VARIoT IoT vulnerabilities database
| VAR-201112-0339 | CVE-2011-4679 | vtiger CRM Leads Module Security Vulnerability |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). A vulnerability exists in versions prior to vtiger CRM 5.3.0 that stems from the inability to correctly identify the status of a defective field in the Leads module. vtiger CRM is prone to a security-bypass vulnerability.
Attackers may exploit the issue to bypass certain unspecified security restrictions and gain unauthorized access.
Versions prior to vtiger CRM 5.3.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information
| VAR-201012-0369 | No CVE | D-Link WBR-1310 'tools_admin.cgi' CGI Verification Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The D-Link WBR-1310 is a wireless router. The WBR-1310 CGI script does not validate the authentication credentials, and sending a specially crafted HTTP request to the CGI script bypasses the validation change management settings. D-Link WBR-1310 is prone to an authentication-bypass vulnerability.
Attackers can exploit this issue to bypass authentication, change the administrative password and gain administrative control of the affected device.
D-Link WBR-1310 with firmware version 2.00 is vulnerable; other versions may also be affected
| VAR-201012-0061 | CVE-2010-4599 |
Ecava IntegraXor Untrusted Search Path Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201012-0054 |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. dwmapi.dll It may be possible to get permission through the file. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. An untrusted search path vulnerability exists in Ecava IntegraXor 3.6.4000.0 and earlier. Ecava IntegraXor is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
IntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
IntegraXor Insecure Library Loading Vulnerability
SECUNIA ADVISORY ID:
SA42734
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42734/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42734
RELEASE DATE:
2010-12-23
DISCUSS ADVISORY:
http://secunia.com/advisories/42734/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42734/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42734
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in IntegraXor, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading libraries
(e.g. dwmapi.dll) in an insecure manner. This can be exploited to
load arbitrary libraries by tricking a user into e.g. opening a IGX
file located on a remote WebDAV or SMB share.
The vulnerability is confirmed in version 3.6.4000.0.
SOLUTION:
Do not open untrusted files.
PROVIDED AND/OR DISCOVERED BY:
Mister Teatime
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0060 | CVE-2010-4598 |
Ecava IntegraXor Directory Traversal Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201012-0465 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request. Ecava IntegraXor is a set of tools for creating and running a web-based HMI interface for SCADA systems. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Information harvested may aid in launching further attacks.
IntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
IntegraXor "file_name" File Disclosure Vulnerability
SECUNIA ADVISORY ID:
SA42730
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42730/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42730
RELEASE DATE:
2010-12-23
DISCUSS ADVISORY:
http://secunia.com/advisories/42730/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42730/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42730
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Luigi Auriemma has discovered a vulnerability in IntegraXor, which
can be exploited by malicious people to disclose potentially
sensitive information.
Input passed to the "file_name" parameter in "/<project name>/open"
(where "<project name>" is a valid project) is not properly verified
before being used to display files.
Successful exploitation requires the IntegraXor Server to be started
and running a project (off by default).
The vulnerability is confirmed in version 3.6.4000.0.
SOLUTION:
Restrict access to trusted hosts only (e.g. via network access
control lists).
PROVIDED AND/OR DISCOVERED BY:
Luigi Auriemma
ORIGINAL ADVISORY:
http://aluigi.altervista.org/adv/integraxor_1-adv.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0074 | CVE-2010-4612 |
Hycus CMS of index.php In SQL Injection vulnerability
Related entries in the VARIoT exploits database: VAR-E-201012-0374 |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. NOTE: some of these details are obtained from third party information. (1) user/1/hregister.html To user_name Parameters (2) user/1/hregister.html To usr_email Parameters (3) user/1/hlogin.html To usr_email Parameters (4) user/1/forgotpass.html To useremail Parameters (5) search/1.html To q Parameters. Hycus CMS is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include multiple local file-include and multiple SQL-injection issues.
