VARIoT IoT vulnerabilities database
| VAR-201301-0132 | CVE-2012-5689 | ISC BIND Service disruption in ( Violation of representation and named Terminate daemon ) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. ISC BIND is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
The following are affected:
ISC BIND 9.8.0 through versions 9.8.4-P1
ISC BIND 9.9.0 through versions 9.9.2-P1. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
ISC BIND AAAA Record Lookup Handling Assertion Failure Vulnerability
SECUNIA ADVISORY ID:
SA51969
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51969/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51969
RELEASE DATE:
2013-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/51969/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51969/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51969
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in ISC BIND, which can be exploited
by malicious people to cause a DoS (Denial of Service). This can be exploited
to trigger an assertion failure and terminate the named process.
Successful exploitation requires that both DNS64 and Response Policy
Zones are configured and that A rewrite rules are maintained but not
AAAA rewrite rules.
The vulnerability is reported in versions 9.8.0 through 9.8.4-P1 and
9.9.0 through 9.9.2-P1.
SOLUTION:
As a workaround ensure that the RPZ contains a AAAA rewrite rule for
every A rewrite rule. The vulnerability will be fixed in a beta
version scheduled to be released on January 24, 2013.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Pories Ediansyah, Institut Teknologi Bandung.
ORIGINAL ADVISORY:
http://www.isc.org/software/bind/advisories/cve-2012-5689
https://kb.isc.org/article/AA-00855
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201401-34
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: BIND: Denial of Service
Date: January 29, 2014
Bugs: #437828, #446094, #453974, #463497, #478316, #483208, #498016
ID: 201401-34
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in BIND, possibly resulting in
Denial of Service.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/bind < 9.9.4_p2 >= 9.9.4_p2
Description
===========
Multiple vulnerabilities have been discovered in BIND. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker may be able to cause a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All BIND users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/bind-9.9.4_p2"
References
==========
[ 1 ] CVE-2012-5166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5166
[ 2 ] CVE-2012-5688
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5688
[ 3 ] CVE-2012-5689
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5689
[ 4 ] CVE-2013-2266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2266
[ 5 ] CVE-2013-3919
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3919
[ 6 ] CVE-2013-4854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4854
[ 7 ] CVE-2014-0591
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0591
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201401-34.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ============================================================================
Ubuntu Security Notice USN-2693-1
July 28, 2015
bind9 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Bind could be made to crash if it received specially crafted network
traffic.
Software Description:
- bind9: Internet Domain Name Server
Details:
Jonathan Foote discovered that Bind incorrectly handled certain TKEY
queries.
(CVE-2015-5477)
Pories Ediansyah discovered that Bind incorrectly handled certain
configurations involving DNS64. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5689)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
bind9 1:9.9.5.dfsg-9ubuntu0.2
Ubuntu 14.04 LTS:
bind9 1:9.9.5.dfsg-3ubuntu0.4
Ubuntu 12.04 LTS:
bind9 1:9.8.1.dfsg.P1-4ubuntu0.12
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: bind security and enhancement update
Advisory ID: RHSA-2013:0550-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0550.html
Issue date: 2013-02-21
CVE Names: CVE-2012-5689
=====================================================================
1. Summary:
Updated bind packages that fix one security issue and add one enhancement
are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
The Berkeley Internet Name Domain (BIND) is an implementation of the
Domain Name System (DNS) protocols. BIND includes a DNS server (named); a
resolver library (routines for applications to use when interfacing with
DNS); and tools for verifying that the DNS server is operating correctly.
DNS64 is used to automatically generate DNS records so IPv6 based clients
can access IPv4 systems through a NAT64 server.
