VARIoT IoT vulnerabilities database

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the application's support for a component within the SIZ marker in a JPEG 2000 image. When the component contains a malicious value, the application will add a corrupted object to a queue of data which will be processed by the Component Manager's JP2 decompressor. Later when attempting to decompress this data, the application will use the corrupted object. This can lead to code execution under the context of the application. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. This issue affects Apple Mac OS X 10.6 to 10.6.4 and Mac OS X Server 10.6 to 10.6.4. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple QuickTime is a very popular multimedia player. ZDI-10-252: Apple QuickTime JP2 SIZ Chunk Uninitialized Object Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-252 November 10, 2010 -- CVE ID: CVE-2010-3788 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10292. -- Vendor Response: Apple states: Fixed in Mac OS X 10.6.5: http://support.apple.com/kb/HT4435 -- Disclosure Timeline: 2010-06-01 - Vulnerability reported to vendor 2010-11-10 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Damian Put * Procyun -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi

Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document. Apple Mac OS X is prone to a buffer-overflow vulnerability that affects the QuickLook feature. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X 10.6 to 10.6.4 and Mac OS X Server 10.6 to 10.6.4. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. CVE-ID CVE-2010-3786 : Tobias Klein, working with VeriSign iDefense Labs Numbers for iOS v1.5 is available for download via the App Store. To check the current version of software, select "Settings -> Numbers -> Version". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-20-2 iWork 9.1 Update iWork 9.1 Update is now available and addresses the following: Numbers Available for: iWork 9.0 through 9.0.5 Impact: Opening a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2010-3785 : Apple Numbers Available for: iWork 9.0 through 9.0.5 Impact: Opening a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2010-3786 : Tobias Klein, working with VeriSign iDefense Labs Pages Available for: iWork 9.0 through 9.0.5 Impact: Opening a maliciously crafted Microsoft Word document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of Microsoft Word documents. Opening a maliciously crafted Microsoft Word document in Pages may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-1417 : Charlie Miller and Dion Blazakis working with TippingPoint's Zero Day Initiative iWork 9.1 Update is available via the Apple Software Update application, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The download file is named: iWork9.1Update.dmg Its SHA-1 digest is: ecb38db74d7d1954cbcee9220c73dac85cace3e1 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJOKcGrAAoJEGnF2JsdZQeewcYH/RhHdLa6x14PX+ZTC+sm1Mjc W1xBpOxMuBpAx3Li6INXXLvMablTgPIs5e3pbtsV0RYtsJy99JdPySPI8bpQu0Si CVWuXXSBYy2gdTtRAf6MI3j+oOyM1JhE7GunLBWcmAzv5TxS8TRf0HtNErFEe8NA StV8QBWLErNyHxqjUQsIb5d1KbIbOysFQZy3O6pyZ6SRwr8tlIPKnY4KsaDYS5Ry tpv3lMysde5NqCy8BeOQEtW/WAmE7i9NCCNfU2L+OfGQOXIdXmKl7Orjj+d9l23L umGo9GCACvBVO1Ot6jKDlCW+ZuDRGuz+fhQnwOdyoqtwUwiNCsS6VIwuYYrcmxw= =wrny -----END PGP SIGNATURE-----

The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls. Attackers can exploit this issue to crash the application using the vulnerable API, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; this has not been confirmed. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. This issue affects Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X 10.6 to 10.6.4, and Mac OS X Server 10.6 to 10.6.4

Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors. An attacker can exploit this issue to gain unauthorized access to the affected computer. The following are affected: Mac OS X 10.6 through 10.6.4 Mac OS X Server 10.6 through 10.6.4 NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it

QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file. The Apple Mobile OfficeImport Framework is prone to a remote memory-corruption vulnerability. Successful exploits may allow attackers to execute arbitrary code with the privileges of the victim user. On Apple devices, successful exploits will completely compromise the affected device. The following products are affected: Mac OS X 10.6 to 10.6.4 Mac OS X Server 10.6 to 10.6.4 iPod Touch iPad IOS 3.1.3 IOS 3.2.1 NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. iDefense Security Advisory 11.11.10 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 11, 2010 I. BACKGROUND The OfficeImport framework is an API used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad. The framework is used to parse and display Microsoft Office file formats, such as Excel, Word, and PowerPoint. The OfficeImport framework is used by several applications, including MobileMail and MobileSafari. Both of these applications are attack vectors for this vulnerability. For more information, see the vendor's site found at the following link. http://www.apple.com/iphone/softwareupdate/ II. The vulnerability occurs when parsing an Excel file with a maliciously constructed Excel record. Specific values within this record can trigger a memory corruption vulnerability, and result in values from the file being used as function pointers. III. To exploit this vulnerability, an attacker has several attack vectors. The most dangerous vector is through MobileSafari, which will automatically open and parse Office files embedded in web pages. This behavior is similar to Microsoft Office 2000, in that it enables drive-by style attacks without any user interaction beyond visiting a web page (no file open dialog is displayed, the file is simply opened). Additionally, an attacker can email a targeted user and attach a malicious file. The user will then have to view the email and attachment with MobileMail to trigger the vulnerability. IV. V. WORKAROUND iDefense is currently unaware of any workarounds for this issue. There is no configuration option to disable the parsing of Office files in the browser. Additionally, due to a lack of control over file system permissions on Apple devices (and the method of library loading) it is not possible to remove or block access to the OfficeImport binary. VI. VENDOR RESPONSE Apple Inc. has released patches which addresses this issue. For more information, consult their advisory at the following URL: http://support.apple.com/kb/HT4435 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2010-3786 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 08/25/2010 Initial Vendor Notification 08/25/2010 Initial Vendor Reply 11/11/2010 Coordinated Public Disclosure IX. CREDIT This vulnerability was reported to iDefense by Tobias Klein. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2010 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. CVE-ID CVE-2010-3786 : Tobias Klein, working with VeriSign iDefense Labs Numbers for iOS v1.5 is available for download via the App Store. To check the current version of software, select "Settings -> Numbers -> Version". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-20-2 iWork 9.1 Update iWork 9.1 Update is now available and addresses the following: Numbers Available for: iWork 9.0 through 9.0.5 Impact: Opening a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Excel files. CVE-ID CVE-2010-3786 : Tobias Klein, working with VeriSign iDefense Labs Pages Available for: iWork 9.0 through 9.0.5 Impact: Opening a maliciously crafted Microsoft Word document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of Microsoft Word documents. CVE-ID CVE-2011-1417 : Charlie Miller and Dion Blazakis working with TippingPoint's Zero Day Initiative iWork 9.1 Update is available via the Apple Software Update application, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The download file is named: iWork9.1Update.dmg Its SHA-1 digest is: ecb38db74d7d1954cbcee9220c73dac85cace3e1 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJOKcGrAAoJEGnF2JsdZQeewcYH/RhHdLa6x14PX+ZTC+sm1Mjc W1xBpOxMuBpAx3Li6INXXLvMablTgPIs5e3pbtsV0RYtsJy99JdPySPI8bpQu0Si CVWuXXSBYy2gdTtRAf6MI3j+oOyM1JhE7GunLBWcmAzv5TxS8TRf0HtNErFEe8NA StV8QBWLErNyHxqjUQsIb5d1KbIbOysFQZy3O6pyZ6SRwr8tlIPKnY4KsaDYS5Ry tpv3lMysde5NqCy8BeOQEtW/WAmE7i9NCCNfU2L+OfGQOXIdXmKl7Orjj+d9l23L umGo9GCACvBVO1Ot6jKDlCW+ZuDRGuz+fhQnwOdyoqtwUwiNCsS6VIwuYYrcmxw= =wrny -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple iOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42314 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42314/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42314 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42314/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42314/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42314 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, or to compromise a user's system. For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4456 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority. Apple Mac OS X OpenSSL is prone to a security-bypass vulnerability. Successful exploit may allow attackers to potentially bypass the TLS authentication or spoof a certificate. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. OpenSSL is an open source SSL implementation, used to implement high-strength encryption of network communications, and is now widely used in various network applications

The D-Link DIR-300 is a wireless router device. When an attacker accesses the D-Link DIR-300, he or she can exploit the vulnerability bypass authentication for management configuration. The control panel script tools_admin.php allows an attacker to change the administrator's name, password, and other variables. An unauthorized attacker can send a specially crafted HTTP POST request to change these parameters: POST http://192.168.1.1:80/tools_admin.php HTTP/ 1.1Host: 192.168.1.2Keep-Alive: 115Content-Type: application/x-www-form-urlencodedContent-length: 0ACTION_POST=LOGIN&LOGIN_USER=a&LOGIN_PASSWD=b&login=+Log+In+&NO_NEED_AUTH=1&AUTH_GROUP=0&admin_name=admin&admin_password1=uhOHahEh. Remote attackers can exploit these issues to bypass security restrictions, access certain administrative functions, alter configuration, and compromise the affected device. D-Link DIR-300 running firmware 2.01B1, 1.04, 1.05 are vulnerable. Additional models and firmware versions may also be affected

Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability.". This is a non-persistent cross-site scripting vulnerability that allows an attacker to send commands to a UAG server in the target user context. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. Remote attackers can inject arbitrary web scripts or HTML with unknown vectors. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-313A Microsoft Updates for Multiple Vulnerabilities Original release date: November 09, 2010 Last revised: -- Source: US-CERT Systems Affected * Microsoft Forefront United Access Gateway * Microsoft Office Overview There are multiple vulnerabilities in Microsoft Office, and Microsoft Forefront United Access Gateway. Microsoft has released updates to address these vulnerabilities. I. Microsoft has released updates to address the vulnerabilities. II. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2010. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for November 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-313A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA10-313A Feedback VU#885756" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History November 09, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTNnAcT6pPKYJORa3AQL5sAf+M/weZ9AAw0AHsHEvP6YONTiKyN/cXWr/ qwX6gVDZcU0VTbDRGrLxuCPwAkF/EpWEX0TeYlGmv67az5lQgnKoDZxPYRi8yCHy +DxC0RDcZJssjilanhbk/8UlECeKZDrED/wFbXxvReyUffYXjgbWPh+a5Fe8Mwbq BpmCcmSTqFq53RLwn8c6li7cFtah0zJ88NHACknC5PPjPNCmSsOiYZM3/mEEolIi OIQG3HOpV+XfzCsFGNPT5rm+9xvXIseFibSJcp+OtUBS81sPO63tJiPbsvLDwmbD 1Dgu2MPusnokIVDSB0LLf3IIkpf1vAh6Idkilhf/FfThHa9VCOUcoA== =Xbxy -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42131 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42131/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42131 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/42131/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42131/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42131 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Forefront Unified Access Gateway (UAG), which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks. 1) A weakness in UAG allows redirecting users to an untrusted site e.g. spoofing a legitimate UAG Web interface. 2) Unspecified input is not properly sanitised before being returned to the user. 3) Unspecified input passed to the UAG Mobile Portal website is not properly sanitised before being returned to the user. 4) Unspecified input passed to Signurl.asp is not properly sanitised before being returned to the user. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS10-089 (KB2316074, KB2418933, KB2433584, KB2433585): http://www.microsoft.com/technet/security/Bulletin/MS10-089.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability.". This is a non-persistent cross-site scripting vulnerability that allows an attacker to send commands to a UAG server in the target user context. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-313A Microsoft Updates for Multiple Vulnerabilities Original release date: November 09, 2010 Last revised: -- Source: US-CERT Systems Affected * Microsoft Forefront United Access Gateway * Microsoft Office Overview There are multiple vulnerabilities in Microsoft Office, and Microsoft Forefront United Access Gateway. Microsoft has released updates to address these vulnerabilities. I. Microsoft has released updates to address the vulnerabilities. II. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2010. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for November 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-313A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA10-313A Feedback VU#885756" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History November 09, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTNnAcT6pPKYJORa3AQL5sAf+M/weZ9AAw0AHsHEvP6YONTiKyN/cXWr/ qwX6gVDZcU0VTbDRGrLxuCPwAkF/EpWEX0TeYlGmv67az5lQgnKoDZxPYRi8yCHy +DxC0RDcZJssjilanhbk/8UlECeKZDrED/wFbXxvReyUffYXjgbWPh+a5Fe8Mwbq BpmCcmSTqFq53RLwn8c6li7cFtah0zJ88NHACknC5PPjPNCmSsOiYZM3/mEEolIi OIQG3HOpV+XfzCsFGNPT5rm+9xvXIseFibSJcp+OtUBS81sPO63tJiPbsvLDwmbD 1Dgu2MPusnokIVDSB0LLf3IIkpf1vAh6Idkilhf/FfThHa9VCOUcoA== =Xbxy -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42131 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42131/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42131 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/42131/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42131/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42131 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Forefront Unified Access Gateway (UAG), which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks. 1) A weakness in UAG allows redirecting users to an untrusted site e.g. spoofing a legitimate UAG Web interface. 2) Unspecified input is not properly sanitised before being returned to the user. 3) Unspecified input passed to the UAG Mobile Portal website is not properly sanitised before being returned to the user. 4) Unspecified input passed to Signurl.asp is not properly sanitised before being returned to the user. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS10-089 (KB2316074, KB2418933, KB2433584, KB2433585): http://www.microsoft.com/technet/security/Bulletin/MS10-089.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability.". Microsoft Forefront Unified Access Gateway is a Microsoft SSL VPN gateway server. This is a non-persistent cross-site scripting vulnerability that allows an attacker to send commands to a UAG server in the target user context. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-313A Microsoft Updates for Multiple Vulnerabilities Original release date: November 09, 2010 Last revised: -- Source: US-CERT Systems Affected * Microsoft Forefront United Access Gateway * Microsoft Office Overview There are multiple vulnerabilities in Microsoft Office, and Microsoft Forefront United Access Gateway. Microsoft has released updates to address these vulnerabilities. I. Microsoft has released updates to address the vulnerabilities. II. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2010. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for November 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-313A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA10-313A Feedback VU#885756" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History November 09, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTNnAcT6pPKYJORa3AQL5sAf+M/weZ9AAw0AHsHEvP6YONTiKyN/cXWr/ qwX6gVDZcU0VTbDRGrLxuCPwAkF/EpWEX0TeYlGmv67az5lQgnKoDZxPYRi8yCHy +DxC0RDcZJssjilanhbk/8UlECeKZDrED/wFbXxvReyUffYXjgbWPh+a5Fe8Mwbq BpmCcmSTqFq53RLwn8c6li7cFtah0zJ88NHACknC5PPjPNCmSsOiYZM3/mEEolIi OIQG3HOpV+XfzCsFGNPT5rm+9xvXIseFibSJcp+OtUBS81sPO63tJiPbsvLDwmbD 1Dgu2MPusnokIVDSB0LLf3IIkpf1vAh6Idkilhf/FfThHa9VCOUcoA== =Xbxy -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42131 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42131/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42131 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/42131/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42131/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42131 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Forefront Unified Access Gateway (UAG), which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks. 1) A weakness in UAG allows redirecting users to an untrusted site e.g. spoofing a legitimate UAG Web interface. 2) Unspecified input is not properly sanitised before being returned to the user. 3) Unspecified input passed to the UAG Mobile Portal website is not properly sanitised before being returned to the user. 4) Unspecified input passed to Signurl.asp is not properly sanitised before being returned to the user. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS10-089 (KB2316074, KB2418933, KB2433584, KB2433585): http://www.microsoft.com/technet/security/Bulletin/MS10-089.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability.". Microsoft Forefront Unified Access Gateway is a Microsoft SSL VPN gateway server. An attacker can send a specially crafted URL to a user of the UAG server, redirecting the WEB to a malicious site with a content similar to the original website, so that the attacker can obtain sensitive information, such as the user's credential information. An attacker can exploit this issue to spoof a UAG server or redirect legitimate network traffic intended for a UAG server. This may allow the attacker to masquerade as a legitimate server, aiding in further attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. Microsoft has released updates to address these vulnerabilities. I. Microsoft has released updates to address the vulnerabilities. II. Impact A remote, unauthenticated attacker could execute arbitrary code or gain unauthorized access to your files or system. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2010. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for November 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-313A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA10-313A Feedback VU#885756" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History November 09, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTNnAcT6pPKYJORa3AQL5sAf+M/weZ9AAw0AHsHEvP6YONTiKyN/cXWr/ qwX6gVDZcU0VTbDRGrLxuCPwAkF/EpWEX0TeYlGmv67az5lQgnKoDZxPYRi8yCHy +DxC0RDcZJssjilanhbk/8UlECeKZDrED/wFbXxvReyUffYXjgbWPh+a5Fe8Mwbq BpmCcmSTqFq53RLwn8c6li7cFtah0zJ88NHACknC5PPjPNCmSsOiYZM3/mEEolIi OIQG3HOpV+XfzCsFGNPT5rm+9xvXIseFibSJcp+OtUBS81sPO63tJiPbsvLDwmbD 1Dgu2MPusnokIVDSB0LLf3IIkpf1vAh6Idkilhf/FfThHa9VCOUcoA== =Xbxy -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42131 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42131/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42131 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/42131/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42131/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42131 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Forefront Unified Access Gateway (UAG), which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks. 1) A weakness in UAG allows redirecting users to an untrusted site e.g. spoofing a legitimate UAG Web interface. 2) Unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Unspecified input passed to the UAG Mobile Portal website is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Unspecified input passed to Signurl.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS10-089 (KB2316074, KB2418933, KB2433584, KB2433585): http://www.microsoft.com/technet/security/Bulletin/MS10-089.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver Composition Environment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sapstartsrv.exe process which listens by default on ports 50013 and 50113. A malformed SOAP request (via POST) can be used to reach an unbounded copy loop which results in attacker-supplied data being written into existing function pointers. It is possible for a remote attacker to leverage this vulnerability to execute arbitrary code. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SAP NetWeaver Composition Environment Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA42110 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42110/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42110 RELEASE DATE: 2010-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/42110/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42110/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42110 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SAP NetWeaver, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the NetWeaver Composition Environment component when processing SOAP requests within sapstartsrv.exe. This can be exploited to e.g. overwrite certain function pointers and execute arbitrary code by sending specially crafted SOAP requests to port 50013 or 50113. SOLUTION: Reportedly, a patch is available via SAP Note 1414444. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: AbdulAziz Hariri, reported via ZDI ORIGINAL ADVISORY: http://www.zerodayinitiative.com/advisories/ZDI-10-236/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -- Vendor Response: SAP states: A solution was provided via SAP note 1414444 https://service.sap.com/sap/support/notes/1414444 -- Disclosure Timeline: 2010-10-18 - Vulnerability reported to vendor 2010-11-08 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * AbdulAziz Hariri -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi

The SAP NetWeaver Composition Environment provides a set of tools for developing, running, and managing SOA-based composite applications. The SAP NetWeaver Composition Environment defaults to a security vulnerability in the sapstartsrv.exe process on ports 50013 and 50113. If a user submits a malformed SOAP request through a POST request, it may result in writing controllable data to an existing function pointer. An attacker can exploit this issue to execute arbitrary code with user-level privileges. Failed exploit attempts will result in a denial-of-service condition

Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document. Apple Mac OS X is prone to a remote code-execution vulnerability that exists in the ATSServer component. An attacker can exploit this issue by enticing an unsuspecting victim to do one of the following: 1. Create a thumbnail of an image file. 2. Open an image using the Preview application. 3. View a file that is hosted on a webserver. 4. View an embedded file contained in an email. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue only affects Apple Mac OS X 10.5. NOTE: This issue may be related to a vulnerability discussed in BID 42241 (FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities)

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. The 'libxml2' library is prone to a memory-corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a specially crafted XML file. A successful attack can allow attacker-supplied code to run in the context of the application using the vulnerable library or can cause a denial-of-service condition. 'libxml2' versions prior to 2.7.8 are affected. Google Chrome is an open source web browser released by Google. Libxml2 is a C language-based function library for parsing XML documents developed by the GNOME project team. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. A remote attacker could use vectors related to XPath processing to cause a denial of service or possibly other unspecified effects. 6) - i386, x86_64 3. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. This update also fixes the following bugs: * A number of patches have been applied to harden the XPath processing code in libxml2, such as fixing memory leaks, rounding errors, XPath numbers evaluations, and a potential error in encoding conversion. The desktop must be restarted (log out, then log back in) for this update to take effect. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42472 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42472/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42472 RELEASE DATE: 2010-12-04 DISCUSS ADVISORY: http://secunia.com/advisories/42472/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42472/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42472 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities and weaknesses have been reported in Google Chrome, where some have an unknown impact and other can potentially be exploited by malicious people to compromise a vulnerable system. 1) An unspecified error exists, which can lead to cross-origin video theft with canvas. 2) An unspecified error can be exploited to cause a crash with HTML5 databases. 3) An unspecified error can be exploited to cause excessive file dialogs, potentially leading to a crash. 4) A use-after-free error in the history handling can be exploited to corrupt memory. 5) An unspecified error related to HTTP proxy authentication can be exploited to cause a crash. 6) An unspecified error in WebM video support can be exploited to trigger an out-of-bounds read. 7) An error related to incorrect indexing with malformed video data can be exploited to cause a crash. 8) An unspecified error in the handling of privileged extensions can be exploited to corrupt memory. 9) An use-after-free error in the handling of SVG animations can be exploited to corrupt memory. 10) A use-after-free error in the mouse dragging event handling can be exploited to corrupt memory. 11) A double-free error in the XPath handling can be exploited to corrupt memory. SOLUTION: Fixed in version 8.0.552.215. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) 2) Google Chrome Security Team (Inferno) 3) Cezary Tomczak (gosu.pl) 4) Stefan Troger 5) Mohammed Bouhlel 6) Google Chrome Security Team (Chris Evans) 7) miaubiz 8, 10) kuzzcc 9) S&#322;awomir B&#322;a&#380;ek 11) Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Relevant releases ESX 5.0 without patch ESXi500-201207101-SG 3. Problem Description a. ESXi update to third party component libxml2 The libxml2 third party library has been updated which addresses multiple security issues The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4008, CVE-2010-4494, CVE-2011-0216, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2012-0841 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ========== ======== ======== ================= vCenter any Windows not affected hosted * any any not affected ESXi 5.0 any ESXi500-201207101-SG ESXi 4.1 any patch pending ESXi 4.0 any patch pending ESXi 3.5 any patch pending ESX any any not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. Note: "patch pending" means that the product is affected, but no patch is currently available. The advisory will be updated when a patch is available. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. ESXi 5.0 -------- ESXi500-201207001 md5sum: 01196c5c1635756ff177c262cb69a848 sha1sum: 85936f5439100cd5fb55c7add574b5b3b937fe86 http://kb.vmware.com/kb/2020571 ESXi500-201207001 contains ESXi500-201207101-SG 5. Change log 2012-07-12 VMSA-2012-0012 Initial security advisory in conjunction with the release of a patch for ESXi 5.0 on 2012-07-12. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2012 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: mingw32-libxml2 security update Advisory ID: RHSA-2013:0217-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0217.html Issue date: 2013-01-31 CVE Names: CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 CVE-2011-3102 CVE-2011-3905 CVE-2011-3919 CVE-2012-0841 CVE-2012-5134 ===================================================================== 1. Summary: Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis 665963 - CVE-2010-4494 libxml2: double-free in XPath processing code 709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets 724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding 735712 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT 735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT 767387 - CVE-2011-3905 libxml2 out of bounds read 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name 787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS 822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation 880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4008.html https://www.redhat.com/security/data/cve/CVE-2010-4494.html https://www.redhat.com/security/data/cve/CVE-2011-0216.html https://www.redhat.com/security/data/cve/CVE-2011-1944.html https://www.redhat.com/security/data/cve/CVE-2011-2821.html https://www.redhat.com/security/data/cve/CVE-2011-2834.html https://www.redhat.com/security/data/cve/CVE-2011-3102.html https://www.redhat.com/security/data/cve/CVE-2011-3905.html https://www.redhat.com/security/data/cve/CVE-2011-3919.html https://www.redhat.com/security/data/cve/CVE-2012-0841.html https://www.redhat.com/security/data/cve/CVE-2012-5134.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRCujqXlSAg2UNWIIRAq0HAJ41YXDqlCpJkg97YuQmaF2MqKDIpACgn5j7 sLTqWGtUMTYIUvLH8YXGFX4= =rOjB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2128-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano December 01, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : libxml2 Vulnerability : invalid memory access Problem type : local (remote) Debian-specific: no CVE ID : CVE-2010-4008 Bui Quang Minh discovered that libxml2, a library for parsing and handling XML data files, does not well process a malformed XPATH, causing crash and allowing arbitrary code execution. For the testing (squeeze) and unstable (sid) distribution, this problem has been fixed in version 2.7.8.dfsg-1. We recommend that you upgrade your libxml2 package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg.orig.tar.gz Size/MD5 checksum: 3425843 bb11c95674e775b791dab2d15e630fa4 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2.dsc Size/MD5 checksum: 1985 e1a498ed2e38225c5d10aaf834d9e0b9 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2.diff.gz Size/MD5 checksum: 83947 7af1ff46c9cacd57e7f977b295b39084 Architecture independent packages: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5+lenny2_all.deb Size/MD5 checksum: 1307172 ceec72214783bdfc9d7643ea31a61d50 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_alpha.deb Size/MD5 checksum: 920664 429d086d4861511c6d9130bd7a165698 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_alpha.deb Size/MD5 checksum: 856680 fccba5f6884b74e873730e3140e0bad5 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_alpha.deb Size/MD5 checksum: 920616 33f850cafef51a45ef04714c9900e737 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_alpha.deb Size/MD5 checksum: 292784 2f2ad873f9f50a0400960264ba823aec http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_alpha.deb Size/MD5 checksum: 38026 e3f0bf3fe0f804bcd39df854e420cee6 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_amd64.deb Size/MD5 checksum: 988474 ea406c325fe1d3cf8e80eed39ff61f7e http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_amd64.deb Size/MD5 checksum: 295940 2a1754d35048a827dfeac4ee25f238d5 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_amd64.deb Size/MD5 checksum: 37328 0b6af9c052e005c439658215027eeead http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_amd64.deb Size/MD5 checksum: 774114 0c714b77c96e4d840048edbce00d959f http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_amd64.deb Size/MD5 checksum: 860726 cf7d9638a12709f527898f9c91ec389d arm architecture (ARM) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_arm.deb Size/MD5 checksum: 246210 484d790396e82318e4eb5e38903497d9 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_arm.deb Size/MD5 checksum: 898986 5cbab6f3b7fa8df4a406d03eaa5762a2 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_arm.deb Size/MD5 checksum: 685530 9b9ea967472806e4f4b0d713d7198706 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_arm.deb Size/MD5 checksum: 782546 1dec5ad219c1f69439936f172323b4d3 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_arm.deb Size/MD5 checksum: 35174 f15d1f05b68e8299b2084315feea6078 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_armel.deb Size/MD5 checksum: 247756 4809a4f17729bfec952e25aeff5f612b http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_armel.deb Size/MD5 checksum: 906754 ee3e37855a6699771d3612180632a1df http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_armel.deb Size/MD5 checksum: 790732 0df793cc442fd5aff099c60852cfd031 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_armel.deb Size/MD5 checksum: 34258 95bb668363b085e6fea0848444ff0a42 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_armel.deb Size/MD5 checksum: 692210 acb1820adf968e8011d16b94cdc6d18c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_hppa.deb Size/MD5 checksum: 867348 656a379b6cd2f3bc167c4c580f4f9588 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_hppa.deb Size/MD5 checksum: 300124 646af54075ce65b1f318773e55f3b8ae http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_hppa.deb Size/MD5 checksum: 36974 6595d5ef74d9710d4498159da8fe8879 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_hppa.deb