Exploiting these issues can allow attacker view local files within the context of the webserver, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
Hycus CMS 1.0.3 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Hycus CMS Multiple SQL Injection Vulnerabilities
SECUNIA ADVISORY ID:
SA42567
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42567/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42567
RELEASE DATE:
2010-12-21
DISCUSS ADVISORY:
http://secunia.com/advisories/42567/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42567/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42567
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
High-Tech Bridge SA has discovered some vulnerabilities in Hycus CMS,
which can be exploited by malicious people to conduct SQL injection
attacks. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities are confirmed in version 1.0.3.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
High-Tech Bridge SA
ORIGINAL ADVISORY:
High-Tech Bridge SA:
http://www.htbridge.ch/advisory/sql_injection_in_hycus_cms.html
http://www.htbridge.ch/advisory/sql_injection_in_hycus_cms_1.html
http://www.htbridge.ch/advisory/sql_injection_in_hycus_cms_2.html
http://www.htbridge.ch/advisory/sql_injection_in_hycus_cms_3.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0075 | CVE-2010-4613 |
Hycus CMS Vulnerable to directory traversal
Related entries in the VARIoT exploits database: VAR-E-201012-0374 |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php. Hycus CMS A directory traversal vulnerability exists.By a third party (1) index.php and (2) admin.php To site Parameter .. ( Dot dot ) May contain and execute arbitrary local files via. Hycus CMS is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input.
Exploiting these issues can allow attacker view local files within the context of the webserver, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
Hycus CMS 1.0.3 is vulnerable; other versions may also be affected
| VAR-201012-0044 | CVE-2010-3972 | Microsoft IIS FTP server memory corruption vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information. Microsoft IIS FTP The server contains a memory corruption vulnerability. Microsoft IIS FTP The server contains a memory corruption vulnerability that results from processing a specially crafted request. Attack code using this vulnerability has been released.Denial of service by handling crafted requests (DoS) There is a possibility of being attacked.
Successful exploits may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely crash the FTP service, resulting in denial-of-service conditions.
IIS 7.5 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Microsoft IIS FTP Server Pre-Authentication Memory Corruption
SECUNIA ADVISORY ID:
SA42713
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42713/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42713
RELEASE DATE:
2010-12-23
DISCUSS ADVISORY:
http://secunia.com/advisories/42713/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42713/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42713
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Matthew Bergin has discovered a vulnerability in Microsoft Internet
Information Services (IIS), which can be exploited by malicious
people to cause a DoS (Denial of Service) and potentially compromise
a vulnerable system.
The vulnerability is confirmed in a fully patched IIS 7.5 for Windows
7 Professional.
SOLUTION:
Restrict traffic to the FTP service.
PROVIDED AND/OR DISCOVERED BY:
Matthew Bergin
ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/15803/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA11-039A
Microsoft Updates for Multiple Vulnerabilities
Original release date: February 08, 2011
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
* Microsoft Office
Overview
There are multiple vulnerabilities in Microsoft Windows, Microsoft
Office, and Internet Explorer. Microsoft has released updates to
address these vulnerabilities.
I. Description
The Microsoft Security Bulletin Summary for February 2011 describes
multiple vulnerabilities in Microsoft Windows, Microsoft Office,
and Internet Explorer. Microsoft has released updates to address
the vulnerabilities.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.
III. Solution
Apply updates
Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for February 2011. That
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. In addition, administrators should
consider using an automated update distribution system such as
Windows Server Update Services (WSUS).