A flaw was found in the DNS64 implementation in BIND when using Response
Policy Zones (RPZ). If a remote attacker sent a specially-crafted query to
a named server that is using RPZ rewrite rules, named could exit
unexpectedly with an assertion failure. Note that DNS64 support is not
enabled by default. (CVE-2012-5689)
This update also adds the following enhancement:
* Previously, it was impossible to configure the the maximum number of
responses sent per second to one client. This allowed remote attackers to
conduct traffic amplification attacks using DNS queries with spoofed source
IP addresses. With this update, it is possible to use the new "rate-limit"
configuration option in named.conf and configure the maximum number of
queries which the server responds to. Refer to the BIND documentation for
more details about the "rate-limit" option. (BZ#906312)
All bind users are advised to upgrade to these updated packages, which
contain patches to correct this issue and add this enhancement. After
installing the update, the BIND daemon (named) will be restarted
automatically.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
903417 - CVE-2012-5689 bind: denial of service when processing queries and with both DNS64 and RPZ enabled
906312 - bind: Backport Response Rate Limiting (DNS RRL) patch into Red Hat Enterprise Linux 6
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm
i386:
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-utils-9.8.2-0.17.rc1.el6.3.i686.rpm
x86_64:
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-utils-9.8.2-0.17.rc1.el6.3.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm
i386:
bind-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-chroot-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-sdb-9.8.2-0.17.rc1.el6.3.i686.rpm
x86_64:
bind-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-chroot-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-sdb-9.8.2-0.17.rc1.el6.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm
x86_64:
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-utils-9.8.2-0.17.rc1.el6.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm
x86_64:
bind-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-chroot-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-sdb-9.8.2-0.17.rc1.el6.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm
i386:
bind-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-chroot-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-utils-9.8.2-0.17.rc1.el6.3.i686.rpm
ppc64:
bind-9.8.2-0.17.rc1.el6.3.ppc64.rpm
bind-chroot-9.8.2-0.17.rc1.el6.3.ppc64.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.ppc.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.ppc64.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.ppc.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.ppc64.rpm
bind-utils-9.8.2-0.17.rc1.el6.3.ppc64.rpm
s390x:
bind-9.8.2-0.17.rc1.el6.3.s390x.rpm
bind-chroot-9.8.2-0.17.rc1.el6.3.s390x.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.s390.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.s390x.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.s390.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.s390x.rpm
bind-utils-9.8.2-0.17.rc1.el6.3.s390x.rpm
x86_64:
bind-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-chroot-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-utils-9.8.2-0.17.rc1.el6.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm
i386:
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-sdb-9.8.2-0.17.rc1.el6.3.i686.rpm
ppc64:
bind-debuginfo-9.8.2-0.17.rc1.el6.3.ppc.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.ppc64.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.ppc.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.ppc64.rpm
bind-sdb-9.8.2-0.17.rc1.el6.3.ppc64.rpm
s390x:
bind-debuginfo-9.8.2-0.17.rc1.el6.3.s390.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.s390x.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.s390.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.s390x.rpm
bind-sdb-9.8.2-0.17.rc1.el6.3.s390x.rpm
x86_64:
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-sdb-9.8.2-0.17.rc1.el6.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm
i386:
bind-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-chroot-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-utils-9.8.2-0.17.rc1.el6.3.i686.rpm
x86_64:
bind-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-chroot-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-libs-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-utils-9.8.2-0.17.rc1.el6.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6.3.src.rpm
i386:
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-sdb-9.8.2-0.17.rc1.el6.3.i686.rpm
x86_64:
bind-debuginfo-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-debuginfo-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.i686.rpm
bind-devel-9.8.2-0.17.rc1.el6.3.x86_64.rpm
bind-sdb-9.8.2-0.17.rc1.el6.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-5689.html
https://access.redhat.com/security/updates/classification/#moderate
http://www.isc.org/software/bind/advisories/cve-2012-5689
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRJnU0XlSAg2UNWIIRAqmKAJ9aw1xBPz0zvjWoO1dx8iwrf3KvTwCgh+FG
AQqiP7kshwm4ZGsABl1I61k=
=gqtc
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201304-0399 | CVE-2013-2761 | Schneider Electric M340 BMXNOE01xx/BMXP3420xx PLC Module Denial of Service Vulnerability |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client. The SESU tool used by several of these products is used to update software on Windows PC systems. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Schneider Electric Ethernetmokuai has a cross-site request forgery vulnerability that allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions, such as changing passwords, in the context of the target user. The following versions are affected by this vulnerability: Quantum: 140NOE77111 140NOE77101 140NWM10000 M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx Premium: TSXETY4103 TSXETY5103 TSXWMY100. Schneider Electric Ethernet Modules are prone to a denial-of-service vulnerability.
A remote attacker can exploit this issue to crash the module, resulting in denial-of-service conditions.
The following modules are vulnerable:
Ethernet Module M340 BMXNOE01xx
Ethernet Module M340 BMXP3420xx. Schneider Electric software on customer PCs uses the SESU service as a communication mechanism to the Schneider Electric central update server, which can be used to receive software updates on a regular basis. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Schneider Electric Ethernet Modules Cross-Site Request Forgery
Vulnerability
SECUNIA ADVISORY ID:
SA52189
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52189/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52189
RELEASE DATE:
2013-02-14
DISCUSS ADVISORY:
http://secunia.com/advisories/52189/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52189/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52189
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Schneider Electric Ethernet
Modules, which can be exploited by malicious people to conduct
cross-site request forgery attacks.
