4814c65a1b0da47ee4c5189b68956890 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.6_lpia.deb Size/MD5: 242526 0ccc9efc179daa8a3994818daf5d962f http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.6_lpia.deb Size/MD5: 237034 979638ca12fef068895ca14d40adf1fe http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.6_lpia.deb Size/MD5: 241914 2e5438ad43673a0b0467946a3904f883 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.6_lpia.deb Size/MD5: 213426 fc47493b35308f26cf370d5fc36a764c http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.6_lpia.deb Size/MD5: 214396 e591f754bfef0e3f097db8f234aef1c4 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.6_lpia.deb Size/MD5: 149888 5ff213998d0756589eb12387ec99d53e http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.6_lpia.deb Size/MD5: 773726 d3347559226812470d87af62e3be7a53 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.6_lpia.deb Size/MD5: 87248 cd0c669ff56ada0d600dd7f62c3ab406 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.6_lpia.deb Size/MD5: 85680 6d064bc67f5a528ed3c9aa0f251d536d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.6_powerpc.deb Size/MD5: 265602 dd914e1e1392318a1efff84fef689fb4 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.6_powerpc.deb Size/MD5: 260618 78b8f50bab2b0e4fed67b49b9a2f34ec http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.6_powerpc.deb Size/MD5: 265262 05581b19a7ad11ac34237065447137ea http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.6_powerpc.deb Size/MD5: 213440 17d41a63c07a53b6a47e8ddbaafde343 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.6_powerpc.deb Size/MD5: 214406 df3a389b1a92f641b6baed063420f71e http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.6_powerpc.deb Size/MD5: 164580 259b63754f6f73dbd2857356c04a959a http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.6_powerpc.deb Size/MD5: 932678 86c9127387640b057ea9e0fdf50a6b40 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.6_powerpc.deb Size/MD5: 88008 4aabc23270af1875dd1798e21e5ecf41 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.6_powerpc.deb Size/MD5: 86280 6d918a123609e62508baea60fd579ee9 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.6_sparc.deb Size/MD5: 250926 080921e0439dd8c221d6fe92ef246e86 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.6_sparc.deb Size/MD5: 245236 0cd80a701c6e21d779840e590380f60e http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.6_sparc.deb Size/MD5: 250252 d3510ceebeb7a254dc61d2e37cfb8232 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.6_sparc.deb Size/MD5: 213440 50fdbf9ec8d08e9fab9df4352a702703 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.6_sparc.deb Size/MD5: 214412 519c15df22f7ff3da1391ddbed717f21 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.6_sparc.deb Size/MD5: 154426 ca9003b8a71bbbe73328af4fc0e4428d http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.6_sparc.deb Size/MD5: 789462 085ceebc571d99f2528891fd138266f7 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.6_sparc.deb Size/MD5: 87510 2a8052e30ece8670fcd7b5b5cc444adb http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.6_sparc.deb Size/MD5: 85860 ea55b592d9b4c45cd94af4836961f9e0 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.2.diff.gz Size/MD5: 185966 1fd1b39b8acae8efd95cfba73035ef5d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.2.dsc Size/MD5: 1889 f259c015de981d3f9e6ba6652e89ef53 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.2_all.deb Size/MD5: 2246764 243a32914d322c363e8181f4e609eaee http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.2_all.deb Size/MD5: 2344 d4a431e66497ad75c6c76ef16b94337f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.2_all.deb Size/MD5: 2376 47b97a23cf9be3fbbda7d4d33b0203f9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.2_all.deb Size/MD5: 2314 bf4f9dccdb1eb33ef9dde9e845ea69f4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.2_all.deb Size/MD5: 285202 04dcce263dc86b401d1341f95fe25906 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.2_all.deb Size/MD5: 1426 0a27231773121ea4ed159283ae664f94 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.2_all.deb Size/MD5: 2372 df8f7e39a1be46de7e96df5da2013af3 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.2_amd64.deb Size/MD5: 137082 192e416bdda75ce8c45c5207c7f6b975 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.2_amd64.deb Size/MD5: 138190 d0e2523df5544601e824d9d6d34eca23 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.2_amd64.deb Size/MD5: 156784 27d845ebfc48e6935f2b213c9140bb6e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.2_amd64.deb Size/MD5: 1399724 12708155a417a9d090380907d15411ec http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.2_amd64.deb Size/MD5: 92644 887937b07afcc3701bc66a1640ac8733 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.2_amd64.deb Size/MD5: 91024 6d34a77de75b7152327ceb73775b3915 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.2_i386.deb Size/MD5: 137092 126e3c92ab8652016340d39f9d223f59 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.2_i386.deb Size/MD5: 138188 31da570017edbce3f6f34628e5d36fa8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.2_i386.deb Size/MD5: 155324 0cff520071def0ae1cd458fbb354683f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.2_i386.deb Size/MD5: 1309290 3ce857da081471731f401a08e02daa21 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.2_i386.deb Size/MD5: 92028 f60d21f5b476f5c9e9a3886acf7a1385 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.2_i386.deb Size/MD5: 90466 d04da6a2077f9c40796266107c84e747 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.2_lpia.deb Size/MD5: 137090 85e576764c7e72449a1229feacbc3a1d http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.2_lpia.deb Size/MD5: 138206 b4d5ac7685535fab17c694233f894f83 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.2_lpia.deb Size/MD5: 155242 c03cb87555975f754c34537084c374b2 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.2_lpia.deb Size/MD5: 1290654 88629a149a84206ca6e37ee1ce4923a3 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.2_lpia.deb Size/MD5: 91978 d114a24e4ba510f72b7b7c721b8a7376 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.2_lpia.deb Size/MD5: 90466 a4d405b139bc75e526807eadd473dc49 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.2_powerpc.deb Size/MD5: 137088 c316a4af0913e33aaadb3621702118f3 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.2_powerpc.deb Size/MD5: 138192 f9100a53b31914b16dda8ff5f9afb218 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.2_powerpc.deb Size/MD5: 161188 2296d3ec6e45bb715e9d918df985b36c http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.2_powerpc.deb Size/MD5: 1390306 8e8c87274ae72fce5d1911ff05a20e2a http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.2_powerpc.deb Size/MD5: 92552 1a28d81a25546498dbbbfaf0d0e929bf http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.2_powerpc.deb Size/MD5: 90918 e368a1ac77fc510630f1696f25268ac3 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.2_sparc.deb Size/MD5: 137098 259de5ac6919ba28eef8f8c3bdbb5ae0 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.2_sparc.deb Size/MD5: 138198 106dfdd3820957cd12d23d9ff14cabf8 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.2_sparc.deb Size/MD5: 159640 41e05eb97a5e5f2682636b124a52970f http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.2_sparc.deb Size/MD5: 1298086 5c7ddce4dc35f6ea81e73b7797b091c7 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.2_sparc.deb Size/MD5: 92318 89e113250f9925383eb4cd2ac0941d58 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.2_sparc.deb Size/MD5: 90708 f7094a69d4607bd77e24d02559b07aab . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2035-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch April 17, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : apache2 Vulnerability : multiple issues Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-0408 CVE-2010-0434 Two issues have been found in the Apache HTTPD web server: CVE-2010-0408 mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service. CVE-2010-0434 A flaw in the core subrequest process code was found, which could lead to a daemon crash (segfault) or disclosure of sensitive information if the headers of a subrequest were modified by modules such as mod_headers. For the stable distribution (lenny), these problems have been fixed in version 2.2.9-10+lenny7. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 2.2.15-1. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. We recommend that you upgrade your apache2 and apache2-mpm-itk packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny (stable) - ----------------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. - From the apache2 source package: Source archives: http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7.dsc Size/MD5 checksum: 1682 58737d2f0024a178d40db6f9356e5b6a http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7.diff.gz Size/MD5 checksum: 147059 f599c83adbced41a7339524c512ae0cd http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04 Architecture independent packages: http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7_all.deb Size/MD5 checksum: 45366 9f02e6acd2828a7cfcb5c9e4866ab120 http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny7_all.deb Size/MD5 checksum: 2060854 5b1f6debc65b7ca2ae8156b21f0d0597 http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny7_all.deb Size/MD5 checksum: 6737126 afec2194fa17efb6e4096c1019936cd0 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 148012 8ecfd6794861e9e3d6978da82bc2cefe http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 849168 55f719672e65f8d4fd8d5e636ce699fc http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 84550 be00c04e09e2674ac29698b375cf929a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 261782 b1033eed4f6ef387ba40a9e47f22b55f http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 2402612 88e34405726dc0db8dc6fa08fe9d3015 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 262442 bd016288cc237eb634fb192495e82497 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 209852 4bdaa051f16395f975ae9e23f20656cd http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 208812 b81f75539975f5ce8d9d963d80db736d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 256700 edfa8a0cbf63cab6a556c4dd27469774 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 82844 e30731c8d0d35915b89c971d8f75d601 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 210460 5d06fbdfb55a1df8dbcba748863979ae http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 253932 48d0d2c1809442bc8156b2cfc8479833 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 2474402 297cc14e46752a0eaa74c51745f1b167 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 825742 b6c41005aa6023fd6b8e46a2c2bb54d8 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 211780 5b708928d5ccdd153a133696b0c2f634 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 257998 2f673a0130221479fda2744754886983 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 144544 6f5b0f0b1771560d2c03d9656a29fff5 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 83122 3d1320b8034c5a264fafe1abda73519a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 258520 c87fc981aa02f36ae6c11ae4864956de http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 84794 e4fc458a59f5752c1f42c78b6fa987f5 arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 224742 ad1a76d935c9556154813b9522dc6bed http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 788804 f5f761306f86bb4d184079ed955c5976 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 221026 0298c56590af4130f885c7fa310ea37d http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 213052 7e5d2451da332850ce1023e7c378d10a http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 214146 f86977fe84b12fe8023e9bfbb511102a http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 147688 300f2873dad2d5913c9b8263576719f2 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 2338672 a06089d9f0c9cf6d4e3a79d3042580c1 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 84248 35162b0a8a48282954ba150f19693d33 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 82516 9cd27238e0ec866f8dba6005006dc6b9 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 225298 962f8f913a6e3c1dcd15987c3d0d8c9b armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 226470 2640d070ec26b2973f12e50004187430 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 222010 f0530b25b7e6b471aa97cc8ec86e735d http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 212630 1dcb5bed6c6d3e91d17407cc456cc3d6 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 151358 59ecc9ecda664b7a8f401fbf62cf3982 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 213756 e178ec6db09bf648f0ec63f00486fc4a http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 2340908 74e02e41ebb2439d902a14f905688be3 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 82404 baa982a3b2940ffdc73130536d29fd00 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 84052 4b68dc6b80635d9b2bc7677dd087386e http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 802876 b35c7bbe91e1b92d701435dfed0b5736 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 226188 c1395ebd59cf917f202de0a1783770d3 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 2384952 fc3cfd3a3295212ef11e81f8dafd6334 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 246522 3e02003e50bcfbb80ebf759fdd940c66 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 245948 2f5dd3734ad765775a32a797850e33ec http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 84164 46b37167fbef173aa29d8a0883be5fac http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 896872 55bb18bae73b60e8b982111c56b101bc http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 153148 bd52450b076b8f55d0095112e733cd8c http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 82416 fa04a87df2de26ec8259bf70e5e8d926 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 213134 2dd0368d2b94941264e55b8b3f20857f http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 241646 dc2e2b09a0c72ff0e01ba136dfefa856 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 211854 d83149e56efd9c074b32c961a6272b23 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 238526 97ff922ee6bf6c19cee164794630256d http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 210052 34369451ba65d4a734034a0dfba31345 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 211200 a4da7ec33873626b51191c56a5974e8b http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 82508 b6443c6a2c94a2ef8627802c0a0cbaa3 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 242016 13be25ca0b28f708a0defd5225d1d1d7 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 782932 4b5e5364b62eda87bffb60f5bb37f04e http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 84238 c43d713e364322ddb3af3bcaf0e4de9d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 241622 1293d06d3a572a5d0e4e96f201cf32c0 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 146222 75ce464a2e479e4806dd55926143be47 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 2317652 69ccff7beaa71326022cbc06d41fcfa5 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 83682 f31ab5b2b2e52571a13e57fe76e131fc http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 2319396 b212a76ab3692819f9038c48163423c0 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 85694 8ee80e22226a42cf7026e805ae1fc3ba http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 303620 4c60aef451289494b86068d3554ebc42 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 311254 3cdb05084df1bc4aca51152aa30fa278 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 312292 70f294dc7cb432ace777ed43cb91ca4b http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 1038294 591ffdeebd2f55f2462de2076c509878 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 209912 e0e96ce793583af713f59c5e10c6de80 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 163266 23277a351e4b1560d715dc57f1b7701a http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 208830 f8953d6f26e275b28ffcc7e3189c98e3 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 229742 c4f54d969a0a202f03ccd1508664bc9c http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 210200 b787622b559b2283a5627577f6a674dc http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 233314 21767ab217dc89d701235342e5131f79 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 793674 2701365a1cf8a0431a587db97936145d http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 2492036 3e8cb9a08b422dd062461e959df1c8cd http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 211322 5d2769bfe8182bdbbf9854c3fee80376 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 152188 