IV. References
* Microsoft Security Bulletin Summary for February 2011 -
<http://www.microsoft.com/technet/security/bulletin/ms11-Feb.mspx>
* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA11-039A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA11-039A Feedback VU#257205" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2011 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
February 08, 2011: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTVGdbj6pPKYJORa3AQJugggAhJUAsHHqSW86koLabg56zhZFYa/UB2y0
GyaTBGFYFBwGbUcGkMUwZ8k9V+buNX7di0Cx8jIkx3utPIIE5EL0x4AzWsZw7o4p
lOA6dZdQ5e/LKobdMUlJCZBRiQGlYnvOVaq9mfgK/VzwtK+bDLSC5ia4Oxc/l0oL
ViisOQMCaP+af9P8jAwLfQvxjc+sJDB32vcIWaKMehyag1lS4qtM6NIfxj2INlYk
KAeNUhqHHIeJPb1qmGjGHkE+JHZiTPI5Bp0xg41nrizbxK0uF2LAxekQVxTvQr5D
NC+jdWLKCUc1Sm8zw2nidKmLRXlDs209etfKqbkCK61bnMv59oBYPw==
=HWNB
-----END PGP SIGNATURE-----
| VAR-201012-0256 | CVE-2010-1676 | Tor heap buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. Tor is an implementation of the second generation of onion routing, through which users can communicate anonymously over the Internet. Tor is prone to an unspecified heap-based buffer-overflow vulnerability because it fails to properly validate user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. No additional information is available.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Tor users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.28"
References
==========
[ 1 ] CVE-2010-1676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1676
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201101-02.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Tor Unspecified Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA42536
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42536/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42536
RELEASE DATE:
2010-12-28
DISCUSS ADVISORY:
http://secunia.com/advisories/42536/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42536/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42536
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Tor, which can be exploited by
malicious people to cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.
SOLUTION:
Update to version 0.2.1.28.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Willem Pinckaers.
ORIGINAL ADVISORY:
https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog
http://archives.seul.org/or/announce/Dec-2010/msg00000.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. By supplying
specially crafted packets a remote attacker can cause Tor to overflow its
heap, crashing the process. Arbitrary code execution has not been
confirmed but there is a potential risk.
In the stable distribution (lenny), this update also includes an update of
the IP address for the Tor directory authority gabelmoo and addresses
a weakness in the package's postinst maintainer script.
For the stable distribution (lenny) this problem has been fixed in
version 0.2.1.26-1~lenny+4.
For the testing distribution (squeeze) and the unstable distribution (sid),
this problem has been fixed in version 0.2.1.26-6.
We recommend that you upgrade your tor packages.
Upgrade instructions
- --------------------
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk0RRVsACgkQYy49rUbZzlp2mACeP+489ptl1vz0BQoJW1F2w9x4
K4oAnAjVvOvl898mVCeSJRhkKtEXT5nG
=eMo2
-----END PGP SIGNATURE-----
. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system
| VAR-201012-0370 | No CVE | D-Link DIR-300 \"tools_admin.php\" Cross-Site Request Forgery Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The D-Link DIR-300 is a wireless G broadband router. D-Link DIR-300 has a cross-site scripting forgery vulnerability in its implementation. An attacker could exploit this vulnerability to run an authorization command on an affected device, change the configuration, cause a denial of service, or inject arbitrary script code. Other attacks are also possible.
This issue affects D-Link DIR-300 running firmware 1.04
| VAR-201012-0372 | No CVE | Multiple Time Security Vulnerabilities in Apple Time Capsule/AirPort Base Station |
CVSS V2: - CVSS V3: - Severity: - |
Apple Time Capsule is a wireless attached storage device that combines wireless built-in gateway routing from Apple. Apple AirPort Extreme is a wireless solution for home, school and small businesses. Apple Time Capsule and AirPort Base Station have multiple remote security vulnerabilities that an attacker can use to bypass certain security restrictions and cause a denial of service. Other attacks are also possible.
This BID is being retired
| VAR-201012-0014 | CVE-2010-0039 | plural Apple Run on product Application-Level Gateway Of devices in IP Address used vulnerabilities |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server. Apple Time Capsule is a solution that allows Macs and PCs to back up data over a wireless network. AirPort Base Station is a wireless base station. Since the data is retransmitted from the base station, it is possible to bypass some IP-based services.