The vulnerability is caused due to the modules allowing users to
perform certain actions via HTTP requests without performing proper
validity checks to verify the requests. This can be exploited to e.g.
change credentials when a logged-in administrator visits a specially
crafted web page.
Quantum:
140NOE77111
140NOE77101
140NWM10000
M340:
BMXNOC0401
BMXNOE0100x
BMXNOE011xx
Premium:
TSXETY4103
TSXETY5103
TSXWMY100
SOLUTION:
No official solution is currently available.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Arthur Gervais.
ORIGINAL ADVISORY:
SEVD-2013-023-01:
http://download.schneider-electric.com/files?L=en&p=&p_docId=&p_docId=&p_Reference=SEVD%202013-023-01&p_EnDocType=Technical%20paper&p_File_Id=36555639&p_File_Name=SEVD-2013-023-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0343 | CVE-2013-1102 |
Cisco Wireless LAN Controller Service disruption in ( Device reload ) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201301-0211 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743. Service attack.
Exploiting these issues could allow an attacker to deny service to legitimate users, execute arbitrary code, or gain unauthorized access. Other attacks may also be possible. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Cisco Wireless LAN Controllers Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA51965
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51965/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51965
RELEASE DATE:
2013-01-24
DISCUSS ADVISORY:
http://secunia.com/advisories/51965/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51965/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51965
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco Wireless Lan
Controllers, which can be exploited by malicious users to bypass
certain security restrictions and compromise a vulnerable system and
by malicious people to cause a DoS (Denial of Service).
1) An error within the wIPS component when handling certain IP
packets can be exploited to cause a reload.
2) An error when handling certain Session Initiation Protocol (SIP)
packets can be exploited to cause a reload.
3) An input sanitisation error can be exploited to execute arbitrary
code by sending a specially crafted UserAgent string.
4) An error when handling access restrictions can be exploited to
view or modify sensitive information such as configuration files.
The vulnerabilities are reported in the following products:
* Cisco 2000 Series WLC
* Cisco 2100 Series WLC
* Cisco 2500 Series WLC
* Cisco 4100 Series WLC
* Cisco 4400 Series WLC
* Cisco 5500 Series WLC
* Cisco 7500 Series WLC
* Cisco 8500 Series WLC
* Cisco 500 Series Wireless Express Mobility Controllers
* Cisco Wireless Services Module (Cisco WiSM)
* Cisco Wireless Services Module version 2 (Cisco WiSM version 2)
* Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs)
* Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs)
* Cisco Catalyst 3750G Integrated WLCs
* Cisco Flex 7500 Series Cloud Controller
* Cisco Virtual Wireless Controller
* Cisco Wireless Controller Software for Integrated Services Module
300 and Cisco Services-Ready Engine 700, 710, 900, and 910
SOLUTION:
Apply update (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
#1, #2, #3) Reported by the vendor.
#4) The vendor credits Darren Johnson.
ORIGINAL ADVISORY:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0344 | CVE-2013-1103 |
Cisco Wireless LAN Controller Service disruption in (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201301-0211 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659.
Exploiting these issues could allow an attacker to deny service to legitimate users, execute arbitrary code, or gain unauthorized access. Other attacks may also be possible. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Cisco Wireless LAN Controllers Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA51965
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51965/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51965
RELEASE DATE:
2013-01-24
DISCUSS ADVISORY:
http://secunia.com/advisories/51965/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51965/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51965
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco Wireless Lan
Controllers, which can be exploited by malicious users to bypass
certain security restrictions and compromise a vulnerable system and
by malicious people to cause a DoS (Denial of Service).
1) An error within the wIPS component when handling certain IP
packets can be exploited to cause a reload.
Successful exploitation requires that Cisco WLCs are configured with
Wireless Intrusion Prevention System (wIPS).
2) An error when handling certain Session Initiation Protocol (SIP)
packets can be exploited to cause a reload.
3) An input sanitisation error can be exploited to execute arbitrary
code by sending a specially crafted UserAgent string.
4) An error when handling access restrictions can be exploited to
view or modify sensitive information such as configuration files.