22f386ca6335b4af7c3210da76f306d9 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 82576 7dc12e73fed40a5d8bc5784cddfdadf8 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 233976 4481891d78d49539d029eca1928a716c http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 84198 e46b26c2efa7f439aee81000f750b12d mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 232250 495c2e976772a7c2e4a711908ff31a0c http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 209870 ef6cfcd63e072cc47b368f6ed7153281 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 208844 7b2d354c6ef23a33977561518c66676a http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 779224 d2b383edaba6ee943872c6a8099fc722 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 83834 bc7152c16e202516cbe475c19be39e7f http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 228206 6222f49c5a6ce469d38b1027c552cb8e http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 2421350 e2b868f3aefc3aed746aba0770473f30 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 150218 e37c40c73f8bd7c8b93a4281c832648c http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 82252 8e90c947c9e6c7ae38b17fe706a9a11a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 232940 335201394e1c507909e3663be2b3b5ba powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 254146 a4e1c794bcceef63b264aaaac6d67fd6 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 2513082 5d896ec8ef209fcda5742a1a9ec200d7 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 928912 ff0ea38f535697f81105d9bb2b07e2be http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 258590 48435b265870f9a5beaea30db05de8ec http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 83644 0b811450f6b2804d38e3fe4686078084 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 259404 693ac4132feb7dd1a52971371ecd56d1 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 85332 7e755948550dfbce7d6525388a8b5b9f http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 212826 59d76ffc9981fabf770ee407a27af52a http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 161298 d6a7dc59a2d2554ef51783fab9fb0c15 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 211768 d691e724c006564585b0175eb67f291c s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 260994 a839172525a323cad3d0879d1ff89210 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 84792 ff59eafc0f68f90776fb940733d933f7 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 843642 ac1abdcc444471bf5503bdefb4e59c4f http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 2429228 b4f680c4a7aaa90f7eadcc01928ce710 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 256712 18e714b8f5ef70e9c396caca6d7ce698 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 211236 929c4f162f963423b4233ca6439586e6 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 83070 1e1ec69bf9e2839c3db02033f6b1ca89 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 261668 3213f36030783167b4c0300834a682dd http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 212240 1abc24eb70132596c0b076db8cf0c2db http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 150732 1bfc74bf4dc77c53cf31e60e94aa28cb sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 145952 f665453436258bb0d921229808e5ee87 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 82862 39ea998f8c0db9567910a7d5e934a2c5 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 784222 013f896249de3f01408300e337c36b49 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 211916 2be53e81254cd2a7d83b7c1bd9bac1d1 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 241270 99365a7e4a516b8427253bac3ce69a44 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 240778 f61fd467b85116b45c87cc48931861a1 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 84606 ed8d2bfc1cec31ff3c638ae8f892d6d0 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 213132 df1fab5a87a80e0e66b80d50086dc218 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 2233030 ac06cea995c866a6fd27a8922d2bd5d7 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 237138 7ad176ecb1f799f6a954afd9ee1a31e8 - From the apache2-mpm-itk source package: alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b4_alpha.deb Size/MD5 checksum: 198270 37511ff523c00dfd94686da9c4ed1ad7 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_amd64.deb Size/MD5 checksum: 195222 9764e5a1bcdf1501381c5cb22d1101db arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_arm.deb Size/MD5 checksum: 161916 6d9216fb6195f975464391c366d5d6eb armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_armel.deb Size/MD5 checksum: 162904 9035f96ad7ec223298f256129a5f4fba hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_hppa.deb Size/MD5 checksum: 183304 306d679dc522570254dcaa81b3105e73 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_i386.deb Size/MD5 checksum: 178986 b955efd13a0734596a0b936913d564b2 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_ia64.deb Size/MD5 checksum: 247228 3a115bf303067a8c29d2ec127a7ccc56 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_mips.deb Size/MD5 checksum: 171054 a118f468ac32c7d2388fd98b98e8fffe mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_mipsel.deb Size/MD5 checksum: 169500 90ac7e587508c02e3a0aac3d29087f7f powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_powerpc.deb Size/MD5 checksum: 195234 914bb47b1c30dcb494a713ee17125b69 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_s390.deb Size/MD5 checksum: 197564 be5c1c16a345935ad5a8e1fc299301e5 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_sparc.deb Size/MD5 checksum: 177732 acce311a9354b32da0b6d7f8f0255f70 These files will probably be moved into the stable distribution on its next update. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Release Date: 2010-06-02 Last Updated: 2010-06-02 - ----------------------------------------------------------------------------- Potential Security Impact: Remote Denial of Service (DoS), unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite. HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.09 HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.15 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3094 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0408 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-0434 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 Note: CVE-2009-3094, CVE-2009-3095 and 2010-0740 affect only HP-UX Web Server Suite v2.30; CVE-2010-0408, CVE-2010-0433 and CVE-2010-0434 affect only HP-UX Web Server Suite v3.09. RESOLUTION HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location: URL http://software.hp.com Note: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09 Note: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15 Web Server Suite Version / HP-UX Release / Depot name Web Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot Web Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot Web Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot Web Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot Web Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot Web Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot Web Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot MANUAL ACTIONS: Yes - Update Install Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent or Install Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS For Web Server Suite before v3.09 HP-UX B.11.23 ================== hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 action: install revision B.2.2.8.09 or subsequent HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 action: install revision B.2.2.8.09 or subsequent For Web Server Suite before v2.30 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.15 or subsequent HP-UX B.11.23 ================== hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY action: install revision B.2.0.59.15 or subsequent HP-UX B.11.31 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.15 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 2 June 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element. Apple Safari is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to crash the affected browser, resulting in a denial-of-service condition. Given the nature of this issue, memory corruption or code execution might be possible, but has not been confirmed. The issue affects Safari 4.0.4 and 4.0.3; other versions may also be affected. Apple Safari is a web browser bundled with the Apple operating system

The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. Novell eDirectory is a cross-platform directory server. Novell eDirectory is prone to a session-hijacking vulnerability. An attacker can exploit this issue to gain access to the affected application. Novell eDirectory 8.8.5 is vulnerable; other versions may also be affected

Hitachi JP1/Cm2/Network Node Manager is prone to a security vulnerability because it sets insecure file permissions. An attacker can exploit this issue to obtain sensitive information or gain escalated privileges. ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Hitachi JP1/Cm2/Network Node Manager Remote Console Insecure File Permissions SECUNIA ADVISORY ID: SA38740 VERIFY ADVISORY: http://secunia.com/advisories/38740/ DESCRIPTION: Hitachi has acknowledged a security issue in Hitachi JP1/Cm2/Network Node Manager, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges. The security issue is reported in the following products and versions: * JP1/Cm2/Network Node Manager Enterprise version 06-51 to 06-71 * JP1/Cm2/Network Node Manager 250 version 06-51 to 06-71 * JP1/Cm2/Network Node Manager version 07-00 to 07-10 * JP1/Cm2/Network Node Manager Starter Edition Enterprise version 08-00 to 08-10 * JP1/Cm2/Network Node Manager Starter Edition 250 version 08-00 to 08-10 SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-002/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple Hitachi products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Hitachi Cosminexus Products uCosminexus Portal Framework Cross-Site Scripting SECUNIA ADVISORY ID: SA38737 VERIFY ADVISORY: http://secunia.com/advisories/38737/ DESCRIPTION: A vulnerability has been reported in Hitachi products, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input passed to the "uCosminexus Portal Framework" and "uCosminexus Portal Framework - Light" component is not properly sanitised before being returned to the user. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-001/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. WebKit is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected browser to crash, effectively denying service to legitimate users. Note: This BID was originally titled "Apple Safari Style Tag Remote Memory Corruption Vulnerability". Reports indicate that the underlying flaw affects the WebKit library. Update (March 5, 2010): This issue has been downgraded to a denial-of-service vulnerability. Arbitrary code execution is not possible. If the user includes a large number of \"* > \" characters in the STYLE element of the HTML page, the browser will crash. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA43068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 RELEASE DATE: 2011-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities. For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2011:002: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field. The IBM WebSphere Portal server is a commercial portal solution. is prone to a cross-site scripting vulnerability. Other versions may also be affected. SOLUTION: Apply APAR PM05829. PROVIDED AND/OR DISCOVERED BY: The vendor credits Sjoerd Resink, Fox-IT BV. ORIGINAL ADVISORY: http://www-01.ibm.com/support/docview.wss?uid=swg1PM05829 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Huawei HG510 is a terminal device for home digital networks that provides ADSL connectivity. The Huawei HG510 has a security vulnerability that allows an attacker to bypass security restrictions and perform cross-site request forgery attacks: - The device does not perform any security checks to allow the user to perform some operations through HTTP requests, such as rebooting the device or changing settings (including passwords). - The device does not properly restrict access to the script rebootinfo.cgi, and can directly access the script to restart the device. Note that this also attacks through cross-site request forgery attacks. ---------------------------------------------------------------------- Public Beta of CSI and WSUS Integration http://secunia.com/blog/74 ---------------------------------------------------------------------- TITLE: Huawei HG510 Security Bypass and Cross-Site Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA38591 VERIFY ADVISORY: http://secunia.com/advisories/38591/ DESCRIPTION: Ivan Markovic has reported some vulnerabilities in Huawei HG510, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks. This can be exploited to e.g. reboot the device or change certain settings (including passwords). Do not browse untrusted websites or follow untrusted links while logged in to the device. PROVIDED AND/OR DISCOVERED BY: Ivan Markovic, Network Security Solutions ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-02/0155.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

UplusFtp is a free green free installation FTP server. A stack overflow vulnerability exists in the UplusFTP server when processing user-submitted HTTP request parameters. A remote attacker can trigger this overflow by submitting an HTTP request containing a very long path parameter to the list.html page, causing arbitrary code to be executed. Easy FTP Server (also known as UplusFTP) is prone to a buffer-overflow vulnerability. Successful exploits may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition

WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method. WebKit is prone to a cross-domain scripting vulnerability because it fails to properly enforce the same-origin policy. An attacker can exploit this issue to execute arbitrary code in the context of a different domain. Successful exploits may result in privilege escalation. Versions prior to WebKit r52401 are vulnerable. NOTE: This issue was previously documented in BID 37948 (Google Chrome prior to 4.0.249.78 Multiple Security Vulnerabilities) but has been assigned its own record to better document it. WebKit is an open source browser web page layout engine, and the corresponding engines are Gecko (the layout engine used by Mozilla, Firefox, etc.) and Trident (also known as MSHTML, the layout engine used by IE). Credit to Tokuji Akamine, Senior Consultant at Symantec Consulting Services (for Chromium) and Lostmon Lords (for Flock). References: https://bugs.webkit.org/show_bug.cgi?id=32647 http://code.google.com/p/chromium/issues/detail?id=30660 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJMj6tpAAoJEPzFtDWO6ceqVloP/19NsAyXYRvtQABv7ztHyOxd bGdsp0FMVp/fMbpDIwzStHbfnlYnFqDAzWb6Zy64jKuFzK8mKXYcoAqbz3EoX3Ux Y0IUyKDdfR1HvnttXRYnAw7M4UKN54MYLAOD80j8ztjt1sjMluWPUxlKSewR8SfM pnIxID3nD7R9DmhABtDKOnTCfrHBgHnKbl1/nMcyUj+x0MtCNktddcYLO3dtaop+ 8FdbKNyFkrKLjqyNqIIa0FNBk4VgDfggLRPHC3PpfBLTcxlXr1/kDLnzIP7PPBuM HpaM/IO/RotzBIDEvJR3tN9YnoTXxR++ExPg0nZuAi3CUS0Jr2jfrarkfs5VzZOs J4WbCWilqccwqzanNdBu6FncYn3R9IytpZiCznO/mpek4lIV6fZlx6LnX9ZFFWsL ExWZ7jqNPj81mifDVuTeMa0BkZ2SvFhOXU1kUmfZvb+/Bu5oQ5hhX5Cpkb0EXBz0 CkNLC7tIq5O4Szczrlt0jb5XiRvhAocinq3yDdPnK9zHKHf+ia1BWt86kxf+fxXJ kQA8hl8fUgN53uoxs6BrQCjo8HrrMxDXojNOtcrw5U7XOWMHm9P0kbJd4PXGjb+c NMSoAoXnXXwm5QKURVxbApZ8vvJiB2LQRvj5A1OMcbYkAUlhS6CJbh0cAET4AutW VugAZ6Q8Wnrk5d6Eoqbc =FVwj -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA43068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 RELEASE DATE: 2011-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities. For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2011:002: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (active IPsec tunnel loss and prevention of new tunnels) via a malformed IKE message through an existing tunnel to UDP port 4500, aka Bug ID CSCtc47782. The problem is Bug ID : CSCtc47782 It is a problem.By a third party UDP 4500 Illegal via the existing tunnel to port No. IKE Service disruption via message (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to cause all IPsec tunnels to terminate. This issue is documented in Cisco bug ID CSCtc47782. 4) An error in WebVPN can be exploited to trigger an appliance reload via a specially crafted DTLS packet. 