VARIoT IoT vulnerabilities database
| VAR-201011-0059 | CVE-2010-3831 | Apple iOS of Photos In MobileMe Account password read vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action. Apple iOS is prone to a security-bypass vulnerability that affects the Photo component.
An attacker can exploit this issue to gain access to a 'MobileMe' account password. Apple iOS is the most advanced mobile operating system from Apple. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42314
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42314/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42314
RELEASE DATE:
2010-11-24
DISCUSS ADVISORY:
http://secunia.com/advisories/42314/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42314/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42314
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people to conduct cross-site scripting and
spoofing attacks, disclose sensitive information, bypass certain
security restrictions, or to compromise a user's system.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4456
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0052 | CVE-2010-3830 | Apple iOS of Networking Elevation of privilege vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. Apple iOS is prone to a local privilege-escalation vulnerability.
Local attackers running malicious code can exploit this issue to elevate their privileges. Successful attacks will completely compromise an affected device. Local users gain privileges through unidentified vectors. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42314
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42314/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42314
RELEASE DATE:
2010-11-24
DISCUSS ADVISORY:
http://secunia.com/advisories/42314/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42314/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42314
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people to conduct cross-site scripting and
spoofing attacks, disclose sensitive information, bypass certain
security restrictions, or to compromise a user's system.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4456
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0050 | CVE-2010-3828 | Apple iOS of iAd Content Display Can make phone calls |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. Apple iOS is prone to a security-bypass vulnerability that may result in the placing of arbitrary telephone calls. This issue affects iAd Content Display.
An attacker can invoke telephone calls on an affected device by enticing an unsuspecting user to visit a specially crafted web page that contains a URL Scheme associated with initiating a telephone call. Apple iOS is the most advanced mobile operating system from Apple. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42314
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42314/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42314
RELEASE DATE:
2010-11-24
DISCUSS ADVISORY:
http://secunia.com/advisories/42314/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42314/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42314
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people to conduct cross-site scripting and
spoofing attacks, disclose sensitive information, bypass certain
security restrictions, or to compromise a user's system.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4456
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0049 | CVE-2010-3827 | Apple iOS Vulnerabilities that are spoofed profiles |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors. Apple iOS for iPhone, iPod touch, and iPad are prone to a security-bypass vulnerability that affects the Configuration Profiles component.
An attacker can exploit this issue to bypass the signature-validation mechanism. Successful exploits will allow an attacker to mislead an unsuspecting victim. Apple iOS is the most advanced mobile operating system from Apple. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42314
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42314/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42314
RELEASE DATE:
2010-11-24
DISCUSS ADVISORY:
http://secunia.com/advisories/42314/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42314/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42314
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people to conduct cross-site scripting and
spoofing attacks, disclose sensitive information, bypass certain
security restrictions, or to compromise a user's system.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4456
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0051 | CVE-2010-3829 | Apple iOS of WebKit In Mail Vulnerability that bypasses remote image loading settings |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. WebKit is prone to a security-bypass vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into viewing a malicious email.
Successful exploits will allow clients to send requests to attacker-specified servers which helps attackers determine whether the email message was viewed or not. Apple iOS is the most advanced mobile operating system from Apple. Permissions and access control vulnerabilities exist in WebKit in versions prior to Apple iOS 4.2. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6
Safari 5.1 and Safari 5.0.6 are now available and address the
following:
CFNetwork
Available for: Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: In certain situations, Safari may treat a file as HTML,
even if it is served with the 'text/plain' content type. This may
lead to a cross-site scripting attack on sites that allow untrusted
users to post text files. This issue is addressed through improved
handling of 'text/plain' content.
CVE-ID
CVE-2010-1420 : Hidetake Jo working with Microsoft Vulnerability
Research (MSVR), Neal Poole of Matasano Security
CFNetwork
Available for: Windows 7, Vista, XP SP2 or later
Impact: Authenticating to a maliciously crafted website may lead to
arbitrary code execution
Description: The NTLM authentication protocol is susceptible to a
replay attack referred to as credential reflection. Authenticating to
a maliciously crafted website may lead to arbitrary code execution.
To mitigate this issue, Safari has been updated to utilize protection
mechanisms recently added to Windows. This issue does not affect Mac
OS X systems.
CVE-ID
CVE-2010-1383 : Takehiro Takahashi of IBM X-Force Research
CFNetwork
Available for: Windows 7, Vista, XP SP2 or later
Impact: A root certificate that is disabled may still be trusted
Description: CFNetwork did not properly validate that a certificate
was trusted for use by a SSL server. As a result, if the user had
marked a system root certificate as not trusted, Safari would still
accept certificates signed by that root. This issue is addressed
through improved certificate validation. This issue does not affect
Mac OS X systems.