The vulnerabilities are reported in the following products:
* Cisco 2000 Series WLC
* Cisco 2100 Series WLC
* Cisco 2500 Series WLC
* Cisco 4100 Series WLC
* Cisco 4400 Series WLC
* Cisco 5500 Series WLC
* Cisco 7500 Series WLC
* Cisco 8500 Series WLC
* Cisco 500 Series Wireless Express Mobility Controllers
* Cisco Wireless Services Module (Cisco WiSM)
* Cisco Wireless Services Module version 2 (Cisco WiSM version 2)
* Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs)
* Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs)
* Cisco Catalyst 3750G Integrated WLCs
* Cisco Flex 7500 Series Cloud Controller
* Cisco Virtual Wireless Controller
* Cisco Wireless Controller Software for Integrated Services Module
300 and Cisco Services-Ready Engine 700, 710, 900, and 910
SOLUTION:
Apply update (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
#1, #2, #3) Reported by the vendor.
#4) The vendor credits Darren Johnson.
ORIGINAL ADVISORY:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0345 | CVE-2013-1104 |
Cisco Wireless LAN Controller Arbitrary Code Execution Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201301-0211 |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636. The Cisco Wireless LAN Controller is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. Cisco Wireless LAN Controllers fail to properly filter user-supplied input, allowing authenticated remote attackers to send specially crafted UserAgent strings over wired or wireless segments. The software handles specially crafted strings allowing an attacker to execute arbitrary code on the system. Other attacks may also be possible. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Cisco Wireless LAN Controllers Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA51965
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51965/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51965
RELEASE DATE:
2013-01-24
DISCUSS ADVISORY:
http://secunia.com/advisories/51965/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51965/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51965
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco Wireless Lan
Controllers, which can be exploited by malicious users to bypass
certain security restrictions and compromise a vulnerable system and
by malicious people to cause a DoS (Denial of Service).
1) An error within the wIPS component when handling certain IP
packets can be exploited to cause a reload.
Successful exploitation requires that Cisco WLCs are configured with
Wireless Intrusion Prevention System (wIPS).
2) An error when handling certain Session Initiation Protocol (SIP)
packets can be exploited to cause a reload.
4) An error when handling access restrictions can be exploited to
view or modify sensitive information such as configuration files.
The vulnerabilities are reported in the following products:
* Cisco 2000 Series WLC
* Cisco 2100 Series WLC
* Cisco 2500 Series WLC
* Cisco 4100 Series WLC
* Cisco 4400 Series WLC
* Cisco 5500 Series WLC
* Cisco 7500 Series WLC
* Cisco 8500 Series WLC
* Cisco 500 Series Wireless Express Mobility Controllers
* Cisco Wireless Services Module (Cisco WiSM)
* Cisco Wireless Services Module version 2 (Cisco WiSM version 2)
* Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs)
* Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs)
* Cisco Catalyst 3750G Integrated WLCs
* Cisco Flex 7500 Series Cloud Controller
* Cisco Virtual Wireless Controller
* Cisco Wireless Controller Software for Integrated Services Module
300 and Cisco Services-Ready Engine 700, 710, 900, and 910
SOLUTION:
Apply update (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
#1, #2, #3) Reported by the vendor.
#4) The vendor credits Darren Johnson.
ORIGINAL ADVISORY:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0346 | CVE-2013-1105 |
Cisco Wireless LAN Controller Vulnerability in which wireless management settings can be bypassed
Related entries in the VARIoT exploits database: VAR-E-201301-0211 |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653. The Cisco Wireless LAN Controller is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility.
Exploiting these issues could allow an attacker to deny service to legitimate users, execute arbitrary code, or gain unauthorized access. Other attacks may also be possible. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Cisco Wireless LAN Controllers Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA51965
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51965/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51965
RELEASE DATE:
2013-01-24
DISCUSS ADVISORY:
http://secunia.com/advisories/51965/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51965/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51965
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco Wireless Lan
Controllers, which can be exploited by malicious users to bypass
certain security restrictions and compromise a vulnerable system and
by malicious people to cause a DoS (Denial of Service).
1) An error within the wIPS component when handling certain IP
packets can be exploited to cause a reload.
Successful exploitation requires that Cisco WLCs are configured with
Wireless Intrusion Prevention System (wIPS).
2) An error when handling certain Session Initiation Protocol (SIP)
packets can be exploited to cause a reload.
3) An input sanitisation error can be exploited to execute arbitrary
code by sending a specially crafted UserAgent string.
4) An error when handling access restrictions can be exploited to
view or modify sensitive information such as configuration files.
