VARIoT IoT vulnerabilities database
| VAR-201211-0604 | No CVE | NETGEAR NTV300 NeoTV default unencrypted root account vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
NETGEAR NTV300 (NeoTV) is a set-top box device. By default, NETGEAR NTV300 (NeoTV) has a 'root' account with a blank password that an attacker can use to access the device.
| VAR-201211-0603 | No CVE | NETGEAR NTV300 NeoTV Wireless SSID System Call Injects Any Command Execution Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
NETGEAR NTV300 (NeoTV) is a set-top box device. NETGEAR NTV300 (NeoTV) has defects. The system() and popen() system calls use the device SSID and encryption key as part of the function call. Because these values are user controllable, the attacker is allowed to inject and execute arbitrary commands through the TV remote control. If the SSID is set to 'reboot', the device can be restarted.
| VAR-201211-0608 | No CVE | Multiple Vulnerabilities in Hitachi JP1/File Transmission Server/FTP |
CVSS V2: 9.0 CVSS V3: - Severity: High |
Hitachi JP1/File Transmission Server/FTP contains multiple vulnerabilities. * FTP Bounce Attack in PASV mode * Buffer overflow at file transmission * Defect of the account information check in user authenticationA remote attacker could access arbitrary files in system.
| VAR-201211-0316 | CVE-2012-3315 | IBM TFIM and TFIMBG Vulnerabilities that bypass security restrictions |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request. IBM Tivoli Federated Identity Manager is prone to an access-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and gain access to certain sensitive data; this may aid in launching further attacks.
IBM Tivoli Federated Identity Manager 6.1.1, 6.2.0, 6.2.1, and 6.2.2 are vulnerable. The product provides web and federated single sign-on (SSO) capabilities to users across multiple applications. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
IBM Tivoli Federated Identity Manager Management Console Access
Vulnerability
SECUNIA ADVISORY ID:
SA51163
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51163/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51163
RELEASE DATE:
2012-11-05
DISCUSS ADVISORY:
http://secunia.com/advisories/51163/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51163/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51163
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in IBM Tivoli Federated Identity
Manager, which can be exploited by malicious people to bypass certain
security restrictions.
The vulnerability is reported in versions 6.1.1, 6.2.0, 6.2.1, and
6.2.2.
SOLUTION:
Apply patches (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
IBM (IV26825, IV26826, IV26827):
http://www.ibm.com/support/docview.wss?uid=swg21615770
http://www.ibm.com/support/docview.wss?uid=swg21615772
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0147 | CVE-2012-6359 | IBM TFIM and TFIMBG In OpenID Vulnerability to forge provider data |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes. IBM Tivoli Federated Identity Manager is prone to a security-bypass vulnerability.
Successful exploits will allow attackers to bypass certain security restrictions, which may aid in further attacks. The product provides web and federated single sign-on (SSO) capabilities to users across multiple applications. A man-in-the-middle attacker could exploit this vulnerability to spoof OpenID provider data by embedding unsigned attributes. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Tivoli Federated Identity Manager OpenID Attribute Validation Bypass
Vulnerability
SECUNIA ADVISORY ID:
SA51212
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51212/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51212
RELEASE DATE:
2012-11-05
DISCUSS ADVISORY:
http://secunia.com/advisories/51212/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51212/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51212
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Tivoli Federated Identity
Manager, which can be exploited by malicious people to bypass certain
security restrictions.
The vulnerability is caused due to an error when validating certain
OpenID attributes and can be exploited to bypass the attribute
validation mechanism via a specially crafted OpenID request.
The vulnerability is reported in versions 6.2.0, 6.2.1, and 6.2.2.
SOLUTION:
Apply patches (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
IBM (IV23451, IV23452, IV23453):
http://www.ibm.com/support/docview.wss?uid=swg21615744
http://www.ibm.com/support/docview.wss?uid=swg21615748
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201211-0401 | CVE-2012-5673 | Adobe Flash Player and Adobe AIR Vulnerability in |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 has unknown impact and attack vectors. Adobe Flash Player and Adobe AIR Contains vulnerabilities that are unspecified.It may be affected unspecified.