CVE-ID
CVE-2011-0214 : An anonymous reporter
ColorSync
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution
Description: An integer overflow existed in the handling of images
with an embedded ColorSync profile, which may lead to a heap buffer
overflow. Opening a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution. For Mac OS X v10.5 systems, this issue
is addressed in Security Update 2011-004.
CVE-ID
CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day
Initiative
CoreFoundation
Available for: Windows 7, Vista, XP SP2 or later
Impact: Applications that use the CoreFoundation framework may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: An off-by-one buffer overflow issue existed in the
handling of CFStrings. Applications that use the CoreFoundation
framework may be vulnerable to an unexpected application termination
or arbitrary code execution. For Mac OS X v10.6 systems, this issue
is addressed in Mac OS X v10.6.8.
CVE-ID
CVE-2011-0201 : Harry Sintonen
CoreGraphics
Available for: Windows 7, Vista, XP SP2 or later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in the handling of
Type 1 fonts. Viewing or downloading a document containing a
maliciously crafted embedded font may lead to arbitrary code
execution. For Mac OS X v10.6 systems, this issue is addressed in Mac
OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in
Security Update 2011-004.
CVE-ID
CVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert
of the Google Security Team
International Components for Unicode
Available for: Windows 7, Vista, XP SP2 or later
Impact: Applications that use ICU may be vulnerable to an unexpected
application termination or arbitrary code execution
Description: A buffer overflow issue existed in ICU's handling of
uppercase strings. Applications that use ICU may be vulnerable to an
unexpected application termination or arbitrary code execution. For
Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.
CVE-ID
CVE-2011-0206 : David Bienvenu of Mozilla
ImageIO
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in ImageIO's handling of
TIFF images. Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution. For
Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.
For Mac OS X v10.5 systems, this issue is addressed in Security
Update 2011-004.
CVE-ID
CVE-2011-0204 : Dominic Chell of NGS Secure
ImageIO
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in ImageIO's handling of
CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF
image may lead to an unexpected application termination or arbitrary
code execution.
CVE-ID
CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies
ImageIO
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: A reentrancy issue existed in ImageIO's handling of
TIFF images. Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution. This
issue does not affect Mac OS X systems.
CVE-ID
CVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP
ImageIO
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in ImageIO's handling of
TIFF images. Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution. For
Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.
For Mac OS X v10.5 systems, this issue is addressed in Security
Update 2011-004.
CVE-ID
CVE-2011-0204 : Dominic Chell of NGS Secure
libxslt
Available for: Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to the
disclosure of addresses on the heap
Description: libxslt's implementation of the generate-id() XPath
function disclosed the address of a heap buffer. Visiting a
maliciously crafted website may lead to the disclosure of addresses
on the heap. This issue is addressed by generating an ID based on the
difference between the addresses of two heap buffers. For Mac OS X
v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac
OS X v10.5 systems, this issue is addressed in Security Update
2011-004.
CVE-ID
CVE-2011-0195 : Chris Evans of the Google Chrome Security Team
libxml
Available for: Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A one-byte heap buffer overflow existed in libxml's
handling of XML data. Visiting a maliciously crafted website may lead
to an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-0216 : Billy Rios of the Google Security Team
Safari
Available for: Mac OS X v10.6.8 or later,
Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later
Impact: If the "AutoFill web forms" feature is enabled, visiting a
maliciously crafted website and typing may lead to the disclosure of
information from the user's Address Book
Description: Safari's "AutoFill web forms" feature filled in non-
visible form fields, and the information was accessible by scripts on
the site before the user submitted the form. This issue is addressed
by displaying all fields that will be filled, and requiring the
user's consent before AutoFill information is available to the form.
CVE-ID
CVE-2011-0217 : Florian Rienhardt of BSI, Alex Lambert, [Jeremiah
Grossman]
Safari
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,
Windows 7, Vista, XP SP2 or later
Impact: With a certain Java configuration, visiting a malicious
website may lead to unexpected text being displayed on other sites
Description: A cross origin issue existed in the handling of Java
Applets. This applies when Java is enabled in Safari, and Java is
configured to run within the browser process. Fonts loaded by a Java
applet could affect the display of text content from other sites.
This issue is addressed by running Java applets in a separate
process.