NOTE: This issue was previously discussed in BID 45466 (Apple Time Capsule and AirPort Base Station Multiple Remote Vulnerabilities) but has been given its own record to better document it. Time Capsule is a backup tool developed by Apple, specially designed for Time Machine of Mac system. By sending a maliciously
crafted SNMPv3 packet, an attacker may cause the SNMP server to
terminate, denying service to legitimate clients. By default, the
'WAN SNMP' configuration option is disabled, and the SNMP service is
accessible only to other devices on the local network. This issue is
addressed by applying the Net-SNMP patches.
CVE-ID: CVE-2009-2189
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: Receiving a large number of IPv6 Router Advertisement (RA)
and Neighbor Discovery (ND) packets from a system on the local
network may cause the base station to restart
Description: A resource consumption issue exists in the base
station's handling of Router Advertisement (RA) and Neighbor
Discovery (ND) packets. A system on the local network may send a
large number of RA and ND packets that could exhaust the base
station's resources, causing it to restart unexpectedly. This issue
is addressed by rate limiting incoming ICMPv6 packets. Credit to
Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed
Co., Shirahata Shin and Rodney Van Meter of Keio University, and
Tatuya Jinmei of Internet Systems Consortium, Inc. for reporting this
issue. This issue is addressed by not rewriting inbound
PORT commands via the ALG. Credit to Sabahattin Gucukoglu for
reporting this issue. This issue is addressed
through improved validation of fragmented ISAKMP packets.
Sending a maliciously crafted DHCP reply to the device may cause it
to stop responding to network traffic. This issue affects devices
that have been configured to act as a bridge, or are configured in
Network Address Translation (NAT) mode with a default host enabled.
By default, the device operates in NAT mode, and no default host is
configured. This update addresses the issue through improved handling
of DHCP packets on the network bridge. Credit to Stefan R. Filipek
for reporting this issue.
It is recommended that AirPort Utility 5.5.2 be installed before
upgrading to Firmware version 7.5.2.
AirPort Utility 5.5.2 may be obtained through Apple's Software
Download site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJNCWXyAAoJEGnF2JsdZQeevTQH/0856gTUzzmL371/nSkhn3qq
MCPQVaEMe8O/jy96nlskwzp3X0X0QmXePok1enp6QhDhHm0YL3a4q7YHd4zjm6mM
JUoVR4JJRSKOb1bVdEXqo+qG/PH7/5ywfrGas+MjOshMa3gnhYVee39N7Xtz0pHD
3ZllZRwGwad1sQLL7DhJKZ92z6t2GfHoJyK4LZNemkQAL1HyUu7Hj9SlljcVB+Ub
xNnpmBXJcCZzp4nRQM+fbLf6bdZ1ua5DTc1pXC8vETtxyHc53G/vLCu8SKBnTBlK
JmkpGwG5fXNuYLL8ArFUuEu3zhE7kfdeftUrEez3YeL2DgU9iB8m8RkuuSrVJEY=
=WPH8
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple AirPort / Time Capsule Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42665
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42665/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42665
RELEASE DATE:
2010-12-26
DISCUSS ADVISORY:
http://secunia.com/advisories/42665/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42665/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42665
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple Airport Extreme
and Time Capsule, which can be exploited by malicious users to bypass
certain security restrictions and by malicious people to cause a DoS
(Denial of Service).
1) An error when handling SNMP requests can be exploited to cause a
crash.
4) An error when handling fragmented ISAKMP packets can be exploited
to cause a crash of the racoon daemon.
SOLUTION:
Update to firmware version 7.5.2 (please see the vendor's advisory
for details).