The vulnerabilities are reported in the following products:
* Cisco 2000 Series WLC
* Cisco 2100 Series WLC
* Cisco 2500 Series WLC
* Cisco 4100 Series WLC
* Cisco 4400 Series WLC
* Cisco 5500 Series WLC
* Cisco 7500 Series WLC
* Cisco 8500 Series WLC
* Cisco 500 Series Wireless Express Mobility Controllers
* Cisco Wireless Services Module (Cisco WiSM)
* Cisco Wireless Services Module version 2 (Cisco WiSM version 2)
* Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs)
* Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs)
* Cisco Catalyst 3750G Integrated WLCs
* Cisco Flex 7500 Series Cloud Controller
* Cisco Virtual Wireless Controller
* Cisco Wireless Controller Software for Integrated Services Module
300 and Cisco Services-Ready Engine 700, 710, 900, and 910
SOLUTION:
Apply update (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
#1, #2, #3) Reported by the vendor.
#4) The vendor credits Darren Johnson.
ORIGINAL ADVISORY:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0447 | No CVE | SAP NetWeaver SDM Multiple Security Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAP NetWeaver SDM service has an unspecified error that allows an attacker to exploit a vulnerability to bypass authentication and perform restricted operations. SAP NetWeaver is prone to multiple security vulnerabilities. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
SAP NetWeaver SDM Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA51740
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51740/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51740
RELEASE DATE:
2013-01-23
DISCUSS ADVISORY:
http://secunia.com/advisories/51740/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51740/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51740
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
ERPScan has reported multiple vulnerabilities in SAP NetWeaver, which
can be exploited by malicious people to disclose certain sensitive
information, bypass certain security restrictions, and cause a DoS
(Denial of Service).
SOLUTION:
Apply SAP Note 1724516.
PROVIDED AND/OR DISCOVERED BY:
Alexander Polyakov, ERPScan.
ORIGINAL ADVISORY:
SAP:
https://service.sap.com/sap/support/notes/1724516
ERPScan (DSECRG-12-044, DSECRG-12-045, DSECRG-12-046, DSECRG-12-047,
DSECRG-12-048):
http://erpscan.com/advisories/dsecrg-12-044-sap-netweaver-sdm-authentication-bypass/
http://erpscan.com/advisories/dsecrg-12-045-sap-netweaver-sdm-denial-of-service/
http://erpscan.com/advisories/dsecrg-12-046-sap-netweaver-sdm-information-disclosure-and-smbrelay/
http://erpscan.com/advisories/dsecrg-12-047-sap-netweaver-sdm-admin-information-disclosure/
http://erpscan.com/advisories/dsecrg-12-048-sap-netweaver-sdm-admin-dos/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201401-0017 | CVE-2012-3000 |
plural F5 BIG-IP Product APM WebGUI and AVR WebGUI In SQL Injection vulnerability
Related entries in the VARIoT exploits database: VAR-E-201301-0068 |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter. F5 BIG-IP is an application switch. F5 BIG-IP saveSettings.php fails to properly filter user-submitted input. An authenticated attacker can exploit a vulnerability to submit a malicious SQL query that can access MySQL database information or access system files in the \"mysql\" OS user context. To successfully exploit a vulnerability, you may need to enable Application Security (ASM) or Access Policy (APM).
Versions prior to F5 BIG-IP 11.2.0 are vulnerable. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; GTM is a wide area traffic manager; WebAccelerator is an application accelerator. The vulnerability is caused by the sam/admin/reports/php/saveSettings.php script not adequately filtering the 'defaultQuery' parameter. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
F5 Products "defaultQuery" SQL Injection Vulnerability
SECUNIA ADVISORY ID:
SA51867
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51867/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51867
RELEASE DATE:
2013-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/51867/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51867/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51867
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SEC Consult has reported a vulnerability in F5 Products, which can be
exploited by malicious users to conduct SQL injection attacks. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
The vulnerability is reported in the following products:
* BIG-IP LTM version 11.x
* BIG-IP GTM version 11.x
* BIG-IP ASM version 11.x
* BIG-IP Link Controller version 11.x
* BIG-IP PSM version 11.x
* BIG-IP APM version 11.x
* BIG-IP Edge Gateway version 11.x
* BIG-IP Analytics version 11.x
SOLUTION:
Update to a fixed version (Please see vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Stefan Viehb\xf6ck, SEC Consult.