CVE-ID
CVE-2011-0219 : Joshua Smith of Kaon Interactive
WebKit
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
Visiting a maliciously crafted website may lead to an unexpected
application termination or arbitrary code execution.
CVE-ID
CVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability
Research (MSVR), wushi of team509, and Yong Li of Research In Motion
Ltd
CVE-2011-0164 : Apple
CVE-2011-0218 : SkyLined of Google Chrome Security Team
CVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS
Research Team, and Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with
iDefense VCP
CVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative
CVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-0234 : Rob King working with TippingPoint's Zero Day
Initiative, wushi of team509 working with TippingPoint's Zero Day
Initiative, wushi of team509 working with iDefense VCP
CVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-0237 : wushi of team509 working with iDefense VCP
CVE-2011-0238 : Adam Barth of Google Chrome Security Team
CVE-2011-0240 : wushi of team509 working with iDefense VCP
CVE-2011-0253 : Richard Keen
CVE-2011-0254 : An anonymous researcher working with TippingPoint's
Zero Day Initiative
CVE-2011-0255 : An anonymous researcher working with TippingPoint's
Zero Day Initiative
CVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc
CVE-2011-0983 : Martin Barbella
CVE-2011-1109 : Sergey Glazunov
CVE-2011-1114 : Martin Barbella
CVE-2011-1115 : Martin Barbella
CVE-2011-1117 : wushi of team509
CVE-2011-1121 : miaubiz
CVE-2011-1188 : Martin Barbella
CVE-2011-1203 : Sergey Glazunov
CVE-2011-1204 : Sergey Glazunov
CVE-2011-1288 : Andreas Kling of Nokia
CVE-2011-1293 : Sergey Glazunov
CVE-2011-1296 : Sergey Glazunov
CVE-2011-1449 : Marek Majkowski, wushi of team 509 working with
iDefense VCP
CVE-2011-1451 : Sergey Glazunov
CVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-1457 : John Knottenbelt of Google
CVE-2011-1462 : wushi of team509
CVE-2011-1797 : wushi of team509
WebKit
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A configuration issue existed in WebKit's use of
libxslt. Visiting a maliciously crafted website may lead to arbitrary
files being created with the privileges of the user, which may lead
to arbitrary code execution. This issue is addressed through improved
libxslt security settings.
CVE-ID
CVE-2011-1774 : Nicolas Gregoire of Agarri
WebKit
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
information disclosure
Description: A cross-origin issue existed in the handling of Web
Workers. Visiting a maliciously crafted website may lead to an
information disclosure.
CVE-ID
CVE-2011-1190 : Daniel Divricean of divricean.ro
WebKit
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of URLs
with an embedded username. Visiting a maliciously crafted website may
lead to a cross-site scripting attack. This issue is addressed
through improved handling of URLs with an embedded username.
CVE-ID
CVE-2011-0242 : Jobert Abma of Online24
WebKit
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of DOM
nodes. Visiting a maliciously crafted website may lead to a cross-
site scripting attack.
CVE-ID
CVE-2011-1295 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,
Windows 7, Vista, XP SP2 or later
Impact: A maliciously crafted website may be able to cause a
different URL to be shown in the address bar
Description: A URL spoofing issue existed in the handling of the DOM
history object. A maliciously crafted website may have been able to
cause a different URL to be shown in the address bar.
CVE-ID
CVE-2011-1107 : Jordi Chancel
WebKit
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,
Windows 7, Vista, XP SP2 or later
Impact: Subscribing to a maliciously crafted RSS feed and clicking
on a link within it may lead to an information disclosure
Description: A canonicalization issue existed in the handling of
URLs. Subscribing to a maliciously crafted RSS feed and clicking on a
link within it may lead to arbitrary files being sent from the user's
system to a remote server. This update addresses the issue through
improved handling of URLs.
CVE-ID
CVE-2011-0244 : Jason Hullinger
WebKit
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,
Windows 7, Vista, XP SP2 or later
Impact: Applications that use WebKit, such as mail clients, may
connect to an arbitrary DNS server upon processing HTML content
Description: DNS prefetching was enabled by default in WebKit.
Applications that use WebKit, such a s mail clients, may connect to
an arbitrary DNS server upon processing HTML content. This update
addresses the issue by requiring applications to opt in to DNS
prefetching.
CVE-ID
CVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd.
Note: Safari 5.1 is included with OS X Lion.
Safari 5.1 and Safari 5.0.6 address the same set of security
issues. Safari 5.1 is provided for Mac OS X v10.6,
and Windows systems. Safari 5.0.6 is provided for
Mac OS X v10.5 systems.