Size/MD5 checksum: 931526 94752ea0ec5e56c0ce2bfa6fd8ffc7c2 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_hppa.deb Size/MD5 checksum: 889446 3342e94f7cb0f5c89f4a95969750d6fe i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_i386.deb Size/MD5 checksum: 264698 ce75352a38803aa7d94111c44ccc7a30 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_i386.deb Size/MD5 checksum: 945316 95cf7cbbb06087b7f18c52f897b4ba78 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_i386.deb Size/MD5 checksum: 814750 df1f647ba1306ce5138b50f06089d3db http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_i386.deb Size/MD5 checksum: 698690 4e54bd82a4b679478806da0e14212268 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_i386.deb Size/MD5 checksum: 33754 92c4c50e1a3f6160ab72316d1cf678ba ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_ia64.deb Size/MD5 checksum: 48096 df26f8dc1b4e78de97d22fb6f328844d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_ia64.deb Size/MD5 checksum: 1144394 8a3e9d36f7bcebc74fe83f2f602197c6 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_ia64.deb Size/MD5 checksum: 1150678 6efac0dc67e48b20922bc321ad14b1ed http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_ia64.deb Size/MD5 checksum: 926300 8381127e0f7f55f23a5a798ec6a043b5 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_ia64.deb Size/MD5 checksum: 320066 c18be638d183a965bcff61cbef015b44 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_mipsel.deb Size/MD5 checksum: 975846 27602acbf39c6086b0ccccc2a075888c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_mipsel.deb Size/MD5 checksum: 809424 62a1a3153b1f2898bd36914b9d953a59 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_mipsel.deb Size/MD5 checksum: 821888 df10f6c3fa7dd05d6aeba73b8a82fe7a http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_mipsel.deb Size/MD5 checksum: 34188 489be157e2061a3e958a1c9693f6fb07 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_mipsel.deb Size/MD5 checksum: 252622 ffe51c47bcaa9883addae4da42850e8a powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_powerpc.deb Size/MD5 checksum: 950566 3ad6dc272c21e8f849fb06cca054dcd6 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_powerpc.deb Size/MD5 checksum: 42054 1b29e288243c30441833b359a36cd09f http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_powerpc.deb Size/MD5 checksum: 834730 e79241dec4e3e7328e305a8fb0505d18 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_powerpc.deb Size/MD5 checksum: 285718 df9b1705a6faea8bd1a3f0db9464f4c1 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_powerpc.deb Size/MD5 checksum: 789938 1831f4e506ea36d5d6dbf4af3864835e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_s390.deb Size/MD5 checksum: 38078 b238d71479ae8c7dfdce22b7b96e96f6 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_s390.deb Size/MD5 checksum: 297668 87fc74097472950250bdef49cfc1401d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_s390.deb Size/MD5 checksum: 854128 bba7607e556f4d03578a6fd7b206c542 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_s390.deb Size/MD5 checksum: 762632 aaf2e13c002c2128fd8f06b49e8b0079 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_s390.deb Size/MD5 checksum: 968000 20682a3eddbc11161cabe014eb67cc2f sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_sparc.deb Size/MD5 checksum: 36538 c94d075d63dfa8c35cdca960d12e1ba7 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_sparc.deb Size/MD5 checksum: 845248 9b9da876e13164f4346e7efcf9b94a96 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_sparc.deb Size/MD5 checksum: 279186 1f5a7299a4c7fbf27d73d017909679e9 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_sparc.deb Size/MD5 checksum: 727602 b1b0633a4bdb40f1e0a341a1b86c812c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_sparc.deb Size/MD5 checksum: 803608 8a339109db809222dd0dd9e795062fa2 These files will probably be moved into the stable distribution on its next update

Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. The problem is Bug ID CSCti45698 , CSCti45715 , CSCti45726 ,and CSCti46164 It is a problem.By a third party (1) HandleUpgradeAll , (2) AgentUpgrade , (3) HandleQueryNodeInfoReq , (4) HandleUpgradeTrace TCP Arbitrary code could be executed via overly long parameters in the packet. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When processing the HandleUpgradeAll packet type an unchecked copy of user supplied data is performed into a stack-based buffer of a controlled size. Successful exploitation of this vulnerability leads to remote code execution under the context of the SYSTEM user. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco Intelligent Contact Manager Setup Manager "Agent.exe" Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Intelligent Contact Manager Setup Manager, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within Agent.exe when handling the "HandleUpgradeAll" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 2) A boundary error within Agent.exe when handling the "AgentUpgrade" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 3) A boundary error within Agent.exe when handling the "HandleQueryNodeInfoReq" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. 4) A boundary error within Agent.exe when handling the "HandleUpgradeTrace" packet can be exploited to cause a stack-based buffer overflow via a specially crafted request sent to e.g. TCP port 40078. Please see the vendor's advisory for the list of affected versions. SOLUTION: The vendor recommends to delete the Agent.exe file or restrict network access to the affected service. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: sb, reported via ZDI. ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-232/ http://www.zerodayinitiative.com/advisories/ZDI-10-233/ http://www.zerodayinitiative.com/advisories/ZDI-10-234/ http://www.zerodayinitiative.com/advisories/ZDI-10-235/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-10-232: Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-232 November 7, 2010 -- CVE ID: CVE-2010-3040 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Cisco -- Affected Products: Cisco Unified Intelligent Contact Management -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9915. -- Vendor Response: Cisco has issued an update to correct this vulnerability. More details can be found at: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 -- Disclosure Timeline: 2010-06-01 - Vulnerability reported to vendor 2010-11-07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * sb -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi

AT-TFTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to retrieve arbitrary files outside of the FTP server root directory. This may aid in further attacks. AT-TFTP Server 1.8 is vulnerable; other versions may also be affected. RETIRED: This issue is retired because it is a duplicate of BID 11584.