ORIGINAL ADVISORY:
sol14154:
http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14154.html
SEC Consult:
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-1_F5_BIG-IP_SQL_Injection_v10.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0369 | CVE-2013-0651 | GE Proficy Real-Time Information Portal Multiple Information Disclosure Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request. GE Proficy Real-Time Information Portal is a Proficy real-time information portal, a real-time manufacturing intelligence application for GE Intelligent Platforms.
Attackers can exploit these issues to gain access to sensitive information that may aid in further attacks. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Proficy Real-Time Information Portal Two Information Disclosure
Security Issues
SECUNIA ADVISORY ID:
SA51746
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51746/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51746
RELEASE DATE:
2013-01-23
DISCUSS ADVISORY:
http://secunia.com/advisories/51746/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51746/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51746
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two security issues have been reported in Proficy Real-Time
Information Portal, which can be exploited by malicious people to
disclose certain sensitive information.
1) The application provides unrestricted access to certain files and
directories, which can be exploited to e.g. retrieve configuration
files.
2) The application exposes certain methods via Java RMI, which can be
exploited to disclose information via RMI call.
The security issues are reported in all supported versions.
SOLUTION:
Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
ICSA-13-022-01:
http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0370 | CVE-2013-0652 | GE Proficy Real-Time Information Portal Multiple Information Disclosure Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call.
Attackers can exploit these issues to gain access to sensitive information that may aid in further attacks. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Proficy Real-Time Information Portal Two Information Disclosure
Security Issues
SECUNIA ADVISORY ID:
SA51746
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51746/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51746
RELEASE DATE:
2013-01-23
DISCUSS ADVISORY:
http://secunia.com/advisories/51746/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51746/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51746
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two security issues have been reported in Proficy Real-Time
Information Portal, which can be exploited by malicious people to
disclose certain sensitive information.
1) The application provides unrestricted access to certain files and
directories, which can be exploited to e.g. retrieve configuration
files.
The security issues are reported in all supported versions.
SOLUTION:
Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
ICSA-13-022-01:
http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0371 | CVE-2013-0653 | GE Proficy CIMPLICITY Directory Traversal Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy CIMPLICITY is the PC configuration software. GE Proficy CIMPLICITY WebView CimWeb component (substitute.bcl) does not properly check input variables and send malicious packets to TCP port 80. Attackers can view and download files on the server through directory traversal attacks. The CIMPLICITY component is prone to a directory-traversal vulnerability and a remote command-execution vulnerability because it fails to properly validate user-supplied data. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
GE Intelligent Platforms Products Two Vulnerabilities
SECUNIA ADVISORY ID:
SA51936
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51936/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51936
RELEASE DATE:
2013-01-24
DISCUSS ADVISORY:
http://secunia.com/advisories/51936/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51936/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51936
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in GE Intelligent Platforms
products, which can be exploited by malicious users to disclose
certain sensitive information and compromise a vulnerable system.
2) An unspecified error exists in CimWebServer when processing
packets and can be exploited to e.g. run arbitrary commands by
sending a specially-crafted packet.
NOTE: CIMPLICITY built-in Web server component is not enabled by
default.
The vulnerabilities are reported in the following products:
* Proficy HMI/SCADA \x96 CIMPLICITY version 4.01 and greater
* Proficy Process Systems with CIMPLICITY
SOLUTION:
Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
ICSA-13-022-02:
http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0372 | CVE-2013-0654 | GE Proficy CIMPLICITY Command execution vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy CIMPLICITY is the PC configuration software. The CIMPLICITY component is prone to a directory-traversal vulnerability and a remote command-execution vulnerability because it fails to properly validate user-supplied data. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
GE Intelligent Platforms Products Two Vulnerabilities
SECUNIA ADVISORY ID:
SA51936
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51936/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51936
RELEASE DATE:
2013-01-24
DISCUSS ADVISORY:
http://secunia.com/advisories/51936/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51936/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51936
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in GE Intelligent Platforms
products, which can be exploited by malicious users to disclose
certain sensitive information and compromise a vulnerable system.
1) An unspecified error exists within the WebView CimWeb component
(substitute.bcl) and can be exploited to disclose arbitrary files via
directory traversal attacks.
2) An unspecified error exists in CimWebServer when processing
packets and can be exploited to e.g. run arbitrary commands by
sending a specially-crafted packet.
NOTE: CIMPLICITY built-in Web server component is not enabled by
default.