Safari 5.1 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari 5.0.6 is available via the Apple Software Update
application, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Safari for Mac OS X v10.6.8 and later
The download file is named: Safari5.1SnowLeopard.dmg
Its SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24
Safari for Mac OS X v10.5.8
The download file is named: Safari5.0.6Leopard.dmg
Its SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f
Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b
Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJOJI45AAoJEGnF2JsdZQeezHQIALKZms5tzYgYxUSdxmo+DmYw
up9gAmEVcltZvCeVS1lUxfjqnRiGRSWyuou8Ynt9PfGQCz9GfLvzlrCHc5rsnKaD
MeYY1IH7lQc6aqmV0hwb4nUL5qJntP6G5Ai0E/0UiRQNC/ummS+qnmdsiFo78ODY
nKaB5cAWhqGHgOAPnUG0JwmxpYgR2HEtGYJSqlYykMwt1vnlAr5hHVNaUJcJ3Hlb
vesN6fB7zQMiJVo8+iJBixCvIYlbII5HnVAmD1ToyKgENg4Iguo46YBMVr8DPgF/
KD2s0+VF/O4utYVX0GiRGReVyq1PMvz/HI23ym8U3LjbezXD/AALQET0Q2hUEYQ=
=fOfF
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42314
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42314/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42314
RELEASE DATE:
2010-11-24
DISCUSS ADVISORY:
http://secunia.com/advisories/42314/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42314/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42314
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people to conduct cross-site scripting and
spoofing attacks, disclose sensitive information, bypass certain
security restrictions, or to compromise a user's system.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4456
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0285 | No CVE | Fujitsu Interstage Multiple Product IP Address Restriction Bypass Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: LOW |
There are security vulnerabilities in multiple Fujitsu Interstage products that allow malicious users to bypass some security restrictions. When access is restricted by IP, an attacker can exploit the vulnerability to submit requests using impermissible IP addresses, bypassing restrictions, and obtaining sensitive information.
Successful exploits may allow attackers to bypass detection rules; this may aid in further attacks.
Given the nature of this issue, attackers may also be able to access sensitive information. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Fujitsu Interstage Products IP Address Restriction Bypass Security
Issue
SECUNIA ADVISORY ID:
SA42266
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42266/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42266
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42266/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42266/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42266
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A security issue has been reported in multiple Fujitsu Interstage
products, which can be exploited by malicious people to bypass
certain security restrictions.
Please see the vendor's advisory for a list of affected products and
versions.
SOLUTION:
Apply patches (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.fujitsu.com/global/support/software/security/products-f/interstage-201006e.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0264 | CVE-2010-3909 |
vtiger CRM of config.template.php Vulnerable to arbitrary code execution
Related entries in the VARIoT exploits database: VAR-E-201011-0943 |
CVSS V2: 6.0 CVSS V3: - Severity: MEDIUM |
Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree. vtiger CRM is prone to a remote security vulnerability. vtiger CRM is an open source web-based customer relationship management system. There is an incomplete blacklist vulnerability in the config.template.php file in vtiger CRM versions prior to 5.2.1. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42246
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42246/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42246/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42246/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been discovered in vtiger CRM, which can be
exploited by malicious users to compromise a vulnerable system and by
malicious people to conduct cross-site scripting attacks and disclose
sensitive information.
1) An error exists in the file upload functionality due to the emails
module not properly checking file names and extensions. This can be
exploited to upload and execute arbitrary PHP code e.g. via ".phtml"
files.
2) Input passed e.g. via the "lang_crm" parameter to phprint.php or
the "current_language" parameter to graph.php is not properly
verified in the "return_application_language()" function in
include/utils/utils.php before being used to include files. This can
be exploited to include arbitrary file from local resources via
directory traversal sequences and URL-encoded NULL bytes.
Successful exploitation of this vulnerability requires that
"magic_quotes_gpc" is disabled.
3) Input passed via the "user_name" and "user_password" parameters to
index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
4) Input passed via the "label" parameter to index.php (when "module"
is set to "Settings" and "action" is set to "GetFieldInfo") is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
The vulnerabilities are confirmed in version 5.2.0. Other versions
may also be affected.
SOLUTION:
Update to version 5.2.1.