The impact of this issue is currently unknown. We will update this BID when more information emerges. The product enables viewing of applications, content and video across screens and browsers. Attackers exploit this vulnerability with unknown impact and attack vectors
| VAR-201211-0377 | CVE-2012-5287 | Adobe Flash Player and Adobe AIR Vulnerable to buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. This vulnerability APSB12-22 This is a different vulnerability than other buffer overflow vulnerabilities listed on the list.An attacker could execute arbitrary code. The product enables viewing of applications, content and video across screens and browsers
| VAR-201211-0376 | CVE-2012-5286 | Adobe Flash Player and Adobe AIR Vulnerable to buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. This vulnerability APSB12-22 This is a different vulnerability than other buffer overflow vulnerabilities listed on the list.An attacker could execute arbitrary code. The product enables viewing of applications, content and video across screens and browsers
| VAR-201211-0371 | CVE-2012-5285 | Adobe Flash Player and Adobe AIR Vulnerable to buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. This vulnerability APSB12-22 This is a different vulnerability than other buffer overflow vulnerabilities listed on the list.An attacker could execute arbitrary code. The product enables viewing of applications, content and video across screens and browsers
| VAR-201211-0266 | CVE-2012-4948 | Fortigate UTM appliances share the same default CA certificate |
CVSS V2: 5.3 CVSS V3: - Severity: MEDIUM |
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities. The private key, which has been compromised, allows attackers to create and sign fake certificates. FortiGate of UTM The appliance includes CA There is a problem with the handling of the certificate. FortiGate of UTM The appliance is common by default CA It uses a certificate and its private key is publicly available on the web. Therefore, this CA All devices that use certificates may be affected by this vulnerability.Man-in-the-middle attacks by third parties (man-in-the-middle attack) May be eavesdropped on, or malware may be installed. Fortigate UTM appliances is prone to a security-bypass vulnerability.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks and gain access to sensitive information; other attacks are also possible. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration
| VAR-201211-0618 | No CVE | Parallels Plesk Panel Unspecified Security Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Parallels Plesk Panel is prone to an unspecified vulnerability.
Little is known about this issue or its effects at this time. We will update this BID as more information emerges.
| VAR-201211-0491 | No CVE | Hitachi JP1 / File Transmission Server / FTP Buffer Overflow Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Hitachi JP1 / File Transmission Server / FTP is a FTP-based file transfer server designed by Hitachi. There is an unknown error during Hitachi JP1 / File Transmission Server / FTP file transfer, which allows an attacker to exploit the vulnerability to perform a buffer overflow attack, which can execute arbitrary code in the application context. Hitachi JP1/File Transmission Server/FTP is prone to multiple security vulnerabilities including:
1. A security bypass vulnerability
2. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Hitachi JP1/File Transmission Server/FTP Security Bypass and Buffer
Overflow Vulnerabilities
SECUNIA ADVISORY ID:
SA51148
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51148/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51148
RELEASE DATE:
2012-11-01
DISCUSS ADVISORY:
http://secunia.com/advisories/51148/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51148/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51148
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in Hitachi JP1/File
Transmission Server/FTP, which can be exploited by malicious users to
bypass certain security restrictions and potentially compromise a
vulnerable system.
1) An unspecified error within the user authentication functionality
can be exploited to gain access to otherwise restricted files.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
Please see the vendor's advisory for a list of affected versions.
SOLUTION:
Apply updates (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Hitachi (HS12-022):
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-022/index.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201211-0425 | CVE-2012-1813 | C3-ilex EOScada Resource Management Error Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 12000. C3-ilex EOScada is a real-time Windows-based energy management system for SCADA systems such as hydropower and oil and gas. C3-ilex EOScada is prone to multiple security vulnerabilities.
Attackers can exploit these issues to cause denial-of-service conditions and disclose sensitive information; other attacks are also possible.
C3-ilex EOScada versions prior to 11.0.19.2 are vulnerable. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
EOScada Information Disclosure and Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA51171
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51171/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51171
RELEASE DATE:
2012-11-02
DISCUSS ADVISORY:
http://secunia.com/advisories/51171/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51171/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51171
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in EOScada, which can be
exploited by malicious people to disclose potentially sensitive
information and cause a DoS (Denial of Service).
4) An error in eosfailoverservice.exe can be exploited to cause the
service to return unspecified data in clear text.
SOLUTION:
Update to version 11.0.19.2.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Dale Peterson, Digital Bond.
ORIGINAL ADVISORY:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-271-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201211-0424 | CVE-2012-1812 | C3-ilex EOScada of eosfailoverservice.exe Vulnerability in obtaining important plaintext information |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to obtain sensitive cleartext information via a session on TCP port 12000. C3-ilex EOScada is a real-time Windows-based energy management system for SCADA systems such as hydropower and oil and gas. C3-ilex EOScada is prone to multiple security vulnerabilities.