3) Sabahattin Gucukoglu.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4298
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0318 | CVE-2010-1804 |
plural Apple Service disruption in the network bridge function running on the product (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201012-0534 |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply. plural Apple The network bridge function that operates on the product has a service interruption. (DoS) There is a vulnerability that becomes a condition.Skillfully crafted by a third party DHCP Service interruption through response (DoS) There is a possibility of being put into a state. Apple Time Capsule is a solution that allows Macs and PCs to back up data over a wireless network. AirPort Base Station is a wireless base station. There is an error in the bridge implementation, and sending a maliciously constructed DHCP reply to the device can cause the device to stop responding to network communications. This vulnerability affects devices that are used by the bridge, or devices that have NAT mode enabled by default. Time Capsule is a backup tool developed by Apple, specially designed for Time Machine of Mac system. By sending a maliciously
crafted SNMPv3 packet, an attacker may cause the SNMP server to
terminate, denying service to legitimate clients. By default, the
'WAN SNMP' configuration option is disabled, and the SNMP service is
accessible only to other devices on the local network. This issue is
addressed by applying the Net-SNMP patches. A system on the local network may send a
large number of RA and ND packets that could exhaust the base
station's resources, causing it to restart unexpectedly. This issue
is addressed by rate limiting incoming ICMPv6 packets. Credit to
Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed
Co., Shirahata Shin and Rodney Van Meter of Keio University, and
Tatuya Jinmei of Internet Systems Consortium, Inc. for reporting this
issue. An
attacker with write access to an FTP server inside the NAT may issue
a malicious PORT command, causing the ALG to send attacker-supplied
data to an IP and port behind the NAT. As the data is resent from the
Base Station, it could potentially bypass any IP-based restrictions
for the service. This issue is addressed by not rewriting inbound
PORT commands via the ALG. Credit to Sabahattin Gucukoglu for
reporting this issue. This issue is addressed
through improved validation of fragmented ISAKMP packets. This update addresses the issue through improved handling
of DHCP packets on the network bridge. Credit to Stefan R. Filipek
for reporting this issue.
It is recommended that AirPort Utility 5.5.2 be installed before
upgrading to Firmware version 7.5.2.
AirPort Utility 5.5.2 may be obtained through Apple's Software
Download site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJNCWXyAAoJEGnF2JsdZQeevTQH/0856gTUzzmL371/nSkhn3qq
MCPQVaEMe8O/jy96nlskwzp3X0X0QmXePok1enp6QhDhHm0YL3a4q7YHd4zjm6mM
JUoVR4JJRSKOb1bVdEXqo+qG/PH7/5ywfrGas+MjOshMa3gnhYVee39N7Xtz0pHD
3ZllZRwGwad1sQLL7DhJKZ92z6t2GfHoJyK4LZNemkQAL1HyUu7Hj9SlljcVB+Ub
xNnpmBXJcCZzp4nRQM+fbLf6bdZ1ua5DTc1pXC8vETtxyHc53G/vLCu8SKBnTBlK
JmkpGwG5fXNuYLL8ArFUuEu3zhE7kfdeftUrEez3YeL2DgU9iB8m8RkuuSrVJEY=
=WPH8
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple AirPort / Time Capsule Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42665
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42665/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42665
RELEASE DATE:
2010-12-26
DISCUSS ADVISORY:
http://secunia.com/advisories/42665/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42665/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42665
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple Airport Extreme
and Time Capsule, which can be exploited by malicious users to bypass
certain security restrictions and by malicious people to cause a DoS
(Denial of Service).
1) An error when handling SNMP requests can be exploited to cause a
crash.
4) An error when handling fragmented ISAKMP packets can be exploited
to cause a crash of the racoon daemon.
SOLUTION:
Update to firmware version 7.5.2 (please see the vendor's advisory
for details).
3) Sabahattin Gucukoglu.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4298
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0005 | CVE-2009-2189 |
plural Apple Run on product ICMPv6 Service disruption in implementation (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201012-0906 |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets. Apple Time Capsule is a solution that allows Macs and PCs to back up data over a wireless network. AirPort Base Station is a wireless base station. When the base station processes the Router Advertisement (RA) and the Neighbor Discovery (ND) message, there is a resource exhaustion error. The system on the local network sends a large number of RA and ND messages, which may cause all resources of the base station to be consumed and automatically started.