PROVIDED AND/OR DISCOVERED BY:
Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi
ORIGINAL ADVISORY:
vtiger CRM:
http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes
Giovanni Pellerano and Alessandro Tanasi:
http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0265 | CVE-2010-3910 |
vtiger CRM of return_application_language Function vulnerable to directory traversal
Related entries in the VARIoT exploits database: VAR-E-201011-0943 |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php. vtiger CRM of return_application_language The function contains a directory traversal vulnerability.By a third party, phprint.php To lang_crm Parameters, or fraph.php To Accouonts Import In operation current_language In the parameter .. ( Half-width period 2 One ) Via file inclusion and arbitrary local files could be executed. vtiger CRM is prone to a file-upload vulnerability. vtiger CRM is an open source web-based customer relationship management system. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42246
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42246/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42246/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42246/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been discovered in vtiger CRM, which can be
exploited by malicious users to compromise a vulnerable system and by
malicious people to conduct cross-site scripting attacks and disclose
sensitive information.
1) An error exists in the file upload functionality due to the emails
module not properly checking file names and extensions. This can be
exploited to upload and execute arbitrary PHP code e.g. via ".phtml"
files.
2) Input passed e.g. via the "lang_crm" parameter to phprint.php or
the "current_language" parameter to graph.php is not properly
verified in the "return_application_language()" function in
include/utils/utils.php before being used to include files.
Successful exploitation of this vulnerability requires that
"magic_quotes_gpc" is disabled.
3) Input passed via the "user_name" and "user_password" parameters to
index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
4) Input passed via the "label" parameter to index.php (when "module"
is set to "Settings" and "action" is set to "GetFieldInfo") is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
The vulnerabilities are confirmed in version 5.2.0. Other versions
may also be affected.
SOLUTION:
Update to version 5.2.1.
PROVIDED AND/OR DISCOVERED BY:
Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi
ORIGINAL ADVISORY:
vtiger CRM:
http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes
Giovanni Pellerano and Alessandro Tanasi:
http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0266 | CVE-2010-3911 |
vtiger CRM Vulnerable to cross-site scripting
Related entries in the VARIoT exploits database: VAR-E-201011-0943 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login action to index.php, or (3) the label parameter in a Settings GetFieldInfo action to index.php, related to modules/Settings/GetFieldInfo.php. vtiger CRM is prone to a cross-site scripting vulnerability. vtiger CRM is an open source web-based customer relationship management system. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42246
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42246/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42246/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42246/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been discovered in vtiger CRM, which can be
exploited by malicious users to compromise a vulnerable system and by
malicious people to conduct cross-site scripting attacks and disclose
sensitive information.
1) An error exists in the file upload functionality due to the emails
module not properly checking file names and extensions. This can be
exploited to upload and execute arbitrary PHP code e.g. via ".phtml"
files.
2) Input passed e.g. via the "lang_crm" parameter to phprint.php or
the "current_language" parameter to graph.php is not properly
verified in the "return_application_language()" function in
include/utils/utils.php before being used to include files. This can
be exploited to include arbitrary file from local resources via
directory traversal sequences and URL-encoded NULL bytes.
Successful exploitation of this vulnerability requires that
"magic_quotes_gpc" is disabled.
3) Input passed via the "user_name" and "user_password" parameters to
index.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
4) Input passed via the "label" parameter to index.php (when "module"
is set to "Settings" and "action" is set to "GetFieldInfo") is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
The vulnerabilities are confirmed in version 5.2.0. Other versions
may also be affected.
SOLUTION:
Update to version 5.2.1.
PROVIDED AND/OR DISCOVERED BY:
Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi
ORIGINAL ADVISORY:
vtiger CRM:
http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes
Giovanni Pellerano and Alessandro Tanasi:
http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0165 | CVE-2010-3804 | Apple Safari of WebKit Is in JavaScript User-trackable vulnerabilities in implementation |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. The problem is CVE-2008-5913 and CVE-2010-3171 And related issues.A third party can track users by predicting the seed value. WebKit is prone to a random-number-generator weakness.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to track user sessions and obtain personal information that can aid in further attacks.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0164 | CVE-2010-3803 | Apple Safari of WebKit Integer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0163 | CVE-2010-3809 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0162 | CVE-2010-3808 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. Transformation of unspecified variables. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0161 | CVE-2010-3805 | Apple Safari of WebKit In JavaScript Integer underflow vulnerability in implementation |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. The problem is CVE-2010-3254 May be duplicated.Arbitrary code execution or denial of service by a third party (DoS) May be in a state. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is an open source web browser engine currently used by browsers such as Safari and Chrome. Apple Safari is the default WEB browser bundled with the Apple family of operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0058 | CVE-2010-3817 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0057 | CVE-2010-3816 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. Apple Safari of WebKit Is inadequate in the processing related to the scroll bar, so arbitrary code is executed or service operation is interrupted (DoS) There is a vulnerability that becomes a condition.Arbitrary code is executed or service operation is interrupted by a third party (DoS) There is a possibility of being put into a state. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0055 | CVE-2010-3820 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0054 | CVE-2010-3819 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0053 | CVE-2010-3818 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
| VAR-201011-0048 | CVE-2010-3826 | Apple Safari of WebKit Vulnerabilities in arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.
Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. There is an invalid conversion problem in WebKit's processing of colors in SVG documents. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42264
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42264/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
RELEASE DATE:
2010-11-19
DISCUSS ADVISORY:
http://secunia.com/advisories/42264/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42264/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42264
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct spoofing attacks, or compromise a
user's system.
1) An integer overflow error in the handling of strings can be
exploited to corrupt memory and potentially execute arbitrary code.
2) A weakness in the random number generator for JavaScript
applications can be exploited to e.g. track users.
3) Multiple vulnerabilities in WebKit can be exploited by malicious
people to compromise a user's system.
For more information:
SA41328
4) An integer underflow error in the handling of WebSockets can be
exploited to corrupt memory and potentially execute arbitrary code.
5) An unspecified error in the handling of images created from
"canvas" elements can be exploited to conduct cross-origin image
thefts.
This is related to vulnerability #12 in:
SA41242
6) An invalid cast in the handling of editing commands can
potentially be exploited to execute arbitrary code.
7) An invalid cast in the handling of inline styling can potentially
be exploited to execute arbitrary code.
8) An error within the handling of the History object can be
exploited to spoof the address in the location bar or add arbitrary
locations to the history.
9) A use-after-free error in the handling of element attributes can
be exploited to corrupt memory and potentially execute arbitrary
code.
10) An integer overflow error in the handling of Text objects can be
exploited to corrupt memory and potentially execute arbitrary code.
11) A weakness is caused due to WebKit performing DNS prefetching for
HTML Link elements even when it is disabled.
12) Multiple use-after-free errors in the handling of plugins can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #5 in:
SA41014
13) A use-after-free error in the handling of element focus can be
exploited to corrupt memory and potentially execute arbitrary code.
This is related to vulnerability #10 in:
SA41242
14) A use-after-free error in the handling of scrollbars can be
exploited to corrupt memory and potentially execute arbitrary code.
15) An invalid cast in the handling of CSS 3D transforms can
potentially be exploited to execute arbitrary code.
16) A use-after-free error in the handling of inline text boxes can
be exploited to corrupt memory and potentially execute arbitrary
code.
17) An invalid cast in the handling of CSS boxes can potentially be
exploited to execute arbitrary code.
18) An unspecified error in the handling of editable elements can be
exploited to trigger an access of uninitialised memory and
potentially execute arbitrary code.
19) An unspecified error in the handling of the ':first-letter'
pseudo-element in cascading stylesheets can be exploited to corrupt
memory and potentially execute arbitrary code.
20) An uninitialised pointer error in the handling of CSS counter
styles can potentially be exploited to execute arbitrary code.
21) A use-after-free error in the handling of Geolocation objects can
be exploited to corrupt memory and potentially execute arbitrary
code.
22) A use-after-free error in the handling of "use" elements in SVG
documents can be exploited to corrupt memory and potentially execute
arbitrary code.
23) An invalid cast in the handling of SVG elements in non-SVG
documents can potentially be exploited to execute arbitrary code.
This is related to vulnerability #2 in:
SA41443
24) An invalid cast in the handling of colors in SVG documents can
potentially be exploited to execute arbitrary code.
SOLUTION:
Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later,
Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11).
PROVIDED AND/OR DISCOVERED BY:
2) Amit Klein, Trusteer
The vendor credits:
1, 10) J23
3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of
University of Szeged, and also thabermann and chipplyman
4) Keith Campbell, and Cris Neckar, Google Chrome Security Team
5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability
Research (MSVR)
6, 22, 23) wushi, team509
7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security
Team
8) Mike Taylor, Opera Software
9) Michal Zalewski
11) Jeff Johnson, Rogue Amoeba Software
13) Vupen
14) Rohit Makasana, Google Inc.
20, 21) kuzzcc
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4455
Trusteer:
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA40257
SA41328
SA42151
SA42312
SOLUTION:
Upgrade to iOS 4.2 (downloadable and installable via iTunes).
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server