Attackers can exploit these issues to cause denial-of-service conditions and disclose sensitive information; other attacks are also possible.
C3-ilex EOScada versions prior to 11.0.19.2 are vulnerable. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
EOScada Information Disclosure and Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA51171
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51171/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51171
RELEASE DATE:
2012-11-02
DISCUSS ADVISORY:
http://secunia.com/advisories/51171/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51171/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51171
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in EOScada, which can be
exploited by malicious people to disclose potentially sensitive
information and cause a DoS (Denial of Service).
1) An error in "EOS Core Scada.exe" when processing certain data can
be exploited to cause a crash via random data sent to TCP port 5050
or 24004.
2) An error in EOSDataServer.exe when processing certain data can be
exploited to cause a resource management error via large amount of
data sent to TCP port 24006.
3) An error in eosfailoverservice.exe when processing certain data
can be exploited to cause a resource management error via large
amount of data sent to TCP port 12000.
4) An error in eosfailoverservice.exe can be exploited to cause the
service to return unspecified data in clear text.
SOLUTION:
Update to version 11.0.19.2.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Dale Peterson, Digital Bond.
ORIGINAL ADVISORY:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-271-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201211-0423 | CVE-2012-1811 | C3-ilex EOScada Resource Management Error Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 24006. C3-ilex EOScada is a real-time Windows-based energy management system for SCADA systems such as hydropower and oil and gas. C3-ilex EOScada is prone to multiple security vulnerabilities.
Attackers can exploit these issues to cause denial-of-service conditions and disclose sensitive information; other attacks are also possible.
C3-ilex EOScada versions prior to 11.0.19.2 are vulnerable. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
EOScada Information Disclosure and Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA51171
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51171/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51171
RELEASE DATE:
2012-11-02
DISCUSS ADVISORY:
http://secunia.com/advisories/51171/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51171/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51171
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in EOScada, which can be
exploited by malicious people to disclose potentially sensitive
information and cause a DoS (Denial of Service).
4) An error in eosfailoverservice.exe can be exploited to cause the
service to return unspecified data in clear text.
SOLUTION:
Update to version 11.0.19.2.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Dale Peterson, Digital Bond.
ORIGINAL ADVISORY:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-271-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201211-0422 | CVE-2012-1810 | C3-ilex EOScada Access control vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service (daemon restart) by sending data to TCP port (1) 5050 or (2) 24004. C3-ilex EOScada is a real-time Windows-based energy management system for SCADA systems such as hydropower and oil and gas. C3-ilex EOScada is prone to multiple security vulnerabilities.
Attackers can exploit these issues to cause denial-of-service conditions and disclose sensitive information; other attacks are also possible.
C3-ilex EOScada versions prior to 11.0.19.2 are vulnerable. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
EOScada Information Disclosure and Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA51171
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51171/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51171
RELEASE DATE:
2012-11-02
DISCUSS ADVISORY:
http://secunia.com/advisories/51171/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51171/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51171
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in EOScada, which can be
exploited by malicious people to disclose potentially sensitive
information and cause a DoS (Denial of Service).
4) An error in eosfailoverservice.exe can be exploited to cause the
service to return unspecified data in clear text.
SOLUTION:
Update to version 11.0.19.2.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Dale Peterson, Digital Bond.
ORIGINAL ADVISORY:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-271-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201211-0321 | CVE-2012-3750 | Apple iOS 6.0.1 Vulnerabilities that can bypass passcode requests in less than passcode lock implementations |
CVSS V2: 3.6 CVSS V3: - Severity: LOW |
The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to a local security-bypass vulnerability.
An attacker with physical access to the affected device can exploit this issue to access user data without entering a passcode.
The issue is fixed in Apple iOS 6.0.1. Adjacent attackers could exploit this vulnerability to gain access to Passbooks via an unknown vector, bypassing the destination password requirement. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-11-01-1 iOS 6.0.1
iOS 6.0.1 is now available and addresses the following:
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2012-3749 : Mark Dowd of Azimuth Security, Eric Monti of Square,
and additional anonymous researchers
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
access Passbook passes without entering a passcode
Description: A state management issue existed in the handling of
Passbook passes at the lock screen. This issue was addressed through
improved handling of Passbook passes.
CVE-ID
CVE-2012-3750 : Anton Tsviatkou
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A time of check to time of use issue existed in the
handling of JavaScript arrays. This issue was addressed through
additional validation of JavaScript arrays.
CVE-ID
CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working
with HP TippingPoint's Zero Day Initiative
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue existed in the handling of SVG
images. This issue was addressed through improved memory handling.