7) An error in the implementation of the NT LAN Manager version 1 (NTLMv1) protocol can be exploited to bypass authentication via a specially crafted username. SOLUTION: Update to a fixed version. Please see the vendor's advisory for detailed patch information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. There are workarounds for some of the vulnerabilities disclosed in this advisory. Cisco has released free software updates that address these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml. For specific version information, refer to the "Software Versions and Fixes" section of this advisory. Appliances that are running versions 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected when they are configured for any of the following features: * SSL VPNs * Cisco Adaptive Security Device Manager (ASDM) Administrative Access * Telnet Access * SSH Access * Virtual Telnet * Virtual HTTP * Transport Layer Security (TLS) Proxy for Encrypted Voice Inspection SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- Two denial of service (DoS) vulnerabilities affect the SIP inspection feature of Cisco ASA 5500 Series Adaptive Security Appliances. Versions 7.0.x, 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected. SIP inspection is enabled by default. To check if SIP inspection is enabled, issue the "show service-policy | include sip" command and confirm that some output is returned. Sample output is displayed in the following example: ciscoasa#show service-policy | include sip Inspect: sip , packet 0, drop 0, reset-drop 0 Alternatively, an appliance that has SIP inspection enabled has a configuration similar to the following: class-map inspection_default match default-inspection-traffic ! policy-map global_policy class inspection_default ... inspect sip ... Versions 8.0.x, 8.1.x, and 8.2.x are affected. SCCP inspection is enabled by default. To check if SCCP inspection is enabled, issue the "show service-policy | include skinny" command and confirm that some output is returned. Sample output is displayed in the following example: ciscoasa#show service-policy | include skinny Inspect: skinny , packet 0, drop 0, reset-drop 0 Alternatively, an appliance that has SCCP inspection enabled has a configuration similar to the following: class-map inspection_default match default-inspection-traffic ! policy-map global_policy class inspection_default ... inspect skinny ... Affected versions include 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x. Administrators can enable WebVPN with the "enable <interface name>" command in "webvpn" configuration mode. DTLS can be enabled by issuing the "svc dtls enable" command in "group policy webvpn" configuration mode. The following configuration snippet provides an example of a WebVPN configuration that enables DTLS: webvpn enable outside svc enable ... ! group-policy <group name> internal group-policy <group name> attributes ... webvpn svc dtls enable ... Altough WebVPN is disabled by default, DTLS is enabled by default in recent software releases. This vulnerability only affects configurations that use the "nailed" option at the end of their static statement. Additionally, traffic that matches "static" statement must also be inspected by a Cisco AIP-SSM (an Intrusion Prevention System (IPS) module) in inline mode. IPS inline operation mode is enabled by using the "ips inline {fail-close | fail-open}" command in "class" configuration mode. Versions 7.0.x, 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected. IKE is not enabled by default. If IKE is enabled, the "isakmp enable <interface name>" command appears in the configuration. Versions 7.0.x, 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected. Administrators can configure NTLMv1 authentication by defining an Authentication, Authorization, and Accounting (AAA) server group that uses the NTLMv1 protocol with the "aaa-server <AAA server group tag> protocol nt" command and then configuring a service that requires authentication to use that AAA server group. To verify that NTLMv1 authentication is enabled and active, issue the "show aaa-server protocol nt" command. For more information, refer to the End of Life announcement at: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/end_of_life_notice_cisco_pix_525_sec_app.html. How To Determine The Running Software Version +-------------------------------------------- To determine whether a vulnerable version of Cisco ASA Software is running on an appliance, administrators can issue the "show version" command-line interface (CLI) command. The following example shows a Cisco ASA 5500 Series Adaptive Security Appliance that is running software version 8.0(4): ASA#show version Cisco Adaptive Security Appliance Software Version 8.0(4) Device Manager Version 6.0(1) <output truncated> Customers who use Cisco ASDM to manage devices can locate the software version in the table that is displayed in the login window or upper-left corner of the Cisco ASDM window. Products Confirmed Not Vulnerable +-------------------------------- The Cisco Firewall Services Module (FWSM) is affected by some of the vulnerabilities in this advisory. A separate Cisco Security Advisory has been published to disclose the vulnerabilities that affect the FWSM. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20100217-fwsm.shtml. With the exception of the Cisco FWSM, no other Cisco products are currently known to be affected by these vulnerabilities. It offers firewall, intrusion prevention (IPS), anti-X, and VPN services. This vulnerability is triggered only when specific TCP segments are sent to certain TCP-based services that terminate on the affected appliance. Although exploitation of this vulnerability requires a TCP three-way handshake, authentication is not required. Appliances are only vulnerable when SIP inspection is enabled. Only transit traffic can trigger these vulnerabilities; traffic that is destined to the appliance will not trigger the vulnerabilities. Appliances are only vulnerable when SCCP inspection is enabled. Only transit traffic can trigger this vulnerability; traffic that is destined to the appliance will not trigger the vulnerabily. Appliances are only vulnerable when they are configured for WebVPN and DTLS transport. This vulnerability is only triggered by traffic that is destined to the appliance; transit traffic will not trigger the vulnerability. A malformed, transit TCP segment is received. 2. The TCP segment matches a static NAT translation that has the "nailed" option configured on it. 3. The TCP segment is also processed by the Cisco AIP-SSM, which is configured for inline mode of operation. A TCP three-way handshake is not necessary to exploit this vulnerability. The tunnels are not torn down immediately; IPsec traffic will continue to flow until the next rekey, at which time the rekey will fail and the tunnels will be torn down. Both site-to-site and remote access VPN tunnels are affected. The only way to recover and re-establish IPsec VPN tunnels is to reload the appliance. When this vulnerability is exploited, the security appliance will generate syslog messages 713903 and 713906, which will be followed by the loss of IPsec peers. NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- Cisco ASA 5500 Series Adaptive Security Appliances contain a vulnerability that could result in authentication bypass when the affected appliance is configured to authenticate users against Microsoft Windows servers using the NTLMv1 protocol. Users can bypass authentication by providing an an invalid, crafted username during an authentication request. Any services that use a AAA server group that is configured to use the NTLMv1 authentication protocol is affected. Affected services include: * Telnet access to the security appliance * SSH access to the security appliance * HTTPS access to the security appliance (including Cisco ASDM access) * Serial console access * Privileged (enable) mode access * Cut-through proxy for network access * VPN access This vulnerability is documented in Cisco bug ID CSCte21953 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-0568. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss. TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- * CSCsz77717 ("TCP sessions remain in CLOSEWAIT indefinitely") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- * CSCsy91157 ("Watchdog when inspecting malformed SIP traffic") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtc96018 ("ASA watchdog when inspecting malformed SIP traffic") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- * CSCsz79757 ("Traceback - Thread Name: Dispatch Unit with skinny inspect enabled") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ * CSCtb64913 ("WEBVPN: page fault in thread name dispath unit, eip udpmod_user_put") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- * CSCtb37219 ("Traceback in Dispatch Unit AIP-SSM Inline and nailed option on static") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Crafted IKE Message Denial of Service Vulnerability +-------------------------------------------------- * CSCtc47782 ("Malformed IKE traffic causes rekey to fail") CVSS Base Score - 5.0 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Partial CVSS Temporal Score - 4.1 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- * CSCte21953 ("ASA may allow authentication of an invalid username for NT auth") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None CVSS Temporal Score - 6.2 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- Successful exploitation of this vulnerability may lead to an exhaustion condition where the affected appliance cannot accept new TCP connections. A reload of the appliance is necessary to recover from the TCP connection exhaustion condition. If a TCP-based protocol is used for device management (like telnet, SSH, or HTTPS), a serial console connection may be needed to access to the appliance. SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. A manual reload of the appliance is required to re-establish all VPN tunnels. NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- Successful exploitation of this vulnerability could result in unauthorized access to the network or appliance. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. The following table contains the first fixed software release of each vulnerability. A device running a version of the given release in a specific row (less than the First Fixed Release) is known to be vulnerable. +---------------------------------------+ | | Major | First | | Vulnerability | Release | Fixed | | | | Release | |-----------------+---------+-----------| | | 7.0 | Not | | | | affected | |TCP Connection |---------+-----------| | Exhaustion | 7.2 | 7.2(4.46) | |Denial of |---------+-----------| | Service | 8.0 | 8.0(4.38) | |Vulnerability ( |---------+-----------| | CSCsz77717) | 8.1 | 8.1(2.29) | | |---------+-----------| | | 8.2 | 8.2(1.5) | |-----------------+---------+-----------| | | 7.0 | 7.0(8.10) | |SIP Inspection |---------+-----------| | Denial of | 7.2 | 7.2(4.45) | |Service |---------+-----------| | Vulnerabilities | 8.0 | 8.0(5.2) | |(CSCsy91157 and |---------+-----------| | CSCtc96018) | 8.1 | 8.1(2.37) | | |---------+-----------| | | 8.2 | 8.2(1.16) | |-----------------+---------+-----------| | | 7.0 | Not | | | | affected | | |---------+-----------| | SCCP Inspection | 7.2 | Not | | Denial of | | affected | |Service |---------+-----------| | Vulnerability ( | 8.0 | 8.0(4.38) | |CSCsz79757) |---------+-----------| | | 8.1 | 8.1(2.29) | | |---------+-----------| | | 8.2 | 8.2(1.2) | |-----------------+---------+-----------| | | 7.0 | Not | | | | affected | |WebVPN DTLS |---------+-----------| | Denial of | 7.2 | 7.2(4.45) | |Service |---------+-----------| | Vulnerability ( | 8.0 | 8.0(4.44) | |CSCtb64913) |---------+-----------| | | 8.1 | 8.1(2.35) | | |---------+-----------| | | 8.2 | 8.2(1.10) | |-----------------+---------+-----------| | | 7.0 | 7.0(8.10) | | |---------+-----------| | Crafted TCP | 7.2 | 7.2(4.45) | |Segment Denial |---------+-----------| | of Service | 8.0 | 8.0(4.44) | |Vulnerability ( |---------+-----------| | CSCtb37219) | 8.1 | 8.1(2.35) | | |---------+-----------| | | 8.2 | 8.2(1.10) | |-----------------+---------+-----------| | | 7.0 | 7.0(8.10) | | |---------+-----------| | Crafted IKE | 7.2 | 7.2(4.45) | |Message Denial |---------+-----------| | of Service | 8.0 | 8.0(5.1) | |Vulnerability ( |---------+-----------| | CSCtc47782) | 8.1 | 8.1(2.37) | | |---------+-----------| | | 8.2 | 8.2(1.15) | |-----------------+---------+-----------| | | 7.0 | 7.0(8.10) | | |---------+-----------| | | 7.2 | 7.2(4.45) | | |---------+-----------| | NTLMv1 | 8.0 | 8.0(5.7) | |Authentication |---------+-----------| | Bypass | | 8.1 | | Vulnerability ( | | (2.40), | | CSCte21953) | 8.1 | available | | | | early | | | | March | | | | 2010 | | |---------+-----------| | | 8.2 | 8.2(2.1) | +---------------------------------------+ Note: Cisco ASA Software versions 7.1.x are affected by some of the vulnerabilities in this advisory. However, no fixed 7.1.x software versions are planned because the 7.1.x major release has reached the End of Software Maintenance Releases milestone. Fixed Cisco ASA Software can be downloaded from: http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT?psrtdcat20e2 Recommended Releases +------------------- Releases 7.0(8.10), 7.2(4.46), 8.0(5.9), 8.1(2.40) (available early March 2010), and 8.2(2.4) are recommended releases because they contain the fixes for all vulnerabilities in this advisory. Cisco recommends upgrading to a release that is equal to or later than these recommended releases. Workarounds =========== TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- It is possible to mitigate this vulnerability for TCP-based services that are offered to known clients. For example, it may be possible to restrict SSH, Cisco ASDM/HTTPS, and Telnet administrative access to known hosts or IP subnetworks. For other services like remote access SSL VPN, where clients connect from unknown hosts and networks, no mitigations exist. SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- These vulnerabilities can be mitigated by disabling SIP inspection if it is not required. Administrators can disable SIP inspection by issuing the "no inspect sip" command in class configuration sub-mode within policy-map configuration. SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- This vulnerability can be mitigated by disabling SCCP inspection if it is not required. Administrators can disable SCCP inspection by issuing the "no inspect skinny" command in class configuration sub-mode within the policy-map configuration. WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ This vulnerability can be mitigated by disabling DTLS transport for WebVPN. Administrators can disable DTLS by issuing the "no svc dtls enable" command under the "webvpn" attributes section of the corresponding group policy. Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- Possible workarounds for this vulnerability are the following: * Migrate from "nailed" static NAT entries to TCP-state bypass. * Use the Cisco AIP-SSM in promiscuous mode. This mode can be configured by issuing the "ips promiscuous" command in "class" configuration mode. * Disable IPS inspection for "nailed" static NAT entries. * If possible, change "nailed" static NAT entries to standard static NAT entries. This may be feasible since in most cases there is no need for allowing IPsec tunnels inside IPsec tunnels. Filtering out UDP port 4500 traffic across an IPsec tunnel can be accomplished by using a VPN filter, as shown in the following example: !-- Deny only UDP port 4500 traffic and allow everything else access-list VPNFILTER extended deny udp any any eq 4500 access-list VPNFILTER extended permit ip any any !-- Create a group policy and specify a VPN filter that uses the !-- previous ACL group-policy VPNPOL internal group-policy VPNPOL attributes vpn-filter value VPNFILTER !-- Reference the group policy with the VPN filter from the tunnel group tunnel-group 172.16.0.1 type ipsec-l2l tunnel-group 172.16.0.1 general-attributes default-group-policy VPNPOL For this workaround to be effective, the group policy needs to be applied to all site-to-site (tunnel type "ipsec-l2l") and remote access (tunnel type "ipsec-ra") tunnel groups. Warning: In addition to filtering out IKE traffic on UDP port 4500, this workaround may also affect other procotols like DNS and SNMP that send traffic on UDP port 4500. For example, if a DNS resolver sends traffic from UDP port 4500 to a DNS server, the response from the DNS server will be destined to UDP port 4500, which then may be filtered out by the filter used in this workaround. NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- If NTLMv1 authentication is required, there are no workarounds for this vulnerability. If NTLMv1 authentication can be substituted by other authentication protocols (LDAP, RADIUS, TACACS+, etc.), it is possible to mitigate the vulnerability. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of any of the vulnerabilities described in this advisory. TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- This vulnerability was discovered during the resolution of a customer service request. SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- CSCsy91157 was discovered during internal testing. CSCtc96018 was discovered during the resolution of customer service requests. SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- This vulnerability was discovered during the resolution of customer service requests. WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ This vulnerability was discovered during the resolution of customer service requests. Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- This vulnerability was discovered during internal testing. Crafted IKE Message Denial of Service Vulnerability +-------------------------------------------------- This vulnerability was discovered during the resolution of customer service requests. NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- This vulnerability was discovered during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2010-February-17 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2008-2010 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: Feb 17, 2010 Document ID: 111485 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkt8GTYACgkQ86n/Gc8U/uBi6QCfYFKvAUdFrRvusqKoaFmMwfcH XOYAnRymbNOcRg5gmPFMO/zqgm2wOyKQ =JUg3 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote attackers to bypass NTLMv1 authentication via a crafted username, aka Bug ID CSCte21953. The problem is Bug ID : CSCte21953 It is a problem.Through a crafted username by a third party, NTLMv1 Authentication may be bypassed. Successful exploits allow remote attackers to gain access to vulnerable devices, without requiring successful authentication. This issue is being tracked by Cisco bug ID CSCte21953. 4) An error in WebVPN can be exploited to trigger an appliance reload via a specially crafted DTLS packet. 7) An error in the implementation of the NT LAN Manager version 1 (NTLMv1) protocol can be exploited to bypass authentication via a specially crafted username. SOLUTION: Update to a fixed version. Please see the vendor's advisory for detailed patch information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances Advisory ID: cisco-sa-20100217-asa Revision 1.0 For Public Release 2010 February 17 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco ASA 5500 Series Adaptive Security Appliances are affected by the following vulnerabilities: * TCP Connection Exhaustion Denial of Service Vulnerability * Session Initiation Protocol (SIP) Inspection Denial of Service Vulnerabilities * Skinny Client Control Protocol (SCCP) Inspection Denial of Service Vulnerability * WebVPN Datagram Transport Layer Security (DTLS) Denial of Service Vulnerability * Crafted TCP Segment Denial of Service Vulnerability * Crafted Internet Key Exchange (IKE) Message Denial of Service Vulnerability * NT LAN Manager version 1 (NTLMv1) Authentication Bypass Vulnerability These vulnerabilities are not interdependent; a release that is affected by one vulnerability is not necessarily affected by the others. There are workarounds for some of the vulnerabilities disclosed in this advisory. Cisco has released free software updates that address these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml. For specific version information, refer to the "Software Versions and Fixes" section of this advisory. TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- Cisco ASA 5500 Series Adaptive Security Appliances may experience a TCP connection exhaustion condition (no new TCP connections are accepted) that can be triggered through the receipt of specific TCP segments during the TCP connection termination phase. Appliances that are running versions 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected when they are configured for any of the following features: * SSL VPNs * Cisco Adaptive Security Device Manager (ASDM) Administrative Access * Telnet Access * SSH Access * Virtual Telnet * Virtual HTTP * Transport Layer Security (TLS) Proxy for Encrypted Voice Inspection SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- Two denial of service (DoS) vulnerabilities affect the SIP inspection feature of Cisco ASA 5500 Series Adaptive Security Appliances. Versions 7.0.x, 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected. SIP inspection is enabled by default. To check if SIP inspection is enabled, issue the "show service-policy | include sip" command and confirm that some output is returned. Sample output is displayed in the following example: ciscoasa#show service-policy | include sip Inspect: sip , packet 0, drop 0, reset-drop 0 Alternatively, an appliance that has SIP inspection enabled has a configuration similar to the following: class-map inspection_default match default-inspection-traffic ! policy-map global_policy class inspection_default ... inspect sip ... Versions 8.0.x, 8.1.x, and 8.2.x are affected. SCCP inspection is enabled by default. To check if SCCP inspection is enabled, issue the "show service-policy | include skinny" command and confirm that some output is returned. Sample output is displayed in the following example: ciscoasa#show service-policy | include skinny Inspect: skinny , packet 0, drop 0, reset-drop 0 Alternatively, an appliance that has SCCP inspection enabled has a configuration similar to the following: class-map inspection_default match default-inspection-traffic ! policy-map global_policy class inspection_default ... inspect skinny ... Affected versions include 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x. Administrators can enable WebVPN with the "enable <interface name>" command in "webvpn" configuration mode. DTLS can be enabled by issuing the "svc dtls enable" command in "group policy webvpn" configuration mode. The following configuration snippet provides an example of a WebVPN configuration that enables DTLS: webvpn enable outside svc enable ... ! group-policy <group name> internal group-policy <group name> attributes ... webvpn svc dtls enable ... Altough WebVPN is disabled by default, DTLS is enabled by default in recent software releases. This vulnerability only affects configurations that use the "nailed" option at the end of their static statement. Additionally, traffic that matches "static" statement must also be inspected by a Cisco AIP-SSM (an Intrusion Prevention System (IPS) module) in inline mode. IPS inline operation mode is enabled by using the "ips inline {fail-close | fail-open}" command in "class" configuration mode. Versions 7.0.x, 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected. IKE is not enabled by default. If IKE is enabled, the "isakmp enable <interface name>" command appears in the configuration. Versions 7.0.x, 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected. Administrators can configure NTLMv1 authentication by defining an Authentication, Authorization, and Accounting (AAA) server group that uses the NTLMv1 protocol with the "aaa-server <AAA server group tag> protocol nt" command and then configuring a service that requires authentication to use that AAA server group. To verify that NTLMv1 authentication is enabled and active, issue the "show aaa-server protocol nt" command. Sample output is displayed in the following example: ciscoasa#show aaa-server protocol nt Server Group: test Server Protocol: nt Server Address: 192.168.10.11 Server port: 139 Server status: ACTIVE, Last transaction (success) at 11:10:08 UTC Fri Jan 29 <output truncated> Cisco PIX 500 Series Security Appliance Vulnerability Status +----------------------------------------------------------- Cisco PIX 500 Series Security Appliances are affected by the following vulnerabilities: * TCP Connection Exhaustion Denial of Service Vulnerability * SIP Inspection Denial of Service Vulnerabilities * SCCP Inspection Denial of Service Vulnerability * Crafted IKE Message Denial of Service Vulnerability * NTLMv1 Authentication Bypass Vulnerability Because the Cisco PIX 500 Series Security Appliances reached End of Software Maintenance Releases on July 28, 2009, no further software releases will be available for the Cisco PIX 500 Series Security Appliances. For more information, refer to the End of Life announcement at: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/end_of_life_notice_cisco_pix_525_sec_app.html. How To Determine The Running Software Version +-------------------------------------------- To determine whether a vulnerable version of Cisco ASA Software is running on an appliance, administrators can issue the "show version" command-line interface (CLI) command. The following example shows a Cisco ASA 5500 Series Adaptive Security Appliance that is running software version 8.0(4): ASA#show version Cisco Adaptive Security Appliance Software Version 8.0(4) Device Manager Version 6.0(1) <output truncated> Customers who use Cisco ASDM to manage devices can locate the software version in the table that is displayed in the login window or upper-left corner of the Cisco ASDM window. Products Confirmed Not Vulnerable +-------------------------------- The Cisco Firewall Services Module (FWSM) is affected by some of the vulnerabilities in this advisory. A separate Cisco Security Advisory has been published to disclose the vulnerabilities that affect the FWSM. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20100217-fwsm.shtml. With the exception of the Cisco FWSM, no other Cisco products are currently known to be affected by these vulnerabilities. It offers firewall, intrusion prevention (IPS), anti-X, and VPN services. Cisco ASA 5500 Series Adaptive Security Appliances are affected by the following vulnerabilities: TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- Cisco ASA 5500 Series Adaptive Security Appliances may experience a TCP connection exhaustion condition (no new TCP connections are accepted) when specific TCP segments are received during the TCP connection termination phase. This vulnerability is triggered only when specific TCP segments are sent to certain TCP-based services that terminate on the affected appliance. Although exploitation of this vulnerability requires a TCP three-way handshake, authentication is not required. SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- Cisco ASA 5500 Series Adaptive Security Appliances are affected by two denial of service vulnerabilities that may cause an appliance to reload during the processing of SIP messages. Appliances are only vulnerable when SIP inspection is enabled. Only transit traffic can trigger these vulnerabilities; traffic that is destined to the appliance will not trigger the vulnerabilities. These vulnerabilities are documented in Cisco bug IDs CSCsy91157, and CSCtc96018, and have been assigned CVE IDs CVE-2010-0150, and CVE-2010-0569 respectively. Appliances are only vulnerable when SCCP inspection is enabled. Only transit traffic can trigger this vulnerability; traffic that is destined to the appliance will not trigger the vulnerabily. Appliances are only vulnerable when they are configured for WebVPN and DTLS transport. This vulnerability is only triggered by traffic that is destined to the appliance; transit traffic will not trigger the vulnerability. A malformed, transit TCP segment is received. 2. The TCP segment matches a static NAT translation that has the "nailed" option configured on it. 3. The TCP segment is also processed by the Cisco AIP-SSM, which is configured for inline mode of operation. A TCP three-way handshake is not necessary to exploit this vulnerability. The tunnels are not torn down immediately; IPsec traffic will continue to flow until the next rekey, at which time the rekey will fail and the tunnels will be torn down. Both site-to-site and remote access VPN tunnels are affected. The vulnerability is triggered when the appliance processes a malformed IKE message on port UDP 4500 that traverses an existing IPsec tunnel. The only way to recover and re-establish IPsec VPN tunnels is to reload the appliance. When this vulnerability is exploited, the security appliance will generate syslog messages 713903 and 713906, which will be followed by the loss of IPsec peers. Any services that use a AAA server group that is configured to use the NTLMv1 authentication protocol is affected. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss. TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- * CSCsz77717 ("TCP sessions remain in CLOSEWAIT indefinitely") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- * CSCsy91157 ("Watchdog when inspecting malformed SIP traffic") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtc96018 ("ASA watchdog when inspecting malformed SIP traffic") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- * CSCsz79757 ("Traceback - Thread Name: Dispatch Unit with skinny inspect enabled") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ * CSCtb64913 ("WEBVPN: page fault in thread name dispath unit, eip udpmod_user_put") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- * CSCtb37219 ("Traceback in Dispatch Unit AIP-SSM Inline and nailed option on static") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Crafted IKE Message Denial of Service Vulnerability +-------------------------------------------------- * CSCtc47782 ("Malformed IKE traffic causes rekey to fail") CVSS Base Score - 5.0 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Partial CVSS Temporal Score - 4.1 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- * CSCte21953 ("ASA may allow authentication of an invalid username for NT auth") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None CVSS Temporal Score - 6.2 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- Successful exploitation of this vulnerability may lead to an exhaustion condition where the affected appliance cannot accept new TCP connections. A reload of the appliance is necessary to recover from the TCP connection exhaustion condition. If a TCP-based protocol is used for device management (like telnet, SSH, or HTTPS), a serial console connection may be needed to access to the appliance. SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. Crafted IKE Message Denial of Service Vulnerability +-------------------------------------------------- Successful exploitation of this vulnerability could cause all IPsec VPN tunnels (LAN-to-LAN or remote) that terminate on the security appliance to be torn down and prevent new tunnels from being established. A manual reload of the appliance is required to re-establish all VPN tunnels. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. The following table contains the first fixed software release of each vulnerability. A device running a version of the given release in a specific row (less than the First Fixed Release) is known to be vulnerable. +---------------------------------------+ | | Major | First | | Vulnerability | Release | Fixed | | | | Release | |-----------------+---------+-----------| | | 7.0 | Not | | | | affected | |TCP Connection |---------+-----------| | Exhaustion | 7.2 | 7.2(4.46) | |Denial of |---------+-----------| | Service | 8.0 | 8.0(4.38) | |Vulnerability ( |---------+-----------| | CSCsz77717) | 8.1 | 8.1(2.29) | | |---------+-----------| | | 8.2 | 8.2(1.5) | |-----------------+---------+-----------| | | 7.0 | 7.0(8.10) | |SIP Inspection |---------+-----------| | Denial of | 7.2 | 7.2(4.45) | |Service |---------+-----------| | Vulnerabilities | 8.0 | 8.0(5.2) | |(CSCsy91157 and |---------+-----------| | CSCtc96018) | 8.1 | 8.1(2.37) | | |---------+-----------| | | 8.2 | 8.2(1.16) | |-----------------+---------+-----------| | | 7.0 | Not | | | | affected | | |---------+-----------| | SCCP Inspection | 7.2 | Not | | Denial of | | affected | |Service |---------+-----------| | Vulnerability ( | 8.0 | 8.0(4.38) | |CSCsz79757) |---------+-----------| | | 8.1 | 8.1(2.29) | | |---------+-----------| | | 8.2 | 8.2(1.2) | |-----------------+---------+-----------| | | 7.0 | Not | | | | affected | |WebVPN DTLS |---------+-----------| | Denial of | 7.2 | 7.2(4.45) | |Service |---------+-----------| | Vulnerability ( | 8.0 | 8.0(4.44) | |CSCtb64913) |---------+-----------| | | 8.1 | 8.1(2.35) | | |---------+-----------| | | 8.2 | 8.2(1.10) | |-----------------+---------+-----------| | | 7.0 | 7.0(8.10) | | |---------+-----------| | Crafted TCP | 7.2 | 7.2(4.45) | |Segment Denial |---------+-----------| | of Service | 8.0 | 8.0(4.44) | |Vulnerability ( |---------+-----------| | CSCtb37219) | 8.1 | 8.1(2.35) | | |---------+-----------| | | 8.2 | 8.2(1.10) | |-----------------+---------+-----------| | | 7.0 | 7.0(8.10) | | |---------+-----------| | Crafted IKE | 7.2 | 7.2(4.45) | |Message Denial |---------+-----------| | of Service | 8.0 | 8.0(5.1) | |Vulnerability ( |---------+-----------| | CSCtc47782) | 8.1 | 8.1(2.37) | | |---------+-----------| | | 8.2 | 8.2(1.15) | |-----------------+---------+-----------| | | 7.0 | 7.0(8.10) | | |---------+-----------| | | 7.2 | 7.2(4.45) | | |---------+-----------| | NTLMv1 | 8.0 | 8.0(5.7) | |Authentication |---------+-----------| | Bypass | | 8.1 | | Vulnerability ( | | (2.40), | | CSCte21953) | 8.1 | available | | | | early | | | | March | | | | 2010 | | |---------+-----------| | | 8.2 | 8.2(2.1) | +---------------------------------------+ Note: Cisco ASA Software versions 7.1.x are affected by some of the vulnerabilities in this advisory. However, no fixed 7.1.x software versions are planned because the 7.1.x major release has reached the End of Software Maintenance Releases milestone. Fixed Cisco ASA Software can be downloaded from: http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT?psrtdcat20e2 Recommended Releases +------------------- Releases 7.0(8.10), 7.2(4.46), 8.0(5.9), 8.1(2.40) (available early March 2010), and 8.2(2.4) are recommended releases because they contain the fixes for all vulnerabilities in this advisory. Cisco recommends upgrading to a release that is equal to or later than these recommended releases. Workarounds =========== TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- It is possible to mitigate this vulnerability for TCP-based services that are offered to known clients. For example, it may be possible to restrict SSH, Cisco ASDM/HTTPS, and Telnet administrative access to known hosts or IP subnetworks. For other services like remote access SSL VPN, where clients connect from unknown hosts and networks, no mitigations exist. SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- These vulnerabilities can be mitigated by disabling SIP inspection if it is not required. Administrators can disable SIP inspection by issuing the "no inspect sip" command in class configuration sub-mode within policy-map configuration. SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- This vulnerability can be mitigated by disabling SCCP inspection if it is not required. Administrators can disable SCCP inspection by issuing the "no inspect skinny" command in class configuration sub-mode within the policy-map configuration. WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ This vulnerability can be mitigated by disabling DTLS transport for WebVPN. Administrators can disable DTLS by issuing the "no svc dtls enable" command under the "webvpn" attributes section of the corresponding group policy. Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- Possible workarounds for this vulnerability are the following: * Migrate from "nailed" static NAT entries to TCP-state bypass. * Use the Cisco AIP-SSM in promiscuous mode. This mode can be configured by issuing the "ips promiscuous" command in "class" configuration mode. * Disable IPS inspection for "nailed" static NAT entries. * If possible, change "nailed" static NAT entries to standard static NAT entries. This may be feasible since in most cases there is no need for allowing IPsec tunnels inside IPsec tunnels. Filtering out UDP port 4500 traffic across an IPsec tunnel can be accomplished by using a VPN filter, as shown in the following example: !-- Deny only UDP port 4500 traffic and allow everything else access-list VPNFILTER extended deny udp any any eq 4500 access-list VPNFILTER extended permit ip any any !-- Create a group policy and specify a VPN filter that uses the !-- previous ACL group-policy VPNPOL internal group-policy VPNPOL attributes vpn-filter value VPNFILTER !-- Reference the group policy with the VPN filter from the tunnel group tunnel-group 172.16.0.1 type ipsec-l2l tunnel-group 172.16.0.1 general-attributes default-group-policy VPNPOL For this workaround to be effective, the group policy needs to be applied to all site-to-site (tunnel type "ipsec-l2l") and remote access (tunnel type "ipsec-ra") tunnel groups. Warning: In addition to filtering out IKE traffic on UDP port 4500, this workaround may also affect other procotols like DNS and SNMP that send traffic on UDP port 4500. For example, if a DNS resolver sends traffic from UDP port 4500 to a DNS server, the response from the DNS server will be destined to UDP port 4500, which then may be filtered out by the filter used in this workaround. For a more comprehensive example of the VPN filter feature of the Cisco ASA 5500 Series Adaptive Security Appliances, refer to the whitepaper "PIX/ASA 7.x and Later: VPN Filter (Permit Specific Port or Protocol) Configuration Example for L2L and Remote Access" available at: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml In addition, if the security appliance does not terminate any tunnels, the vulnerability can be mitigated by disabling IKE by issuing the "no isakmp enable <interface name>" command. NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- If NTLMv1 authentication is required, there are no workarounds for this vulnerability. If NTLMv1 authentication can be substituted by other authentication protocols (LDAP, RADIUS, TACACS+, etc.), it is possible to mitigate the vulnerability. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of any of the vulnerabilities described in this advisory. TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- This vulnerability was discovered during the resolution of a customer service request. SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- CSCsy91157 was discovered during internal testing. CSCtc96018 was discovered during the resolution of customer service requests. SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- This vulnerability was discovered during the resolution of customer service requests. WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ This vulnerability was discovered during the resolution of customer service requests. Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- This vulnerability was discovered during internal testing. Crafted IKE Message Denial of Service Vulnerability +-------------------------------------------------- This vulnerability was discovered during the resolution of customer service requests. NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- This vulnerability was discovered during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2010-February-17 | Initial public release. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2008-2010 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: Feb 17, 2010 Document ID: 111485 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkt8GTYACgkQ86n/Gc8U/uBi6QCfYFKvAUdFrRvusqKoaFmMwfcH XOYAnRymbNOcRg5gmPFMO/zqgm2wOyKQ =JUg3 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCtc96018. The problem is Bug ID : CSCtc96018 It is a problem.Unauthorized by a third party SIP Service disruption via message (DoS) There is a possibility of being put into a state. This issue is tracked by Cisco Bug ID CSCtc96018. An attacker can exploit this issue to cause a vulnerable device to crash, denying service to legitimate users. For more information see vulnerabilities #1, #2, #3, #6, and #7 in: SA38618 SOLUTION: Affected products have reached End of Software Maintenance Releases on July 28, 2009. 1) An error when receiving certain TCP segments while a connection is being terminated can be exploited to make a device unable to accept new TCP connections. 2) Two errors in the Session Initiation Protocol (SIP) inspection feature can be exploited to trigger an appliance reload. 3) An error in the Skinny Client Control Protocol (SCCP) inspection feature can be exploited to trigger an appliance reload. 4) An error in WebVPN can be exploited to trigger an appliance reload via a specially crafted DTLS packet. 5) An error when using the "nailed" option can be exploited to reload an appliance via a specially crafted TCP segment that transits the appliance. 6) An error when parsing Internet Key Exchange (IKE) messages can be exploited to disrupt all IPsec tunnels that terminate on an affected device. 7) An error in the implementation of the NT LAN Manager version 1 (NTLMv1) protocol can be exploited to bypass authentication via a specially crafted username. SOLUTION: Update to a fixed version. Please see the vendor's advisory for detailed patch information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . TPTI-11-05: Adobe Shockwave PFR1 Font Chunk Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-05 February 8, 2011 -- CVE ID: CVE-2011-0569 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe Shockwave Player -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10825. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing font structures within Director files. While processing data within the PFR1 chunk, the process trusts a size value and compares a sign-extended counter against it within a copy loop. By providing a sufficiently large value, this flaw can be abused by a remote attacker to execute arbitrary code under the context of the user running the browser. -- Vendor Response: Adobe has issued an update to correct this vulnerability. More details can be found at: http://www.adobe.com/support/security/bulletins/apsb11-01.html -- Disclosure Timeline: 2011-01-24 - Vulnerability reported to vendor 2011-02-08 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Logan Brown and Aaron Portnoy, TippingPoint DVLabs * Luigi Auriemma

Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site.". Multiple Symantec products are prone to a stack-based buffer-overflow vulnerability because the applications utilize an ActiveX control that fails to adequately validate user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions. Remote Attacker An attacker can pass an unidentified vector, causing a denial of service. ---------------------------------------------------------------------- Public Beta of CSI and WSUS Integration http://secunia.com/blog/74 ---------------------------------------------------------------------- TITLE: Symantec Products "SYMLTCOM.dll" ActiveX Control Buffer Overflow SECUNIA ADVISORY ID: SA38654 VERIFY ADVISORY: http://secunia.com/advisories/38654/ DESCRIPTION: A vulnerability has been reported in some Symantec products, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error in the SYMLTCOM.dll ActiveX control, which can be exploited to cause e.g. a stack-based buffer overflow when a user visits a specially crafted web page. Successful exploitation allows execution of arbitrary code, but is limited to a certain unspecified domain. Symantec Client Security 3.0.x: Update to SCS 3.1 MR9. Symantec Client Security 3.1.x: Update to MR9. PROVIDED AND/OR DISCOVERED BY: The vendor credits FrSIRT. ORIGINAL ADVISORY: Symantec SYM10-003: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability http://www.vupen.com/english/research.php I. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a vulnerability in various Symantec security products. II. CREDIT -------------- The vulnerabilities were discovered by VUPEN Security V. ABOUT VUPEN Security --------------------------------- VUPEN is a leading IT security research company providing vulnerability management services to allow enterprises and organizations to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. VUPEN also provides research services for security vendors (antivirus, IDS, IPS,etc) to supplement their internal vulnerability research efforts and quickly develop vulnerability-based and exploit-based signatures, rules, and filters, and proactively protect their customers against potential threats. * VUPEN Vulnerability Notification Service: http://www.vupen.com/english/services * VUPEN Exploits and In-Depth Vulnerability Analysis: http://www.vupen.com/exploits VI. REFERENCES ---------------------- http://www.vupen.com/english/advisories/2010/0411 http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0107 VII. DISCLOSURE TIMELINE ----------------------------------- 2008-04-07 - Vendor notified 2008-04-08 - Vendor response 2008-05-09 - Status update received 2008-06-10 - Status update received 2008-12-05 - Status update received 2010-02-18 - Patches available, public disclosure

Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. Cisco Security Agent is prone to a directory-traversal vulnerability. This issue is tracked by Cisco BugID CSCtd73275. Cisco Security Agent adopts behavior-based evaluation criteria to identify and protect servers and terminal computers, instead of relying only on signature matching for analysis and identification, successfully solving the security risks brought by unknown viruses. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Agent Advisory ID: cisco-sa-20100217-csa Revision 1.0 For Public Release 2010 February 17 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= The Management Center for Cisco Security Agents is affected by a directory traversal vulnerability and a SQL injection vulnerability. Successful exploitation of the SQL injection vulnerability may allow an authenticated attacker to execute SQL statements that can cause instability of the product or changes in the configuration. Repeated exploitation could result in a sustained DoS condition. These vulnerabilities are independent of each other. Cisco has released free software updates that address these vulnerabilities. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml Affected Products ================= Vulnerable Products +------------------ Cisco Security Agent releases 5.1, 5.2 and 6.0 are affected by the SQL injection vulnerability. The agents installed on user end-points are not affected. Standalone agents are installed in the following products: * Cisco Unified Communications Manager (CallManager) * Cisco Conference Connection (CCC) * Emergency Responder * IPCC Express * IPCC Enterprise * IPCC Hosted * IP Interactive Voice Response (IP IVR) * IP Queue Manager * Intelligent Contact Management (ICM) * Cisco Voice Portal (CVP) * Cisco Unified Meeting Place * Cisco Personal Assistant (PA) * Cisco Unity * Cisco Unity Connection * Cisco Unity Bridge * Cisco Secure ACS Solution Engine * Cisco Internet Service Node (ISN) * Cisco Security Manager (CSM) Note: The Sun Solaris version of the Cisco Security Agent is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. This vulnerability is documented in Cisco Bug ID CSCtd73275 and has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2010-0146. These configuration changes may result in modifications to the security policies of the endpoints. This vulnerability is documented in Cisco Bug ID CSCtd73290 and has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2010-0147. This vulnerability is documented in Cisco Bug ID CSCtb89870 and has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2010-0148. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCtd73275 - Directory Traversal in the Management Center for Cisco Security Agents CVSS Base Score - 6.8 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None CVSS Temporal Score - 5.9 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed CSCtd73290 - Management Center for Cisco Security Agents: SQL Injection CVSS Base Score - 9 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCtb89870 - Kernel Panic When Receiving Certain TCP Packets CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the directory traversal vulnerability may allow an authenticated attacker to view and download arbitrary files from the server that is hosting the Management Center for Cisco Security Agents. Repeated exploitation could result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +-----------------------------------------------------+ | | Cisco | First | | | Vulnerability | Security | Fixed | Recommended | | | Agent | Version | Release | | | Release | | | |---------------+----------+------------+-------------| | | 5.1 | Not | Not | | | | vulnerable | vulnerable | |Directory |----------+------------+-------------| | Traversal | 5.2 | Not | Not | | Vulnerability | | vulnerable | vulnerable | | |----------+------------+-------------| | | 6.0 | 6.0.1.132 | 6.0.1.132 | |---------------+----------+------------+-------------| | | 5.1 | 5.1.0.117 | 5.1.0.117 | |SQL Injection |----------+------------+-------------| | Vulnerability | 5.2 | 5.2.0.296 | 5.2.0.296 | | |----------+------------+-------------| | | 6.0 | 6.0.1.132 | 6.0.1.132 | |---------------+----------+------------+-------------| | | 5.1 | Not | 5.1.0.117 | | | | vulnerable | | |Denial of |----------+------------+-------------| | Service | 5.2 | 5.2.0.285 | 5.2.0.296 | |Vulnerability |----------+------------+-------------| | | 6.0 | Not | 6.0.1.132 | | | | vulnerable | | +-----------------------------------------------------+ Cisco CSA software can be downloaded from the following link: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278065206 Workarounds =========== There are no workarounds available to mitigate these vulnerabilities. Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document for this Advisory: http://www.cisco.com/warp/public/707/cisco-amb-20100217-csa.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. The directory traversal and SQL injection vulnerabilities were discovered and reported to Cisco by Gabriele Giuseppini from Cigital. Cisco PSIRT appreciates the opportunity to work with researchers on security vulnerabilities and welcomes the opportunity to review and assist in product reports. The DoS vulnerability was found during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2010-February-17 | public | | | | release. | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFLew9U86n/Gc8U/uARAifvAJ9oLuXJY6iy962givBVY7701k4ktACfa3wK O9O+Q4F1alHxm6CIbUIXkUs= =+hka -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This vulnerability affects both managed and standalone versions. SOLUTION: Update to version 6.0.1.132, 5.1.0.117, or 5.2.0.296: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278065206 PROVIDED AND/OR DISCOVERED BY: 1, 2) The vendor credits Gabriele Giuseppini from Cigital. 3) Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCtd73290. Cisco Security Agent 5.1, 5.2, and 6.0 are vulnerable. Successful exploitation of the directory traversal vulnerability may allow an authenticated attacker to view and download arbitrary files from the server hosting the Management Center. Repeated exploitation could result in a sustained DoS condition. These vulnerabilities are independent of each other. Cisco has released free software updates that address these vulnerabilities. The agents installed on user end-points are not affected. Only Cisco Security Agent release 5.2 for Windows and Linux, either managed or standalone, are affected by the DoS vulnerability. Standalone agents are installed in the following products: * Cisco Unified Communications Manager (CallManager) * Cisco Conference Connection (CCC) * Emergency Responder * IPCC Express * IPCC Enterprise * IPCC Hosted * IP Interactive Voice Response (IP IVR) * IP Queue Manager * Intelligent Contact Management (ICM) * Cisco Voice Portal (CVP) * Cisco Unified Meeting Place * Cisco Personal Assistant (PA) * Cisco Unity * Cisco Unity Connection * Cisco Unity Bridge * Cisco Secure ACS Solution Engine * Cisco Internet Service Node (ISN) * Cisco Security Manager (CSM) Note: The Sun Solaris version of the Cisco Security Agent is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. These configuration changes may result in modifications to the security policies of the endpoints. Cisco Security Agent Denial of Service Vulnerability +--------------------------------------------------- Cisco Security Agent is affected by a DoS vulnerability that could allow an unauthenticated attacker to cause a system to crash by sending a series of TCP packets. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCtd73275 - Directory Traversal in the Management Center for Cisco Security Agents CVSS Base Score - 6.8 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None CVSS Temporal Score - 5.9 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed CSCtd73290 - Management Center for Cisco Security Agents: SQL Injection CVSS Base Score - 9 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCtb89870 - Kernel Panic When Receiving Certain TCP Packets CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the directory traversal vulnerability may allow an authenticated attacker to view and download arbitrary files from the server that is hosting the Management Center for Cisco Security Agents. Repeated exploitation could result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +-----------------------------------------------------+ | | Cisco | First | | | Vulnerability | Security | Fixed | Recommended | | | Agent | Version | Release | | | Release | | | |---------------+----------+------------+-------------| | | 5.1 | Not | Not | | | | vulnerable | vulnerable | |Directory |----------+------------+-------------| | Traversal | 5.2 | Not | Not | | Vulnerability | | vulnerable | vulnerable | | |----------+------------+-------------| | | 6.0 | 6.0.1.132 | 6.0.1.132 | |---------------+----------+------------+-------------| | | 5.1 | 5.1.0.117 | 5.1.0.117 | |SQL Injection |----------+------------+-------------| | Vulnerability | 5.2 | 5.2.0.296 | 5.2.0.296 | | |----------+------------+-------------| | | 6.0 | 6.0.1.132 | 6.0.1.132 | |---------------+----------+------------+-------------| | | 5.1 | Not | 5.1.0.117 | | | | vulnerable | | |Denial of |----------+------------+-------------| | Service | 5.2 | 5.2.0.285 | 5.2.0.296 | |Vulnerability |----------+------------+-------------| | | 6.0 | Not | 6.0.1.132 | | | | vulnerable | | +-----------------------------------------------------+ Cisco CSA software can be downloaded from the following link: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278065206 Workarounds =========== There are no workarounds available to mitigate these vulnerabilities. Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document for this Advisory: http://www.cisco.com/warp/public/707/cisco-amb-20100217-csa.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. The directory traversal and SQL injection vulnerabilities were discovered and reported to Cisco by Gabriele Giuseppini from Cigital. Cisco PSIRT appreciates the opportunity to work with researchers on security vulnerabilities and welcomes the opportunity to review and assist in product reports. The DoS vulnerability was found during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2010-February-17 | public | | | | release. | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFLew9U86n/Gc8U/uARAifvAJ9oLuXJY6iy962givBVY7701k4ktACfa3wK O9O+Q4F1alHxm6CIbUIXkUs= =+hka -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This vulnerability affects both managed and standalone versions. SOLUTION: Update to version 6.0.1.132, 5.1.0.117, or 5.2.0.296: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278065206 PROVIDED AND/OR DISCOVERED BY: 1, 2) The vendor credits Gabriele Giuseppini from Cigital. 3) Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via "a series of TCP packets.". The Cisco Security Agent is prone to a denial-of-service vulnerability. This issue is tracked by Cisco Bug ID CSCtb89870. An attacker can exploit this issue to cause the vulnerable computer to crash, denying service to legitimate users. Cisco Security Agent 5.2 for Windows and Linux is vulnerable. Cisco Security Agent adopts behavior-based evaluation criteria to identify and protect servers and terminal computers, instead of relying only on signature matching for analysis and identification, successfully solving the security risks brought by unknown viruses. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Agent Advisory ID: cisco-sa-20100217-csa Revision 1.0 For Public Release 2010 February 17 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= The Management Center for Cisco Security Agents is affected by a directory traversal vulnerability and a SQL injection vulnerability. Successful exploitation of the directory traversal vulnerability may allow an authenticated attacker to view and download arbitrary files from the server hosting the Management Center. Successful exploitation of the SQL injection vulnerability may allow an authenticated attacker to execute SQL statements that can cause instability of the product or changes in the configuration. Repeated exploitation could result in a sustained DoS condition. These vulnerabilities are independent of each other. Cisco has released free software updates that address these vulnerabilities. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml Affected Products ================= Vulnerable Products +------------------ Cisco Security Agent releases 5.1, 5.2 and 6.0 are affected by the SQL injection vulnerability. Note: Only the Management Center for Cisco Security Agents is affected by the directory traversal and SQL injection vulnerabilities. The agents installed on user end-points are not affected. Standalone agents are installed in the following products: * Cisco Unified Communications Manager (CallManager) * Cisco Conference Connection (CCC) * Emergency Responder * IPCC Express * IPCC Enterprise * IPCC Hosted * IP Interactive Voice Response (IP IVR) * IP Queue Manager * Intelligent Contact Management (ICM) * Cisco Voice Portal (CVP) * Cisco Unified Meeting Place * Cisco Personal Assistant (PA) * Cisco Unity * Cisco Unity Connection * Cisco Unity Bridge * Cisco Secure ACS Solution Engine * Cisco Internet Service Node (ISN) * Cisco Security Manager (CSM) Note: The Sun Solaris version of the Cisco Security Agent is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. Management Center for Cisco Security Agents Directory Traversal Vulnerability +---------------------------------------------------------------------------- The Management Center for Cisco Security Agents is affected by a directory traversal vulnerability that may allow an authenticated attacker to view and download arbitrary files from the server that is hosting the Management Center for Cisco Security Agents. Management Center for Cisco Security Agents SQL Injection Vulnerability +---------------------------------------------------------------------- The Management Center for Cisco Security Agents is also affected by a SQL injection vulnerability that may allow an authenticated attacker to execute SQL statements that can cause the Management Center for Cisco Security Agents to become unstable or modify its configuration. These configuration changes may result in modifications to the security policies of the endpoints. Additionally, an attacker may create, delete, or modify management user accounts that are found in the Management Center for Cisco Security Agents. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCtd73275 - Directory Traversal in the Management Center for Cisco Security Agents CVSS Base Score - 6.8 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None CVSS Temporal Score - 5.9 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed CSCtd73290 - Management Center for Cisco Security Agents: SQL Injection CVSS Base Score - 9 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCtb89870 - Kernel Panic When Receiving Certain TCP Packets CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the directory traversal vulnerability may allow an authenticated attacker to view and download arbitrary files from the server that is hosting the Management Center for Cisco Security Agents. Successful exploitation of the SQL injection vulnerability may allow an authenticated attacker to execute SQL statements that can cause the Management Center for Cisco Security Agents to become unstable or modify its configuration. Repeated exploitation could result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +-----------------------------------------------------+ | | Cisco | First | | | Vulnerability | Security | Fixed | Recommended | | | Agent | Version | Release | | | Release | | | |---------------+----------+------------+-------------| | | 5.1 | Not | Not | | | | vulnerable | vulnerable | |Directory |----------+------------+-------------| | Traversal | 5.2 | Not | Not | | Vulnerability | | vulnerable | vulnerable | | |----------+------------+-------------| | | 6.0 | 6.0.1.132 | 6.0.1.132 | |---------------+----------+------------+-------------| | | 5.1 | 5.1.0.117 | 5.1.0.117 | |SQL Injection |----------+------------+-------------| | Vulnerability | 5.2 | 5.2.0.296 | 5.2.0.296 | | |----------+------------+-------------| | | 6.0 | 6.0.1.132 | 6.0.1.132 | |---------------+----------+------------+-------------| | | 5.1 | Not | 5.1.0.117 | | | | vulnerable | | |Denial of |----------+------------+-------------| | Service | 5.2 | 5.2.0.285 | 5.2.0.296 | |Vulnerability |----------+------------+-------------| | | 6.0 | Not | 6.0.1.132 | | | | vulnerable | | +-----------------------------------------------------+ Cisco CSA software can be downloaded from the following link: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278065206 Workarounds =========== There are no workarounds available to mitigate these vulnerabilities. Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document for this Advisory: http://www.cisco.com/warp/public/707/cisco-amb-20100217-csa.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. The directory traversal and SQL injection vulnerabilities were discovered and reported to Cisco by Gabriele Giuseppini from Cigital. Cisco PSIRT appreciates the opportunity to work with researchers on security vulnerabilities and welcomes the opportunity to review and assist in product reports. The DoS vulnerability was found during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +----------------------------------------+ | Revision | | Initial | | 1.0 | 2010-February-17 | public | | | | release. | +----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFLew9U86n/Gc8U/uARAifvAJ9oLuXJY6iy962givBVY7701k4ktACfa3wK O9O+Q4F1alHxm6CIbUIXkUs= =+hka -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This vulnerability affects both managed and standalone versions. SOLUTION: Update to version 6.0.1.132, 5.1.0.117, or 5.2.0.296: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278065206 PROVIDED AND/OR DISCOVERED BY: 1, 2) The vendor credits Gabriele Giuseppini from Cigital. 3) Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (prevention of new connections) via crafted TCP segments during termination of the TCP connection that cause the connection to remain in CLOSEWAIT status, aka "TCP Connection Exhaustion Denial of Service Vulnerability.". Cisco ASA security appliances are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to exhaust available TCP connections, resulting in a denial-of-service condition. This issue is documented in Cisco bug ID CSCsz77717. 4) An error in WebVPN can be exploited to trigger an appliance reload via a specially crafted DTLS packet. 7) An error in the implementation of the NT LAN Manager version 1 (NTLMv1) protocol can be exploited to bypass authentication via a specially crafted username. SOLUTION: Update to a fixed version. Please see the vendor's advisory for detailed patch information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. There are workarounds for some of the vulnerabilities disclosed in this advisory. Cisco has released free software updates that address these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml. For specific version information, refer to the "Software Versions and Fixes" section of this advisory. Versions 7.0.x, 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected. SIP inspection is enabled by default. To check if SIP inspection is enabled, issue the "show service-policy | include sip" command and confirm that some output is returned. Sample output is displayed in the following example: ciscoasa#show service-policy | include sip Inspect: sip , packet 0, drop 0, reset-drop 0 Alternatively, an appliance that has SIP inspection enabled has a configuration similar to the following: class-map inspection_default match default-inspection-traffic ! policy-map global_policy class inspection_default ... inspect sip ... Versions 8.0.x, 8.1.x, and 8.2.x are affected. SCCP inspection is enabled by default. To check if SCCP inspection is enabled, issue the "show service-policy | include skinny" command and confirm that some output is returned. Sample output is displayed in the following example: ciscoasa#show service-policy | include skinny Inspect: skinny , packet 0, drop 0, reset-drop 0 Alternatively, an appliance that has SCCP inspection enabled has a configuration similar to the following: class-map inspection_default match default-inspection-traffic ! policy-map global_policy class inspection_default ... inspect skinny ... Affected versions include 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x. Administrators can enable WebVPN with the "enable <interface name>" command in "webvpn" configuration mode. DTLS can be enabled by issuing the "svc dtls enable" command in "group policy webvpn" configuration mode. The following configuration snippet provides an example of a WebVPN configuration that enables DTLS: webvpn enable outside svc enable ... ! group-policy <group name> internal group-policy <group name> attributes ... webvpn svc dtls enable ... Altough WebVPN is disabled by default, DTLS is enabled by default in recent software releases. This vulnerability only affects configurations that use the "nailed" option at the end of their static statement. Additionally, traffic that matches "static" statement must also be inspected by a Cisco AIP-SSM (an Intrusion Prevention System (IPS) module) in inline mode. IPS inline operation mode is enabled by using the "ips inline {fail-close | fail-open}" command in "class" configuration mode. Versions 7.0.x, 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected. IKE is not enabled by default. If IKE is enabled, the "isakmp enable <interface name>" command appears in the configuration. Versions 7.0.x, 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected. Administrators can configure NTLMv1 authentication by defining an Authentication, Authorization, and Accounting (AAA) server group that uses the NTLMv1 protocol with the "aaa-server <AAA server group tag> protocol nt" command and then configuring a service that requires authentication to use that AAA server group. To verify that NTLMv1 authentication is enabled and active, issue the "show aaa-server protocol nt" command. For more information, refer to the End of Life announcement at: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/end_of_life_notice_cisco_pix_525_sec_app.html. How To Determine The Running Software Version +-------------------------------------------- To determine whether a vulnerable version of Cisco ASA Software is running on an appliance, administrators can issue the "show version" command-line interface (CLI) command. The following example shows a Cisco ASA 5500 Series Adaptive Security Appliance that is running software version 8.0(4): ASA#show version Cisco Adaptive Security Appliance Software Version 8.0(4) Device Manager Version 6.0(1) <output truncated> Customers who use Cisco ASDM to manage devices can locate the software version in the table that is displayed in the login window or upper-left corner of the Cisco ASDM window. Products Confirmed Not Vulnerable +-------------------------------- The Cisco Firewall Services Module (FWSM) is affected by some of the vulnerabilities in this advisory. A separate Cisco Security Advisory has been published to disclose the vulnerabilities that affect the FWSM. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20100217-fwsm.shtml. With the exception of the Cisco FWSM, no other Cisco products are currently known to be affected by these vulnerabilities. It offers firewall, intrusion prevention (IPS), anti-X, and VPN services. This vulnerability is triggered only when specific TCP segments are sent to certain TCP-based services that terminate on the affected appliance. Although exploitation of this vulnerability requires a TCP three-way handshake, authentication is not required. Appliances are only vulnerable when SIP inspection is enabled. Only transit traffic can trigger these vulnerabilities; traffic that is destined to the appliance will not trigger the vulnerabilities. Appliances are only vulnerable when SCCP inspection is enabled. Only transit traffic can trigger this vulnerability; traffic that is destined to the appliance will not trigger the vulnerabily. Appliances are only vulnerable when they are configured for WebVPN and DTLS transport. This vulnerability is only triggered by traffic that is destined to the appliance; transit traffic will not trigger the vulnerability. A malformed, transit TCP segment is received. 2. The TCP segment matches a static NAT translation that has the "nailed" option configured on it. 3. The TCP segment is also processed by the Cisco AIP-SSM, which is configured for inline mode of operation. A TCP three-way handshake is not necessary to exploit this vulnerability. The tunnels are not torn down immediately; IPsec traffic will continue to flow until the next rekey, at which time the rekey will fail and the tunnels will be torn down. Both site-to-site and remote access VPN tunnels are affected. The vulnerability is triggered when the appliance processes a malformed IKE message on port UDP 4500 that traverses an existing IPsec tunnel. The only way to recover and re-establish IPsec VPN tunnels is to reload the appliance. When this vulnerability is exploited, the security appliance will generate syslog messages 713903 and 713906, which will be followed by the loss of IPsec peers. NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- Cisco ASA 5500 Series Adaptive Security Appliances contain a vulnerability that could result in authentication bypass when the affected appliance is configured to authenticate users against Microsoft Windows servers using the NTLMv1 protocol. Users can bypass authentication by providing an an invalid, crafted username during an authentication request. Any services that use a AAA server group that is configured to use the NTLMv1 authentication protocol is affected. Affected services include: * Telnet access to the security appliance * SSH access to the security appliance * HTTPS access to the security appliance (including Cisco ASDM access) * Serial console access * Privileged (enable) mode access * Cut-through proxy for network access * VPN access This vulnerability is documented in Cisco bug ID CSCte21953 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-0568. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss. TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- * CSCsz77717 ("TCP sessions remain in CLOSEWAIT indefinitely") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- * CSCsy91157 ("Watchdog when inspecting malformed SIP traffic") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtc96018 ("ASA watchdog when inspecting malformed SIP traffic") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- * CSCsz79757 ("Traceback - Thread Name: Dispatch Unit with skinny inspect enabled") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ * CSCtb64913 ("WEBVPN: page fault in thread name dispath unit, eip udpmod_user_put") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- * CSCtb37219 ("Traceback in Dispatch Unit AIP-SSM Inline and nailed option on static") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Crafted IKE Message Denial of Service Vulnerability +-------------------------------------------------- * CSCtc47782 ("Malformed IKE traffic causes rekey to fail") CVSS Base Score - 5.0 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Partial CVSS Temporal Score - 4.1 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- * CSCte21953 ("ASA may allow authentication of an invalid username for NT auth") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None CVSS Temporal Score - 6.2 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- Successful exploitation of this vulnerability may lead to an exhaustion condition where the affected appliance cannot accept new TCP connections. A reload of the appliance is necessary to recover from the TCP connection exhaustion condition. If a TCP-based protocol is used for device management (like telnet, SSH, or HTTPS), a serial console connection may be needed to access to the appliance. SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. Repeated exploitation could result in a sustained DoS condition. A manual reload of the appliance is required to re-establish all VPN tunnels. NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- Successful exploitation of this vulnerability could result in unauthorized access to the network or appliance. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. The following table contains the first fixed software release of each vulnerability. A device running a version of the given release in a specific row (less than the First Fixed Release) is known to be vulnerable. However, no fixed 7.1.x software versions are planned because the 7.1.x major release has reached the End of Software Maintenance Releases milestone. Fixed Cisco ASA Software can be downloaded from: http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT?psrtdcat20e2 Recommended Releases +------------------- Releases 7.0(8.10), 7.2(4.46), 8.0(5.9), 8.1(2.40) (available early March 2010), and 8.2(2.4) are recommended releases because they contain the fixes for all vulnerabilities in this advisory. Cisco recommends upgrading to a release that is equal to or later than these recommended releases. For example, it may be possible to restrict SSH, Cisco ASDM/HTTPS, and Telnet administrative access to known hosts or IP subnetworks. For other services like remote access SSL VPN, where clients connect from unknown hosts and networks, no mitigations exist. SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- These vulnerabilities can be mitigated by disabling SIP inspection if it is not required. Administrators can disable SIP inspection by issuing the "no inspect sip" command in class configuration sub-mode within policy-map configuration. SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- This vulnerability can be mitigated by disabling SCCP inspection if it is not required. Administrators can disable SCCP inspection by issuing the "no inspect skinny" command in class configuration sub-mode within the policy-map configuration. WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ This vulnerability can be mitigated by disabling DTLS transport for WebVPN. Administrators can disable DTLS by issuing the "no svc dtls enable" command under the "webvpn" attributes section of the corresponding group policy. Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- Possible workarounds for this vulnerability are the following: * Migrate from "nailed" static NAT entries to TCP-state bypass. * Use the Cisco AIP-SSM in promiscuous mode. This mode can be configured by issuing the "ips promiscuous" command in "class" configuration mode. * Disable IPS inspection for "nailed" static NAT entries. * If possible, change "nailed" static NAT entries to standard static NAT entries. This may be feasible since in most cases there is no need for allowing IPsec tunnels inside IPsec tunnels. Filtering out UDP port 4500 traffic across an IPsec tunnel can be accomplished by using a VPN filter, as shown in the following example: !-- Deny only UDP port 4500 traffic and allow everything else access-list VPNFILTER extended deny udp any any eq 4500 access-list VPNFILTER extended permit ip any any !-- Create a group policy and specify a VPN filter that uses the !-- previous ACL group-policy VPNPOL internal group-policy VPNPOL attributes vpn-filter value VPNFILTER !-- Reference the group policy with the VPN filter from the tunnel group tunnel-group 172.16.0.1 type ipsec-l2l tunnel-group 172.16.0.1 general-attributes default-group-policy VPNPOL For this workaround to be effective, the group policy needs to be applied to all site-to-site (tunnel type "ipsec-l2l") and remote access (tunnel type "ipsec-ra") tunnel groups. Warning: In addition to filtering out IKE traffic on UDP port 4500, this workaround may also affect other procotols like DNS and SNMP that send traffic on UDP port 4500. For example, if a DNS resolver sends traffic from UDP port 4500 to a DNS server, the response from the DNS server will be destined to UDP port 4500, which then may be filtered out by the filter used in this workaround. For a more comprehensive example of the VPN filter feature of the Cisco ASA 5500 Series Adaptive Security Appliances, refer to the whitepaper "PIX/ASA 7.x and Later: VPN Filter (Permit Specific Port or Protocol) Configuration Example for L2L and Remote Access" available at: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml In addition, if the security appliance does not terminate any tunnels, the vulnerability can be mitigated by disabling IKE by issuing the "no isakmp enable <interface name>" command. NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- If NTLMv1 authentication is required, there are no workarounds for this vulnerability. If NTLMv1 authentication can be substituted by other authentication protocols (LDAP, RADIUS, TACACS+, etc.), it is possible to mitigate the vulnerability. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of any of the vulnerabilities described in this advisory. SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- CSCsy91157 was discovered during internal testing. CSCtc96018 was discovered during the resolution of customer service requests. SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- This vulnerability was discovered during the resolution of customer service requests. WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ This vulnerability was discovered during the resolution of customer service requests. Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- This vulnerability was discovered during internal testing. Crafted IKE Message Denial of Service Vulnerability +-------------------------------------------------- This vulnerability was discovered during the resolution of customer service requests. NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- This vulnerability was discovered during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2010-February-17 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2008-2010 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: Feb 17, 2010 Document ID: 111485 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkt8GTYACgkQ86n/Gc8U/uBi6QCfYFKvAUdFrRvusqKoaFmMwfcH XOYAnRymbNOcRg5gmPFMO/zqgm2wOyKQ =JUg3 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCsy91157. The problem is Bug ID : CSCsy91157 It is a problem.Unauthorized by a third party SIP Service disruption via message (DoS) There is a possibility of being put into a state. This issue is tracked by Cisco Bug ID CSCsy91157. An attacker can exploit this issue to cause the vulnerable device to crash, denying service to legitimate users. 4) An error in WebVPN can be exploited to trigger an appliance reload via a specially crafted DTLS packet. 7) An error in the implementation of the NT LAN Manager version 1 (NTLMv1) protocol can be exploited to bypass authentication via a specially crafted username. SOLUTION: Update to a fixed version. Please see the vendor's advisory for detailed patch information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances Advisory ID: cisco-sa-20100217-asa Revision 1.0 For Public Release 2010 February 17 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco ASA 5500 Series Adaptive Security Appliances are affected by the following vulnerabilities: * TCP Connection Exhaustion Denial of Service Vulnerability * Session Initiation Protocol (SIP) Inspection Denial of Service Vulnerabilities * Skinny Client Control Protocol (SCCP) Inspection Denial of Service Vulnerability * WebVPN Datagram Transport Layer Security (DTLS) Denial of Service Vulnerability * Crafted TCP Segment Denial of Service Vulnerability * Crafted Internet Key Exchange (IKE) Message Denial of Service Vulnerability * NT LAN Manager version 1 (NTLMv1) Authentication Bypass Vulnerability These vulnerabilities are not interdependent; a release that is affected by one vulnerability is not necessarily affected by the others. There are workarounds for some of the vulnerabilities disclosed in this advisory. Cisco has released free software updates that address these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml. For specific version information, refer to the "Software Versions and Fixes" section of this advisory. TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- Cisco ASA 5500 Series Adaptive Security Appliances may experience a TCP connection exhaustion condition (no new TCP connections are accepted) that can be triggered through the receipt of specific TCP segments during the TCP connection termination phase. Versions 7.0.x, 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected. SIP inspection is enabled by default. To check if SIP inspection is enabled, issue the "show service-policy | include sip" command and confirm that some output is returned. Sample output is displayed in the following example: ciscoasa#show service-policy | include sip Inspect: sip , packet 0, drop 0, reset-drop 0 Alternatively, an appliance that has SIP inspection enabled has a configuration similar to the following: class-map inspection_default match default-inspection-traffic ! policy-map global_policy class inspection_default ... inspect sip ... Versions 8.0.x, 8.1.x, and 8.2.x are affected. SCCP inspection is enabled by default. To check if SCCP inspection is enabled, issue the "show service-policy | include skinny" command and confirm that some output is returned. Sample output is displayed in the following example: ciscoasa#show service-policy | include skinny Inspect: skinny , packet 0, drop 0, reset-drop 0 Alternatively, an appliance that has SCCP inspection enabled has a configuration similar to the following: class-map inspection_default match default-inspection-traffic ! policy-map global_policy class inspection_default ... inspect skinny ... Affected versions include 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x. Administrators can enable WebVPN with the "enable <interface name>" command in "webvpn" configuration mode. DTLS can be enabled by