The vulnerabilities are reported in the following products:
* Proficy HMI/SCADA \x96 CIMPLICITY version 4.01 and greater
* Proficy Process Systems with CIMPLICITY
SOLUTION:
Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
ICSA-13-022-02:
http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201401-0042 | CVE-2013-1361 | Lenovo Thinkpad Bluetooth with Enhanced Data Rate Vulnerability to execute arbitrary code in software |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Lenovo Bluetooth. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified.
Attackers can exploit this vulnerability to execute arbitrary code in the context of the user running the vulnerable application.
Bluetooth with Enhanced Data Rate Software 6.4.0.2900 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Lenovo Bluetooth with Enhanced Data Rate Software Insecure Library
Loading Vulnerability
SECUNIA ADVISORY ID:
SA51846
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51846/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51846
RELEASE DATE:
2013-01-22
DISCUSS ADVISORY:
http://secunia.com/advisories/51846/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51846/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51846
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Microsoft has reported a vulnerability in Lenovo Bluetooth with
Enhanced Data Rate Software, which can be exploited by malicious
people to compromise a user's system.
The vulnerability is caused due to the application loading libraries
in an insecure manner. This can be exploited to load arbitrary
libraries by tricking a user into opening certain files on a remote
WebDAV or SMB share.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in versions 6.4.0.2900 and prior.
SOLUTION:
Update to version 6.5.1.2700.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Haifei Li, Microsoft.
ORIGINAL ADVISORY:
Lenovo:
http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/g4wb10ww.txt
MSVR:
http://technet.microsoft.com/en-us/security/msvr/msvr13-001
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0440 | CVE-2013-0843 | Mac OS X upper Google Chrome Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio. Google Chrome is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 24.0.1312.56 are vulnerable.
This BID is being retired. The following individual records exist to better document the issues:
59680 Google Chrome CVE-2013-0842 Unspecified Security Vulnerability
59681 Google Chrome CVE-2013-0840 Unspecified Security Vulnerability
59682 Google Chrome CVE-2013-0841 Unspecified Security Vulnerability
59685 Google Chrome CVE-2013-0843 Denial of Service Vulnerability
59683 Google Chrome CVE-2013-0839 Use-After-Free Memory Corruption Vulnerability.
Attackers can exploit this issue to crash the application, denying service to legitimate users. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA51935
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51935/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51935
RELEASE DATE:
2013-01-23
DISCUSS ADVISORY:
http://secunia.com/advisories/51935/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51935/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51935
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have unknown impacts and others can be exploited by malicious
people to compromise a user's system.
1) A use-after-free error exists when handling canvas font.
2) An error exists when validating the URL when opening new windows.
3) An array indexing error exists when blocking certain contents.
4) An error exists when handling NULL characters embedded in paths.
5) An error exists when handling unsupported RTC sampling rate.
NOTE: This vulnerability affects Mac only.
SOLUTION:
Update to version 24.0.1312.56.
PROVIDED AND/OR DISCOVERED BY:
2) Reported by the vendor.
The vendor credits:
1) Atte Kettunen, OUSPG.
5) Ted Nakamura, Chromium development community.
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2013/01/stable-channel-update_22.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201401-0016 | CVE-2012-2997 |
F5 BIG-IP of sam/admin/vpe2/public/php/server.php In XML External entity vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201301-0169 |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file. F5 BIG-IP is an application switch. Allows authenticated attackers to download arbitrary files from the system in the \"apache\" OS user context. The BIG-IP configuration allows users to access the /etc/shadow file to obtain user password hashes.
Attackers can exploit this issue to obtain potentially sensitive information from local files on computers running the vulnerable application and to carry out other attacks. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
F5 Products XML Entity References Information Disclosure
Vulnerability
SECUNIA ADVISORY ID:
SA51986
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51986/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51986
RELEASE DATE:
2013-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/51986/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51986/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51986
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SEC Consult has reported a vulnerability in F5 Products, which can be
exploited by malicious users to disclose certain sensitive
information.
The vulnerability is caused due to an error in the web interface XML
parser when validating XML requests and can be exploited to e.g.
disclose local files.
The vulnerability is reported in the following products:
* BIG-IP LTM versions 10.x and 11.x
* BIG-IP GTM versions 10.x and 11.x
* BIG-IP ASM versions 10.x and 11.x
* BIG-IP Link Controller versions 10.x and 11.x
* BIG-IP WebAccelerator versions 10.x and 11.x
* BIG-IP PSM versions 10.x and 11.x
* BIG-IP WOM versions 10.x and 11.x
* BIG-IP APM versions 10.x and 11.x
* BIG-IP Edge Gateway versions 10.x and 11.x
* BIG-IP Analytics version 11.x
SOLUTION:
Update to a fixed version (Please see vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Stefan Viehb\xf6ck, SEC Consult.