CVE-ID
CVE-2012-5112 : Pinkie Pie working with Google's Pwnium 2 contest
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device. The version after applying this update
will be "6.0.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQkZabAAoJEPefwLHPlZEwr00P/204OjJMiHe2I/bhwLanLfxw
NEm7Ds0rBTZo7pA2mjeabUO1QpjeIZptMxtAD3p769KVd+eF9NO8ap3OaKzzhb2B
uKvaiyLRcUG0mQh87e0K9hiZdU6N8yyBpoodK4/7vJFVDqxqlanmS/ewIPtG+a4L
aIZcuy7ats8djpTd2tjVUGHhvtkX5exzU8+/F+ajISYMxQqYa26sAvAobJTvQWAx
v9fanfgpE+hVXSH879yJlHIh7H64YhA8M+qQEzW2fz/YRXP/YC2tlFxvVUzB5Lyj
uR2ER9MLi02rbJQbYzMEooWq2niPlh+c2LG+5KAqCGUGHWomTbeWui/yS27uQLrJ
sbkpkaZuJPL5d1Mn9x70hlWyB6jpbfwsBw+H9XPYtHk1YhslYofNCdShJc8RNtME
NSXjU2MBnga1KcQI9Kyyt6OfmGYqRKWqcX+xPuPhKdTCM3S4c6M1UgiVJgeQh5+f
Wu87jgZ45CSiu28M2XN6wNKJflhrGpxBYdIGJHsYxu9lfh3WUFpr14NFpe//MChS
Xhtiq9Neo+UqcYH1xV40FESHRy3iSe3jj2kJceUxvu0juLEdkYZu4aVp+2nCQokl
akQ7iOvcE4l42LpO9GiVfo2PgtyH4vq5gyzpWRWtjhi3F6HDWY3yFBciYlzy0qsu
am5QBITYy5QuxM/Pg+MO
=eLYi
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA51162
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51162/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51162
RELEASE DATE:
2012-11-02
DISCUSS ADVISORY:
http://secunia.com/advisories/51162/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51162/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51162
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose certain system information and compromise a vulnerable
device.
1) The weakness is caused due to an error within the kernel when
handling certain APIs and can be exploited to disclose the
OSBundleMachOHeaders key, which includes kernel addresses.
3) Some vulnerabilities exist due to a bundled vulnerable version of
the WebKit component.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Mark Dowd of Azimuth Security, Eric Monti of Square, and anonymous
people
2) Anton Tsviatkou
ORIGINAL ADVISORY:
APPLE-SA-2012-11-01-1:
http://support.apple.com/kb/HT5567
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201211-0319 | CVE-2012-3748 | Apple iOS Used in products such as WebKit Vulnerable to arbitrary code execution |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Array objects. When splicing a sparse array, the size of a sparse array is not properly validated. In addition, parameters checked at the beginning of a function are never again validated despite being modified later on. By abusing this behavior an attacker can ensure this memory is under control and leverage the situation to achieve remote code execution. WebKit is prone to remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A race condition vulnerability exists in WebKit in Apple iOS versions prior to 6.0.1 and Safari versions prior to 6.0.2.
For OS X Mountain Lion systems Safari 6.0.2 is available via
Mac App Store.
CVE-ID
CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working
with HP TippingPoint's Zero Day Initiative
Installation note:
Apple TV will periodically check for software updates. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-11-01-1 iOS 6.0.1
iOS 6.0.1 is now available and addresses the following:
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2012-3749 : Mark Dowd of Azimuth Security, Eric Monti of Square,
and additional anonymous researchers
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
access Passbook passes without entering a passcode
Description: A state management issue existed in the handling of
Passbook passes at the lock screen. This issue was addressed through
improved handling of Passbook passes.
CVE-ID
CVE-2012-3750 : Anton Tsviatkou
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A time of check to time of use issue existed in the
handling of JavaScript arrays. This issue was addressed through
additional validation of JavaScript arrays.
CVE-ID
CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working
with HP TippingPoint's Zero Day Initiative
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue existed in the handling of SVG
images. This issue was addressed through improved memory handling.