An attacker can exploit this issue to cause an affected device to restart, triggering a denial-of-service condition for legitimate users.
NOTE: This issue was previously discussed in BID 45466 (Apple Time Capsule and AirPort Base Station Multiple Remote Vulnerabilities) but has been given its own record to better document it. Time Capsule is a backup tool developed by Apple, specially designed for Time Machine of Mac system. By sending a maliciously
crafted SNMPv3 packet, an attacker may cause the SNMP server to
terminate, denying service to legitimate clients. By default, the
'WAN SNMP' configuration option is disabled, and the SNMP service is
accessible only to other devices on the local network. This issue is
addressed by applying the Net-SNMP patches. This issue
is addressed by rate limiting incoming ICMPv6 packets. Credit to
Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed
Co., Shirahata Shin and Rodney Van Meter of Keio University, and
Tatuya Jinmei of Internet Systems Consortium, Inc. for reporting this
issue. An
attacker with write access to an FTP server inside the NAT may issue
a malicious PORT command, causing the ALG to send attacker-supplied
data to an IP and port behind the NAT. As the data is resent from the
Base Station, it could potentially bypass any IP-based restrictions
for the service. This issue is addressed by not rewriting inbound
PORT commands via the ALG. Credit to Sabahattin Gucukoglu for
reporting this issue. This issue is addressed
through improved validation of fragmented ISAKMP packets.
Sending a maliciously crafted DHCP reply to the device may cause it
to stop responding to network traffic. This issue affects devices
that have been configured to act as a bridge, or are configured in
Network Address Translation (NAT) mode with a default host enabled.
By default, the device operates in NAT mode, and no default host is
configured. This update addresses the issue through improved handling
of DHCP packets on the network bridge. Credit to Stefan R. Filipek
for reporting this issue.
It is recommended that AirPort Utility 5.5.2 be installed before
upgrading to Firmware version 7.5.2.
AirPort Utility 5.5.2 may be obtained through Apple's Software
Download site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJNCWXyAAoJEGnF2JsdZQeevTQH/0856gTUzzmL371/nSkhn3qq
MCPQVaEMe8O/jy96nlskwzp3X0X0QmXePok1enp6QhDhHm0YL3a4q7YHd4zjm6mM
JUoVR4JJRSKOb1bVdEXqo+qG/PH7/5ywfrGas+MjOshMa3gnhYVee39N7Xtz0pHD
3ZllZRwGwad1sQLL7DhJKZ92z6t2GfHoJyK4LZNemkQAL1HyUu7Hj9SlljcVB+Ub
xNnpmBXJcCZzp4nRQM+fbLf6bdZ1ua5DTc1pXC8vETtxyHc53G/vLCu8SKBnTBlK
JmkpGwG5fXNuYLL8ArFUuEu3zhE7kfdeftUrEez3YeL2DgU9iB8m8RkuuSrVJEY=
=WPH8
-----END PGP SIGNATURE-----
| VAR-201012-0059 | CVE-2010-4597 |
Ecava IntegraXor Remote Stack Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201012-0376 |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument. Ecava IntegraXor Contains a buffer overflow vulnerability. Ecava IntegraXor Is 1024 Writing over bytes can cause a buffer overflow on the stack.Ecava IntegraXor Service disruption by a third party with access to (DoS) An attacker may be able to attack or execute arbitrary code. Ecava IntegraXor is a human interface product that uses HTML and SVG. When sending a request that exceeds 1024 bytes, IntegraXor will write out the buffer and destroy the memory. Successful exploitation of a vulnerability can execute arbitrary instructions in an application security context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
IntegraXor Project ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA42650
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42650/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42650
RELEASE DATE:
2010-12-27
DISCUSS ADVISORY:
http://secunia.com/advisories/42650/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42650/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42650
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in IntegraXor, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is confirmed in version 3.5.3900.5. Other versions
may also be affected.