issuing the "svc dtls enable" command in "group policy webvpn" configuration mode. The following configuration snippet provides an example of a WebVPN configuration that enables DTLS: webvpn enable outside svc enable ... ! group-policy <group name> internal group-policy <group name> attributes ... webvpn svc dtls enable ... Altough WebVPN is disabled by default, DTLS is enabled by default in recent software releases. This vulnerability only affects configurations that use the "nailed" option at the end of their static statement. Additionally, traffic that matches "static" statement must also be inspected by a Cisco AIP-SSM (an Intrusion Prevention System (IPS) module) in inline mode. IPS inline operation mode is enabled by using the "ips inline {fail-close | fail-open}" command in "class" configuration mode. Versions 7.0.x, 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected. IKE is not enabled by default. If IKE is enabled, the "isakmp enable <interface name>" command appears in the configuration. Versions 7.0.x, 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected. Administrators can configure NTLMv1 authentication by defining an Authentication, Authorization, and Accounting (AAA) server group that uses the NTLMv1 protocol with the "aaa-server <AAA server group tag> protocol nt" command and then configuring a service that requires authentication to use that AAA server group. To verify that NTLMv1 authentication is enabled and active, issue the "show aaa-server protocol nt" command. For more information, refer to the End of Life announcement at: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/end_of_life_notice_cisco_pix_525_sec_app.html. How To Determine The Running Software Version +-------------------------------------------- To determine whether a vulnerable version of Cisco ASA Software is running on an appliance, administrators can issue the "show version" command-line interface (CLI) command. The following example shows a Cisco ASA 5500 Series Adaptive Security Appliance that is running software version 8.0(4): ASA#show version Cisco Adaptive Security Appliance Software Version 8.0(4) Device Manager Version 6.0(1) <output truncated> Customers who use Cisco ASDM to manage devices can locate the software version in the table that is displayed in the login window or upper-left corner of the Cisco ASDM window. Products Confirmed Not Vulnerable +-------------------------------- The Cisco Firewall Services Module (FWSM) is affected by some of the vulnerabilities in this advisory. A separate Cisco Security Advisory has been published to disclose the vulnerabilities that affect the FWSM. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20100217-fwsm.shtml. With the exception of the Cisco FWSM, no other Cisco products are currently known to be affected by these vulnerabilities. It offers firewall, intrusion prevention (IPS), anti-X, and VPN services. This vulnerability is triggered only when specific TCP segments are sent to certain TCP-based services that terminate on the affected appliance. Although exploitation of this vulnerability requires a TCP three-way handshake, authentication is not required. Appliances are only vulnerable when SIP inspection is enabled. Only transit traffic can trigger these vulnerabilities; traffic that is destined to the appliance will not trigger the vulnerabilities. These vulnerabilities are documented in Cisco bug IDs CSCsy91157, and CSCtc96018, and have been assigned CVE IDs CVE-2010-0150, and CVE-2010-0569 respectively. Appliances are only vulnerable when SCCP inspection is enabled. Only transit traffic can trigger this vulnerability; traffic that is destined to the appliance will not trigger the vulnerabily. Appliances are only vulnerable when they are configured for WebVPN and DTLS transport. This vulnerability is only triggered by traffic that is destined to the appliance; transit traffic will not trigger the vulnerability. A malformed, transit TCP segment is received. 2. The TCP segment matches a static NAT translation that has the "nailed" option configured on it. 3. The TCP segment is also processed by the Cisco AIP-SSM, which is configured for inline mode of operation. A TCP three-way handshake is not necessary to exploit this vulnerability. The tunnels are not torn down immediately; IPsec traffic will continue to flow until the next rekey, at which time the rekey will fail and the tunnels will be torn down. Both site-to-site and remote access VPN tunnels are affected. The vulnerability is triggered when the appliance processes a malformed IKE message on port UDP 4500 that traverses an existing IPsec tunnel. The only way to recover and re-establish IPsec VPN tunnels is to reload the appliance. When this vulnerability is exploited, the security appliance will generate syslog messages 713903 and 713906, which will be followed by the loss of IPsec peers. Users can bypass authentication by providing an an invalid, crafted username during an authentication request. Any services that use a AAA server group that is configured to use the NTLMv1 authentication protocol is affected. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss. TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- * CSCsz77717 ("TCP sessions remain in CLOSEWAIT indefinitely") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- * CSCsy91157 ("Watchdog when inspecting malformed SIP traffic") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtc96018 ("ASA watchdog when inspecting malformed SIP traffic") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- * CSCsz79757 ("Traceback - Thread Name: Dispatch Unit with skinny inspect enabled") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ * CSCtb64913 ("WEBVPN: page fault in thread name dispath unit, eip udpmod_user_put") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- * CSCtb37219 ("Traceback in Dispatch Unit AIP-SSM Inline and nailed option on static") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Crafted IKE Message Denial of Service Vulnerability +-------------------------------------------------- * CSCtc47782 ("Malformed IKE traffic causes rekey to fail") CVSS Base Score - 5.0 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Partial CVSS Temporal Score - 4.1 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- * CSCte21953 ("ASA may allow authentication of an invalid username for NT auth") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None CVSS Temporal Score - 6.2 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- Successful exploitation of this vulnerability may lead to an exhaustion condition where the affected appliance cannot accept new TCP connections. A reload of the appliance is necessary to recover from the TCP connection exhaustion condition. If a TCP-based protocol is used for device management (like telnet, SSH, or HTTPS), a serial console connection may be needed to access to the appliance. SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- Successful exploitation of this vulnerability may cause a reload of the affected appliance. Repeated exploitation could result in a sustained DoS condition. Crafted IKE Message Denial of Service Vulnerability +-------------------------------------------------- Successful exploitation of this vulnerability could cause all IPsec VPN tunnels (LAN-to-LAN or remote) that terminate on the security appliance to be torn down and prevent new tunnels from being established. A manual reload of the appliance is required to re-establish all VPN tunnels. NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- Successful exploitation of this vulnerability could result in unauthorized access to the network or appliance. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. The following table contains the first fixed software release of each vulnerability. A device running a version of the given release in a specific row (less than the First Fixed Release) is known to be vulnerable. +---------------------------------------+ | | Major | First | | Vulnerability | Release | Fixed | | | | Release | |-----------------+---------+-----------| | | 7.0 | Not | | | | affected | |TCP Connection |---------+-----------| | Exhaustion | 7.2 | 7.2(4.46) | |Denial of |---------+-----------| | Service | 8.0 | 8.0(4.38) | |Vulnerability ( |---------+-----------| | CSCsz77717) | 8.1 | 8.1(2.29) | | |---------+-----------| | | 8.2 | 8.2(1.5) | |-----------------+---------+-----------| | | 7.0 | 7.0(8.10) | |SIP Inspection |---------+-----------| | Denial of | 7.2 | 7.2(4.45) | |Service |---------+-----------| | Vulnerabilities | 8.0 | 8.0(5.2) | |(CSCsy91157 and |---------+-----------| | CSCtc96018) | 8.1 | 8.1(2.37) | | |---------+-----------| | | 8.2 | 8.2(1.16) | |-----------------+---------+-----------| | | 7.0 | Not | | | | affected | | |---------+-----------| | SCCP Inspection | 7.2 | Not | | Denial of | | affected | |Service |---------+-----------| | Vulnerability ( | 8.0 | 8.0(4.38) | |CSCsz79757) |---------+-----------| | | 8.1 | 8.1(2.29) | | |---------+-----------| | | 8.2 | 8.2(1.2) | |-----------------+---------+-----------| | | 7.0 | Not | | | | affected | |WebVPN DTLS |---------+-----------| | Denial of | 7.2 | 7.2(4.45) | |Service |---------+-----------| | Vulnerability ( | 8.0 | 8.0(4.44) | |CSCtb64913) |---------+-----------| | | 8.1 | 8.1(2.35) | | |---------+-----------| | | 8.2 | 8.2(1.10) | |-----------------+---------+-----------| | | 7.0 | 7.0(8.10) | | |---------+-----------| | Crafted TCP | 7.2 | 7.2(4.45) | |Segment Denial |---------+-----------| | of Service | 8.0 | 8.0(4.44) | |Vulnerability ( |---------+-----------| | CSCtb37219) | 8.1 | 8.1(2.35) | | |---------+-----------| | | 8.2 | 8.2(1.10) | |-----------------+---------+-----------| | | 7.0 | 7.0(8.10) | | |---------+-----------| | Crafted IKE | 7.2 | 7.2(4.45) | |Message Denial |---------+-----------| | of Service | 8.0 | 8.0(5.1) | |Vulnerability ( |---------+-----------| | CSCtc47782) | 8.1 | 8.1(2.37) | | |---------+-----------| | | 8.2 | 8.2(1.15) | |-----------------+---------+-----------| | | 7.0 | 7.0(8.10) | | |---------+-----------| | | 7.2 | 7.2(4.45) | | |---------+-----------| | NTLMv1 | 8.0 | 8.0(5.7) | |Authentication |---------+-----------| | Bypass | | 8.1 | | Vulnerability ( | | (2.40), | | CSCte21953) | 8.1 | available | | | | early | | | | March | | | | 2010 | | |---------+-----------| | | 8.2 | 8.2(2.1) | +---------------------------------------+ Note: Cisco ASA Software versions 7.1.x are affected by some of the vulnerabilities in this advisory. However, no fixed 7.1.x software versions are planned because the 7.1.x major release has reached the End of Software Maintenance Releases milestone. Fixed Cisco ASA Software can be downloaded from: http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT?psrtdcat20e2 Recommended Releases +------------------- Releases 7.0(8.10), 7.2(4.46), 8.0(5.9), 8.1(2.40) (available early March 2010), and 8.2(2.4) are recommended releases because they contain the fixes for all vulnerabilities in this advisory. Cisco recommends upgrading to a release that is equal to or later than these recommended releases. Workarounds =========== TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- It is possible to mitigate this vulnerability for TCP-based services that are offered to known clients. For example, it may be possible to restrict SSH, Cisco ASDM/HTTPS, and Telnet administrative access to known hosts or IP subnetworks. For other services like remote access SSL VPN, where clients connect from unknown hosts and networks, no mitigations exist. SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- These vulnerabilities can be mitigated by disabling SIP inspection if it is not required. Administrators can disable SIP inspection by issuing the "no inspect sip" command in class configuration sub-mode within policy-map configuration. SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- This vulnerability can be mitigated by disabling SCCP inspection if it is not required. Administrators can disable SCCP inspection by issuing the "no inspect skinny" command in class configuration sub-mode within the policy-map configuration. WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ This vulnerability can be mitigated by disabling DTLS transport for WebVPN. Administrators can disable DTLS by issuing the "no svc dtls enable" command under the "webvpn" attributes section of the corresponding group policy. Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- Possible workarounds for this vulnerability are the following: * Migrate from "nailed" static NAT entries to TCP-state bypass. * Use the Cisco AIP-SSM in promiscuous mode. This mode can be configured by issuing the "ips promiscuous" command in "class" configuration mode. * Disable IPS inspection for "nailed" static NAT entries. * If possible, change "nailed" static NAT entries to standard static NAT entries. This may be feasible since in most cases there is no need for allowing IPsec tunnels inside IPsec tunnels. Filtering out UDP port 4500 traffic across an IPsec tunnel can be accomplished by using a VPN filter, as shown in the following example: !-- Deny only UDP port 4500 traffic and allow everything else access-list VPNFILTER extended deny udp any any eq 4500 access-list VPNFILTER extended permit ip any any !-- Create a group policy and specify a VPN filter that uses the !-- previous ACL group-policy VPNPOL internal group-policy VPNPOL attributes vpn-filter value VPNFILTER !-- Reference the group policy with the VPN filter from the tunnel group tunnel-group 172.16.0.1 type ipsec-l2l tunnel-group 172.16.0.1 general-attributes default-group-policy VPNPOL For this workaround to be effective, the group policy needs to be applied to all site-to-site (tunnel type "ipsec-l2l") and remote access (tunnel type "ipsec-ra") tunnel groups. Warning: In addition to filtering out IKE traffic on UDP port 4500, this workaround may also affect other procotols like DNS and SNMP that send traffic on UDP port 4500. For example, if a DNS resolver sends traffic from UDP port 4500 to a DNS server, the response from the DNS server will be destined to UDP port 4500, which then may be filtered out by the filter used in this workaround. For a more comprehensive example of the VPN filter feature of the Cisco ASA 5500 Series Adaptive Security Appliances, refer to the whitepaper "PIX/ASA 7.x and Later: VPN Filter (Permit Specific Port or Protocol) Configuration Example for L2L and Remote Access" available at: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml In addition, if the security appliance does not terminate any tunnels, the vulnerability can be mitigated by disabling IKE by issuing the "no isakmp enable <interface name>" command. NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- If NTLMv1 authentication is required, there are no workarounds for this vulnerability. If NTLMv1 authentication can be substituted by other authentication protocols (LDAP, RADIUS, TACACS+, etc.), it is possible to mitigate the vulnerability. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of any of the vulnerabilities described in this advisory. TCP Connection Exhaustion Denial of Service Vulnerability +-------------------------------------------------------- This vulnerability was discovered during the resolution of a customer service request. SIP Inspection Denial of Service Vulnerabilities +----------------------------------------------- CSCsy91157 was discovered during internal testing. CSCtc96018 was discovered during the resolution of customer service requests. SCCP Inspection Denial of Service Vulnerability +---------------------------------------------- This vulnerability was discovered during the resolution of customer service requests. WebVPN DTLS Denial of Service Vulnerability +------------------------------------------ This vulnerability was discovered during the resolution of customer service requests. Crafted TCP Segment Denial of Service Vulnerability +-------------------------------------------------- This vulnerability was discovered during internal testing. Crafted IKE Message Denial of Service Vulnerability +-------------------------------------------------- This vulnerability was discovered during the resolution of customer service requests. NTLMv1 Authentication Bypass Vulnerability +----------------------------------------- This vulnerability was discovered during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2010-February-17 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2008-2010 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: Feb 17, 2010 Document ID: 111485 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkt8GTYACgkQ86n/Gc8U/uBi6QCfYFKvAUdFrRvusqKoaFmMwfcH XOYAnRymbNOcRg5gmPFMO/zqgm2wOyKQ =JUg3 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/