CVE-ID
CVE-2012-5112 : Pinkie Pie working with Google's Pwnium 2 contest
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "6.0.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQkZabAAoJEPefwLHPlZEwr00P/204OjJMiHe2I/bhwLanLfxw
NEm7Ds0rBTZo7pA2mjeabUO1QpjeIZptMxtAD3p769KVd+eF9NO8ap3OaKzzhb2B
uKvaiyLRcUG0mQh87e0K9hiZdU6N8yyBpoodK4/7vJFVDqxqlanmS/ewIPtG+a4L
aIZcuy7ats8djpTd2tjVUGHhvtkX5exzU8+/F+ajISYMxQqYa26sAvAobJTvQWAx
v9fanfgpE+hVXSH879yJlHIh7H64YhA8M+qQEzW2fz/YRXP/YC2tlFxvVUzB5Lyj
uR2ER9MLi02rbJQbYzMEooWq2niPlh+c2LG+5KAqCGUGHWomTbeWui/yS27uQLrJ
sbkpkaZuJPL5d1Mn9x70hlWyB6jpbfwsBw+H9XPYtHk1YhslYofNCdShJc8RNtME
NSXjU2MBnga1KcQI9Kyyt6OfmGYqRKWqcX+xPuPhKdTCM3S4c6M1UgiVJgeQh5+f
Wu87jgZ45CSiu28M2XN6wNKJflhrGpxBYdIGJHsYxu9lfh3WUFpr14NFpe//MChS
Xhtiq9Neo+UqcYH1xV40FESHRy3iSe3jj2kJceUxvu0juLEdkYZu4aVp+2nCQokl
akQ7iOvcE4l42LpO9GiVfo2PgtyH4vq5gyzpWRWtjhi3F6HDWY3yFBciYlzy0qsu
am5QBITYy5QuxM/Pg+MO
=eLYi
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA51162
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51162/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51162
RELEASE DATE:
2012-11-02
DISCUSS ADVISORY:
http://secunia.com/advisories/51162/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51162/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51162
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose certain system information and compromise a vulnerable
device.
1) The weakness is caused due to an error within the kernel when
handling certain APIs and can be exploited to disclose the
OSBundleMachOHeaders key, which includes kernel addresses.
2) An error within the passcode lock component can be exploited to
gain access to Passbook passes.
3) Some vulnerabilities exist due to a bundled vulnerable version of
the WebKit component.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Mark Dowd of Azimuth Security, Eric Monti of Square, and anonymous
people
2) Anton Tsviatkou
ORIGINAL ADVISORY:
APPLE-SA-2012-11-01-1:
http://support.apple.com/kb/HT5567
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
+------------------------------------------------------------------------------+
| Packet Storm Advisory 2013-0903-1 |
| http://packetstormsecurity.com/ |
+------------------------------------------------------------------------------+
| Title: Apple Safari Heap Buffer Overflow |
+--------------------+---------------------------------------------------------+
| Release Date | 2013/09/03 |
| Advisory Contact | Packet Storm (advisories@packetstormsecurity.com) |
| Researcher | Vitaliy Toropov |
+--------------------+---------------------------------------------------------+
| System Affected | Apple Safari |
| Versions Affected | 6.0.1 for iOS 6.0 and OS X 10.7/8, possibly earlier |
| Related Advisory | APPLE-SA-2012-11-01-2 |
| Related CVE Number | CVE-2012-3748 |
| Vendor Patched | 2012/11/01 |
| Classification | 1-day |
+--------------------+---------------------------------------------------------+
+----------+
| OVERVIEW |
+----------+
The release of this advisory provides exploitation details in relation to a
known patched vulnerability in Apple Safari. These details were obtained
through the Packet Storm Bug Bounty program and are being released to the
community.
+------------------------------------------------------------------------------+
+---------+
| DETAILS |
+---------+
The heap memory buffer overflow vulnerability exists within the WebKit's
JavaScriptCore JSArray::sort(...) method. This method accepts the user-defined
JavaScript function and calls it from the native code to compare array items.
If this compare function reduces array length, then the trailing array items
will be written outside the "m_storage->m_vector[]" buffer, which leads to the
heap memory corruption.
The exploit for this vulnerability is a JavaScript code which shows how to
use it for memory corruption of internal JS objects (Unit32Array and etc.)
and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted
into the JS code).