SOLUTION:
Update to version 3.5.3900.10 or later.
PROVIDED AND/OR DISCOVERED BY:
Jeremy Brown
ORIGINAL ADVISORY:
IntegraXor:
http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0376 | No CVE | LiteSpeed Web Server HTTP Header Handling Buffer Overflow Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
LiteSpeed Web Server is a high performance web server. In the process of processing HTTP headers, the LSAPI PHP extension (lsphp) has a boundary error, and submitting a super long header field (greater than 255 bytes) through a WEB request can trigger a stack-based buffer overflow. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
LiteSpeed Web Server HTTP Header Processing Buffer Overflow
Vulnerability
SECUNIA ADVISORY ID:
SA42592
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42592/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42592
RELEASE DATE:
2010-12-21
DISCUSS ADVISORY:
http://secunia.com/advisories/42592/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42592/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42592
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Kingcope has discovered a vulnerability in LiteSpeed Web Server,
which can be exploited by malicious people to compromise a vulnerable
system.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 4.0.18 Standard. Other
versions may also be affected.
SOLUTION:
Restrict access to trusted hosts only (e.g. via network access
control lists).
PROVIDED AND/OR DISCOVERED BY:
Kingcope
ORIGINAL ADVISORY:
http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0188.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0265 | CVE-2010-4114 | HP DDMI Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. HP Discovery & Dependency Mapping Inventory is a solution that automatically discovers and records client devices to help IT departments manage and control costs and risks.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The issue affects DDMI 2.5x, 7.5x, and 7.6x running on Windows. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02655735
Version: 1
HPSBMA02617 SSRT100338 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Cross SIte Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. The vulnerability could be exploited remotely resulting in cross site scripting (XSS).
References: CVE-2010-4114
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
The patches can be downloaded from http://support.openview.hp.com/selfsolve/patches
HP Discovery & Dependency Mapping Inventory (DDMI)
Patch Number
v2.52
HPED_00478
v7.51
HPED_00479
v7.61
HPED_00480
HISTORY
Version:1 (rev.1) - 15 December 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk0JLpAACgkQ4B86/C0qfVmuzQCfbwjqxQUhHyojClq8ZpU+5N+r
GtIAoJQ7gKjDMWjA2M0oXeu5MbKhbCda
=69Te
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Certain unspecified input is not properly sanitised before being
returned to the user.
SOLUTION:
Apply patches.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBMA02617 SSRT100338:
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02655735
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201101-0018 | CVE-2010-4566 | Citrix Access Gateway of Web An arbitrary command execution vulnerability in the authentication form |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field. Citrix Access Gateway is a universal SSL VPN device. A remote attacker can inject arbitrary commands and execute with \"root\" user rights. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Citrix Access Gateway Legacy Authentication Command Injection
Vulnerability
SECUNIA ADVISORY ID:
SA42638
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42638/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42638
RELEASE DATE:
2010-12-24
DISCUSS ADVISORY:
http://secunia.com/advisories/42638/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42638/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42638
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Citrix Access Gateway, which can
be exploited by malicious people to compromise a vulnerable system.
Migrate to a different authentication method.
PROVIDED AND/OR DISCOVERED BY:
George D. Gal, VSR
ORIGINAL ADVISORY:
Citrix CTX127613:
http://support.citrix.com/article/CTX127613
VSR:
http://www.vsecurity.com/resources/advisory/20101221-1/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0197 | CVE-2010-2603 | BlackBerry Desktop Software Vulnerable to decrypting encrypted files |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack. BlackBerry Desktop Software is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
The issue affects the following:
BlackBerry Desktop Software 4.7 (PC OS)
BlackBerry Desktop Software 5.0 (PC OS)
BlackBerry Desktop Software 6.0 (PC OS)
BlackBerry Desktop Software 1.0 (Mac OS). ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
BlackBerry Desktop Software Backup File Brute Force Weakness
SECUNIA ADVISORY ID:
SA42657
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42657/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42657
RELEASE DATE:
2010-12-25
DISCUSS ADVISORY:
http://secunia.com/advisories/42657/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42657/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42657
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness has been reported in BlackBerry Desktop Software, which
can be exploited by malicious people to conduct brute force attacks.