ORIGINAL ADVISORY:
sol14138:
http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html
SEC Consult:
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-0_F5_BIG-IP_XML_External_Entity_Injection_v10.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201302-0261 | CVE-2013-0658 |
Schneider Electric Accutech Manager Heap Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201301-0209 |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request. Schneider Electric Accutech Manager is a real-time monitoring and management software based on windows services. Accutech Manager is prone to a remote heap-based buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition.
Accutech Manager 2.00.1 and prior are vulnerable. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Schneider Electric Accutech Manager Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA52034
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52034/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52034
RELEASE DATE:
2013-01-31
DISCUSS ADVISORY:
http://secunia.com/advisories/52034/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52034/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52034
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Schneider Electric Accutech
Manager, which can be exploited by malicious people to compromise a
vulnerable system.
The vulnerability is caused due to an unspecified error and can be
exploited to cause a heap-based buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions 2.00.1 and prior.
SOLUTION:
No official solution is currently available. A fix is scheduled to be
released in February 2013.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Exodus Intelligence.
ORIGINAL ADVISORY:
http://www.schneider-electric.com/sites/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2013/01/20130121_advisory_of_vulnerability_affecting_accutech_manager_software.xml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0349 | CVE-2013-1110 | Cisco WebEx Training Center Vulnerabilities bypassing permissions restrictions |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu81065. Cisco WebEx Training Center Has been bypassed by permissions, training-center Records of (1) Activation, or (2) There are vulnerabilities that are disabled.
Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM)
| VAR-201301-0469 | No CVE | Cisco Linksys WRT54GL Router Multiple Security Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: - |
Allows an attacker to perform malicious actions. The Cisco Linksys WRT54GL Router is a wireless routing device. A security vulnerability exists in the Cisco Linksys WRT54GL Router. Due to the lack of filtering on the wan_hostnam parameter, an attacker can exploit the vulnerability to inject and execute arbitrary shell commands. Since changing the current password does not require providing current password information, an attacker is allowed to submit a malicious request to change the password information. A command-execution vulnerability
2. A security-bypass vulnerability
3. A cross-site request-forgery vulnerability
4. A cross-site scripting vulnerability
5.
Cisco Linksys WRT54GL 1.1 running firmware version 4.30.15 build 2 is vulnerable; other versions may also be affected
| VAR-201301-0452 | No CVE | Schneider Electric Interactive Graphical SCADA System Data Collector Buffer Overflow Vulnerability |
CVSS V2: - CVSS V3: - Severity: HIGH |
Schneider Electric and the 7T Interactive Graphical SCADA System are automated monitoring and control systems. The Interactive Graphical SCADA System has an unspecified error in dc.exe when processing certain requests, allowing an attacker to submit a malicious request to the TCP 12397 port to trigger a buffer overflow that can crash the application service. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Schneider Electric Interactive Graphical SCADA System Data Collector
Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA51819
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51819/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51819
RELEASE DATE:
2013-01-17
DISCUSS ADVISORY:
http://secunia.com/advisories/51819/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51819/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51819
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Schneider Electric Interactive
Graphical SCADA System, which can be exploited by malicious people to
compromise a vulnerable system.
SOLUTION:
Apply patch.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Aaron Portnoy, Exodus Intelligence.
ORIGINAL ADVISORY:
http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page
http://www2.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2013/01/20130110_advisory_of_vulnerability_affecting_igss_scada_software.xml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201405-0018 | CVE-2012-6452 | Axway Email Firewall Used in Axway Secure Messenger Vulnerabilities enumerated by users |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests. Axway Secure Messenger is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to retrieve sensitive information. Information harvested may aid in launching further attacks.
Axway Secure Messenger 6.5 is vulnerable; other versions may also be affected. Axway Secure Messenger is a suite of email encryption software from Axway, France. The software supports encrypting and authenticating emails, automating tracking of message delivery, and more. Specifically, two (2) JSESSIONIDs are returned for valid users, and one (1) for invalid users.
Solution:
Upgrade to Secure Messenger version 6.5 Updated Release 7, or migrate to Axway MailGate 5.2.0 (or later) for the equivalent functionality.
Contact:
support.axway.com