+------------------------------------------------------------------------------+
+------------------+
| PROOF OF CONCEPT |
+------------------+
The full exploit code is available here:
http://packetstormsecurity.com/files/123088/
+------------------------------------------------------------------------------+
+---------------+
| RELATED LINKS |
+---------------+
http://lists.apple.com/archives/security-announce/2012/Nov/msg00001.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3748
+------------------------------------------------------------------------------+
+----------------+
| SHAMELESS PLUG |
+----------------+
The Packet Storm Bug Bounty program gives researchers the ability to profit
from their discoveries. You can get paid thousands of dollars for one day
and zero day exploits. In
certain contexts, an active network attacker could present untrusted
certificates to iTunes and they would be accepted without warning.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working
with HP TippingPoint's Zero Day Initiative
CVE-2012-5112 : Pinkie Pie working with Google's Pwnium 2 contest
CVE-2013-0879 : Atte Kettunen of OUSPG
CVE-2013-0912 : Nils and Jon from MWR Labs working with HP
TippingPoint's Zero Day Initiative
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0960 : Apple
CVE-2013-0961 : wushi of team509 working with iDefense VCP
CVE-2013-0991 : Jay Civelli of the Chromium development community
CVE-2013-0992 : Google Chrome Security Team (Martin Barbella)
CVE-2013-0993 : Google Chrome Security Team (Inferno)
CVE-2013-0994 : David German of Google
CVE-2013-0995 : Google Chrome Security Team (Inferno)
CVE-2013-0996 : Google Chrome Security Team (Inferno)
CVE-2013-0997 : Vitaliy Toropov working with HP TippingPoint's Zero
Day Initiative
CVE-2013-0998 : pa_kt working with HP TippingPoint's Zero Day
Initiative
CVE-2013-0999 : pa_kt working with HP TippingPoint's Zero Day
Initiative
CVE-2013-1000 : Fermin J
| VAR-201211-0320 | CVE-2012-3749 | Apple iOS and Apple TV In ASLR Vulnerabilities that circumvent protection mechanisms |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to an information-disclosure vulnerability.
Attackers can leverage this issue to gain access to sensitive information. Information obtained may aid in further attacks.
The issue is fixed in Apple iOS 6.0.1. A vulnerability exists in the extension APIs in the kernel in Apple iOS versions prior to 6.0.1. The vulnerability stems from providing a kernel address containing the OSBundleMachOHeaders keyword in the response.
CVE-ID
CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working
with HP TippingPoint's Zero Day Initiative
Installation note:
Apple TV will periodically check for software updates.
For more information:
SA51162
The vulnerabilities are reported in versions prior to 5.1.1. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device. The version after applying this update
will be "6.0.1". ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA51162
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51162/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51162
RELEASE DATE:
2012-11-02
DISCUSS ADVISORY:
http://secunia.com/advisories/51162/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51162/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51162
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose certain system information and compromise a vulnerable
device.
1) The weakness is caused due to an error within the kernel when
handling certain APIs and can be exploited to disclose the
OSBundleMachOHeaders key, which includes kernel addresses.
2) An error within the passcode lock component can be exploited to
gain access to Passbook passes.
3) Some vulnerabilities exist due to a bundled vulnerable version of
the WebKit component.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Mark Dowd of Azimuth Security, Eric Monti of Square, and anonymous
people
2) Anton Tsviatkou
ORIGINAL ADVISORY:
APPLE-SA-2012-11-01-1:
http://support.apple.com/kb/HT5567
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update
2013-001
OS X Mountain Lion v10.8.3 and Security Update 2013-001 is now
available and addresses the following:
Apache
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,
OS X Mountain Lion v10.8 to v10.8.2
Impact: An attacker may be able to access directories that are
protected with HTTP authentication without knowing the correct
credentials
Description: A canonicalization issue existed in the handling of
URIs with ignorable Unicode character sequences. This issue was
addressed by updating mod_hfs_apple to forbid access to URIs with
ignorable Unicode character sequences.
CVE-ID
CVE-2013-0966 : Clint Ruoho of Laconic Security
CoreTypes
Available for: OS X Lion v10.7 to v10.7.5,
OS X Lion Server v10.7 to v10.7.5,
OS X Mountain Lion v10.8 to v10.8.2
Impact: Visiting a maliciously crafted website could allow a Java
Web Start application to be launched automatically even if the Java
plug-in is disabled
Description: Java Web Start applications would run even if the Java
plug-in was disabled. This issue was addressed by removing JNLP files
from the CoreTypes safe file type list, so the Web Start application
will not be run unless the user opens it in the Downloads directory.
CVE-ID
CVE-2013-0967
International Components for Unicode
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,
OS X Mountain Lion v10.8 to v10.8.2
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Identity Services
Available for: OS X Lion v10.7 to v10.7.5,
OS X Lion Server v10.7 to v10.7.5,
OS X Mountain Lion v10.8 to v10.8.2
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
ImageIO
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,
OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted TIFF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of TIFF
images. This issue was addressed through additional validation of
TIFF images.