The weakness is reported in version 6.0.
SOLUTION:
Update to version 6.0.1.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits ElcomSoft.
ORIGINAL ADVISORY:
http://www.blackberry.com/btsc/KB24764
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0105 | CVE-2010-4556 | SAP NetWeaver Business Client ActiveX Control Remote Code Execution Vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Execute arbitrary code.
-- Vendor Response:
SAP has issued an update to correct this vulnerability. More
details can be found at:
https://service.sap.com/sap/support/notes/1519966
-- Disclosure Timeline:
2010-09-30 - Vulnerability reported to vendor
2010-12-14 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Alexandr Polyakov, Alexey Sintsov from Digital Security Research Group
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SAP NetWeaver Business Client "SapThemeRepository" ActiveX Control
Buffer Overflow
SECUNIA ADVISORY ID:
SA35796
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/35796/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=35796
RELEASE DATE:
2010-12-22
DISCUSS ADVISORY:
http://secunia.com/advisories/35796/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/35796/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=35796
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in SAP NetWeaver Business Client,
which can be exploited by malicious people to compromise a user's
system.
SOLUTION:
Apply patch (please see SAP's security note 1519966).
PROVIDED AND/OR DISCOVERED BY:
Alexandr Polyakov and Alexey Sintsov, Digital Security Research
Group, reported via ZDI.
ORIGINAL ADVISORY:
SAP:
https://service.sap.com/sap/support/notes/1519966
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-10-290/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0203 | CVE-2010-2590 |
SAP Crystal Reports Print ActiveX Control Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201012-0459, VAR-E-201012-0460 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value. SAP Crystal Reports is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. The issue affects the 'CrystalReports12.CrystalPrintControl.1' ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
Crystal Reports 2008 SP3 Fix Pack 3.2 Print ActiveX (12.3.2.753) is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SAP Crystal Reports Print ActiveX Control Buffer Overflow
Vulnerability
SECUNIA ADVISORY ID:
SA42305
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42305/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42305
RELEASE DATE:
2010-12-21
DISCUSS ADVISORY:
http://secunia.com/advisories/42305/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42305/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42305
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Secunia Research has discovered a vulnerability in SAP Crystal
Reports, which can be exploited by malicious people to compromise a
user's system. Other versions may also be
affected.
SOLUTION:
Apply a workaround (please see SAP's security note 1539269).
Independently discovered and disclosed by Dr_IDE.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2010-135/
Dr_IDE:
http://pocoftheday.blogspot.com/2010/12/crystal-reports-viewer-1200549-activex.html
SAP:
https://service.sap.com/sap/support/notes/1539269
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
======================================================================
2) Severity
Rating: Highly critical
Impact: System access
Where: Remote
======================================================================
3) Vendor's Description of Software
"SAP Crystal Reports software enables you to easily design interactive
reports and connect them to virtually any data source. Your users can
benefit from on-report sorting and filtering giving them the power to
execute decisions instantly."
Product Link:
http://www.sap.com/solutions/sap-crystal-solutions/index.epx
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in SAP Crystal
Reports, which can be exploited by malicious people to compromise a
user's system.
Successful exploitation allows execution of arbitrary code.
======================================================================
6) Time Table
19/11/2010 - Vendor notified.
19/11/2010 - Vendor response.
24/11/2010 - Vendor confirms the vulnerability.
14/12/2010 - Independent discovery and public disclosure by a third
party.
14/12/2010 - Public disclosure.
======================================================================
7) Credits
Discovered by Dmitriy Pletnev, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2010-2590 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2010-135/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================