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. Flash Player contains an access restriction bypass vulnerability. When Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file. Flash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed.Cross-domain policy restrictions can be bypassed by using a specially crafted web page. This could result in unauthorized access to website data. An attacker can exploit this issue to bypass certain policy restrictions, which may aid in further attacks. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it. Adobe Flash Player is a cross-platform, browser-based application that renders expressive applications, content, and video natively across screens and browsers. Remote web servers can bypass preset access restrictions with the help of unknown vectors. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02738731 Version: 1 HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Execution of Arbitrary Code, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-04-19 Last Updated: 2011-04-19 Potential Security Impact: Remote cross site scripting (XSS), cross site request forgery (CSRF), execution of arbitrary code, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), cross site request forgery (CSRF), execution of arbitrary code, and Denial of Service (DoS). HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows prior to v6.3 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2010-3636 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3637 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3638 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-3639 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3640 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3641 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3642 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3643 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3644 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3645 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3646 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3647 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3648 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3649 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3650 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3652 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-3976 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-1542 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-1543 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided HP SIM v6.3 or subsequent to resolve the vulnerabilities. HP SIM v6.3 for HP-UX, Linux, and Windows HP SIM v6.3 for HP-UX, Linux, and Windows is available here: http://h18013.www1.hp.com/products/servers/management/hpsim/ HP SIM v6.3 for Windows on Insight Software DVD In addition for Windows HP SIM v6.3 is available on DVD images. These are available for download here. http://h18013.www1.hp.com/products/servers/management/fpdownload.html MANUAL ACTIONS: Yes - NonUpdate For HP-UX, install HP SIM v6.3 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 ============= SysMgmtServer.MX-CMS SysMgmtServer.MX-CORE SysMgmtServer.MX-CORE-ARCH SysMgmtServer.MX-CORE-ARCH SysMgmtServer.MX-PORTAL SysMgmtServer.MX-REPO SysMgmtServer.MX-TOOLS action: install HP SIM v6.3 or subsequent END AFFECTED VERSIONS HISTORY Version: 1 (rev.1) - 19 April 2011 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk2t3CsACgkQ4B86/C0qfVnGsACfUBtF4ovPqqT+9fmlstfGZOEg Ys0AoM8ROq3gELhOLCPEYCca+qCkf+pn =x5Sc -----END PGP SIGNATURE----- . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-10.1.102.64" References ========== [ 1 ] APSB10-06 http://www.adobe.com/support/security/bulletins/apsb10-06.html [ 2 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 3 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 4 ] APSB10-22 http://www.adobe.com/support/security/bulletins/apsb10-22.html [ 5 ] APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html [ 6 ] CVE-2008-4546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546 [ 7 ] CVE-2009-3793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793 [ 8 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 9 ] CVE-2010-0187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187 [ 10 ] CVE-2010-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209 [ 11 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 12 ] CVE-2010-2160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160 [ 13 ] CVE-2010-2161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161 [ 14 ] CVE-2010-2162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162 [ 15 ] CVE-2010-2163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163 [ 16 ] CVE-2010-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164 [ 17 ] CVE-2010-2165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165 [ 18 ] CVE-2010-2166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166 [ 19 ] CVE-2010-2167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167 [ 20 ] CVE-2010-2169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169 [ 21 ] CVE-2010-2170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170 [ 22 ] CVE-2010-2171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171 [ 23 ] CVE-2010-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172 [ 24 ] CVE-2010-2173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173 [ 25 ] CVE-2010-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174 [ 26 ] CVE-2010-2175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175 [ 27 ] CVE-2010-2176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176 [ 28 ] CVE-2010-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177 [ 29 ] CVE-2010-2178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178 [ 30 ] CVE-2010-2179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179 [ 31 ] CVE-2010-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180 [ 32 ] CVE-2010-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181 [ 33 ] CVE-2010-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182 [ 34 ] CVE-2010-2183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183 [ 35 ] CVE-2010-2184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184 [ 36 ] CVE-2010-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185 [ 37 ] CVE-2010-2186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186 [ 38 ] CVE-2010-2187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187 [ 39 ] CVE-2010-2188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188 [ 40 ] CVE-2010-2189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189 [ 41 ] CVE-2010-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213 [ 42 ] CVE-2010-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214 [ 43 ] CVE-2010-2215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215 [ 44 ] CVE-2010-2216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216 [ 45 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 46 ] CVE-2010-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636 [ 47 ] CVE-2010-3639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639 [ 48 ] CVE-2010-3640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640 [ 49 ] CVE-2010-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641 [ 50 ] CVE-2010-3642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642 [ 51 ] CVE-2010-3643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643 [ 52 ] CVE-2010-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644 [ 53 ] CVE-2010-3645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645 [ 54 ] CVE-2010-3646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646 [ 55 ] CVE-2010-3647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647 [ 56 ] CVE-2010-3648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648 [ 57 ] CVE-2010-3649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649 [ 58 ] CVE-2010-3650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650 [ 59 ] CVE-2010-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652 [ 60 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 61 ] CVE-2010-3976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201101-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . For more information: SA38547 SA40026 SA40907 SA41434 SA41917 SOLUTION: Update to version "www-plugins/adobe-flash-10.1.102.64" or later. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for flash-plugin SECUNIA ADVISORY ID: SA42183 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42183/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42183 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42183/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42183/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42183 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. For more information: SA41917 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0829-1: https://rhn.redhat.com/errata/RHSA-2010-0829.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information. Adobe Acrobat and Reader are prone to multiple security vulnerabilities. Adobe released an advance advisory regarding multiple security vulnerabilities in Reader and Acrobat. The vendor indicates that these issues will be addressed in updates for Microsoft Windows and Mac platforms on Tuesday, November 16, 2010, and for UNIX platforms on Monday, November 30, 2010. This BID will be updated when the advisory is released. Adobe Reader and Acrobat 9.4 and earlier are vulnerable. Successful exploits may allow attackers to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. For more information: SA41340 SA41435 SA42030 SA42095 SOLUTION: Update to version "app-text/acroread-9.4.1" or later. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Adobe Reader Unspecified Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA42095 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42095/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42095 RELEASE DATE: 2010-11-05 DISCUSS ADVISORY: http://secunia.com/advisories/42095/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42095/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42095 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Adobe Reader, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an unspecified error when parsing PDF files and can be exploited to corrupt memory. The vulnerability is confirmed in version 9.4.0. SOLUTION: Do not open untrusted PDF files. PROVIDED AND/OR DISCOVERED BY: scup OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA42030 SA42095 SOLUTION: Updated packages are available via Red Hat Network. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.4.7" References ========== [ 1 ] CVE-2010-4091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4091 [ 2 ] CVE-2011-0562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0562 [ 3 ] CVE-2011-0563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0563 [ 4 ] CVE-2011-0565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0565 [ 5 ] CVE-2011-0566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0566 [ 6 ] CVE-2011-0567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0567 [ 7 ] CVE-2011-0570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0570 [ 8 ] CVE-2011-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0585 [ 9 ] CVE-2011-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0586 [ 10 ] CVE-2011-0587 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0587 [ 11 ] CVE-2011-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0588 [ 12 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 13 ] CVE-2011-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0590 [ 14 ] CVE-2011-0591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0591 [ 15 ] CVE-2011-0592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0592 [ 16 ] CVE-2011-0593 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0593 [ 17 ] CVE-2011-0594 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0594 [ 18 ] CVE-2011-0595 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0595 [ 19 ] CVE-2011-0596 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0596 [ 20 ] CVE-2011-0598 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0598 [ 21 ] CVE-2011-0599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0599 [ 22 ] CVE-2011-0600 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0600 [ 23 ] CVE-2011-0602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0602 [ 24 ] CVE-2011-0603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0603 [ 25 ] CVE-2011-0604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0604 [ 26 ] CVE-2011-0605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0605 [ 27 ] CVE-2011-0606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0606 [ 28 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 29 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 30 ] CVE-2011-2135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 31 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 32 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 33 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 34 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 35 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 36 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 37 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 38 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 39 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 40 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 41 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 42 ] CVE-2011-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2431 [ 43 ] CVE-2011-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2432 [ 44 ] CVE-2011-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2433 [ 45 ] CVE-2011-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2434 [ 46 ] CVE-2011-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2435 [ 47 ] CVE-2011-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2436 [ 48 ] CVE-2011-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2437 [ 49 ] CVE-2011-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2438 [ 50 ] CVE-2011-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2439 [ 51 ] CVE-2011-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2440 [ 52 ] CVE-2011-2441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2441 [ 53 ] CVE-2011-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2442 [ 54 ] CVE-2011-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2462 [ 55 ] CVE-2011-4369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4369 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-19.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930. Attackers can exploit this issue to gain administrative access to the affected device and execute arbitrary code with superuser privileges. Successful exploits will lead to the complete compromise of the device. This issue is tracked by Cisco Bug ID CSCti52041 and CSCti74930. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco Unified Communications Manager Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA42129 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42129/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42129 RELEASE DATE: 2010-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/42129/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42129/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42129 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Unified Communications Manager, which can be exploited by malicious users to gain escalated privileges. The vulnerability is caused due to an input validation error in the "/usr/local/cm/bin/pktCap_protectData" setuid program when processing options. This can be exploited e.g. Please see the vendor's advisory for details on affected versions. SOLUTION: Update to the latest version. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Knud Erik H\xf8jgaard, nSense ORIGINAL ADVISORY: Cisco: http://tools.cisco.com/security/center/viewAlert.x?alertId=21656 NSENSE-2010-003: http://www.nsense.fi/advisories/nsense_2010_003.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------