CVE-ID
CVE-2012-2088
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted image may lead to an
unexpected system termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
graphics data. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-0976 : an anonymous researcher
Kernel
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2012-3749 : Mark Dowd of Azimuth Security, Eric Monti of Square,
and additional anonymous researchers
Login Window
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: An attacker with keyboard access may modify the system
configuration
Description: A logic error existed in VoiceOver's handling of the
Login Window, whereby an attacker with access to the keyboard could
launch System Preferences and modify the system configuration. This
issue was addressed by preventing VoiceOver from launching
applications at the Login Window.
CVE-ID
CVE-2013-0969 : Eric A. Schulman of Purpletree Labs
Messages
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: Clicking a link from Messages may initiate a FaceTime call
without prompting
Description: Clicking on a specifically-formatted FaceTime:// URL in
Messages could bypass the standard confirmation prompt. This issue
was addressed by additional validation of FaceTime:// URLs.
CVE-ID
CVE-2013-0970 : Aaron Sigel of vtty.com
Messages Server
Available for: Mac OS X Server 10.6.8,
OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may reroute federated Jabber messages
Description: An issue existed in the Jabber server's handling of
dialback result messages. An attacker may cause the Jabber server to
disclose information intended for users of federated servers. This
issue was addressed through improved handling of dialback result
messages.
CVE-ID
CVE-2012-3525
PDFKit
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,
OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue existed in the handling of ink
annotations in PDF files. This issue was addressed through improved
memory management.
CVE-ID
CVE-2013-0971 : Tobias Klein working with HP TippingPoint's Zero Day
Initiative
Podcast Producer Server
Available for: Mac OS X Server 10.6.8,
OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type casting issue existed in Ruby on Rails' handling
of XML parameters. This issue was addressed by disabling XML
parameters in the Rails implementation used by Podcast Producer
Server.
CVE-ID
CVE-2013-0156
Podcast Producer Server
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type casting issue existed in Ruby on Rails' handling
of JSON data. This issue was addressed by switching to using the
JSONGem backend for JSON parsing in the Rails implementation used by
Podcast Producer Server.
CVE-ID
CVE-2013-0333
PostgreSQL
Available for: Mac OS X Server 10.6.8,
OS X Lion Server v10.7 to v10.7.5
Impact: Multiple vulnerabilities in PostgreSQL
Description: PostgreSQL was updated to version 9.1.5 to address
multiple vulnerabilities, the most serious of which may allow
database users to read files from the file system with the privileges
of the database server role account. Further information is available
via the PostgreSQL web site at
http://www.postgresql.org/docs/9.1/static/release-9-1-5.html
CVE-ID
CVE-2012-3488
CVE-2012-3489
Profile Manager
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type casting issue existed in Ruby on Rails' handling
of XML parameters. This issue was addressed by disabling XML
parameters in the Rails implementation used by Profile Manager.
CVE-ID
CVE-2013-0156
QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,
OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of 'rnet'
boxes in MP4 files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2012-3756 : Kevin Szkudlapski of QuarksLab
Ruby
Available for: Mac OS X Server 10.6.8
Impact: A remote attacker may be able to cause arbitrary code
execution if a Rails application is running
Description: A type casting issue existed in Ruby on Rails' handling
of XML parameters. This issue was addressed by disabling YAML and
symbols in XML parameters in Rails.
CVE-ID
CVE-2013-0156
Security
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,
OS X Mountain Lion v10.8 to v10.8.2
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
Software Update
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5
Impact: An attacker with a privileged network position may be able
to cause arbitrary code execution
Description: Software Update allowed a man in the middle attacker to
insert plugin content into the marketing text displayed for updates.
This may allow the exploitation of a vulnerable plugin, or facilitate
social engineering attacks involving plugins. This issue does not
affect OS X Mountain Lion systems. This issue was addressed by
preventing plugins from being loaded in Software Update's marketing
text WebView.
CVE-ID
CVE-2013-0973 : Emilio Escobar
Wiki Server
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type casting issue existed in Ruby on Rails' handling
of XML parameters. This issue was addressed by disabling XML
parameters in the Rails implementation used by Wiki Server.
CVE-ID
CVE-2013-0156
Wiki Server
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type casting issue existed in Ruby on Rails' handling
of JSON data. This issue was addressed by switching to using the
JSONGem backend for JSON parsing in the Rails implementation used by
Wiki Server.
CVE-ID
CVE-2013-0333
Malware removal
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,
OS X Mountain Lion v10.8 to v10.8.2
Description: This update runs a malware removal tool that will
remove the most common variants of malware. If malware is found, it
presents a dialog notifying the user that malware was removed. There
is no indication to the user if malware is not found.
Note: OS X Mountain Lion v10.8.3 includes the content of
Safari 6.0.3. For further details see "About the security content
of Safari 6.0.3" at http://http//support.apple.com/kb/HT5671
OS X Mountain Lion v10.8.3 and Security Update 2013-001 may be
obtained from the Software Update pane in System Preferences,
or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
OS X Mountain Lion v10.8.3, or Security Update
2013-001.
For OS X Mountain Lion v10.8.2
The download file is named: OSXUpd10.8.3.dmg
Its SHA-1 digest is: e6165572e9145ea05aac23fa30372a9b0a0bbf3c
For OS X Mountain Lion v10.8 and v10.8.1
The download file is named: OSXUpdCombo10.8.3.dmg
Its SHA-1 digest is: 1bc49fde5ff6e252aa7908b4cb1f9cb9c8a5fa29
For OS X Lion v10.7.5
The download file is named: SecUpd2013-001.dmg
Its SHA-1 digest is: 5bc540a208c720fce3448f853d852336781e1a17
For OS X Lion Server v10.7.5
The download file is named: SecUpdSrvr2013-001.dmg
Its SHA-1 digest is: e88ff36fc8e88c4c995422d3f2364c56ebe51b07
For Mac OS X v10.6.8
The download file is named: SecUpd2013-001.dmg
Its SHA-1 digest is: dc52d0f7d2db6080c57c7b9252a4d85c5e178450
For Mac OS X Server v10.6.8
The download file is named: SecUpdSrvr2013-001.dmg
Its SHA-1 digest is: fd7946f8d1f1bce0394b6e56c8d7387812e14694
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRQiuBAAoJEPefwLHPlZEwGfgP/0UDCn2KBop3IJ4Ad31yiG3N
gH+yQl4GDONhm/HgrPWGQgcuVI69FmAqk+7arwOL7+7hlsSDQ5uSWDraRdd0EPmO
aq2DxPxt6bYi4fHSrfkvRblVr/PcPxswEEshM82JU60Oy88EDA87bI8yy4qi8KJ4
E8+6O31vLuUeAaHf0SNE8y1p2iKpdmHH/Afo0iAVx3ddm8e8wMVPZ9XbR02pe8MV
qmMWj8icBLNyHGoSl48zm5t4Ah4MS9qgXNjsYY+Mq2AcrqQI5EFTbdWpKFM7SQ1G
UcM6zmeHtKNz8H21MDYKg1UHjo49MZnFb6ahRXN0E3jsPrfO4Co/2t6ogOLRZ90X
2Sd1RfwqYnRZRfwyOAe3htBYDpVEfvU1eaNMoTTHLRKWgarxUoXvww2cjnomAg5y
tg+btVeQfzdHu+yClvioCbYqblKKxJf8lmhiLEgoH2bRaz2L+fluWW9yGQarxmrb
vQ+cMKuy7heyLpNhwRHZioo4/b2K/IZBnkKwH76Ey3yAXnSSAD9xwbFZZAU5J8YQ
liULOm9tv1sUlNHMyTsjplIsFkAIrkl+H43hn3/A+q4TIsDkmtPvOOl4Rc9/5w8H
ZibyLnmr1XgXvd6CgFzIvl7Ink+d/xGHTnlybHszCMzR5o6Rg7sTeQsD34aNymcc
Lz1nnBtRAbfDgARdRX4e
=WUBR
-----END PGP SIGNATURE-----
| VAR-201211-0362 | CVE-2012-5416 | Cisco Unified MeetingPlace Web Conferencing Buffer Overflow Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon hang) via unspecified parameters in a POST request, aka Bug ID CSCua66341. Cisco Unified MeetingPlace Web Conferencing Contains a buffer overflow vulnerability. The problem is Bug ID CSCua66341 It is a problem.Service disruption by a third party ( Daemon hang ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
Note: This BID initially referenced CVE-2012-0337. This issue was already described in BID 53431. This solution provides a user environment that integrates voice, video and Web conferencing. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Cisco Unified MeetingPlace Web Conferencing SQL Injection and Denial
of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA51103
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51103/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51103
RELEASE DATE:
2012-11-01
DISCUSS ADVISORY:
http://secunia.com/advisories/51103/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51103/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51103
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in Cisco Unified MeetingPlace,
which can be exploited by malicious people to conduct SQL injection
attacks and cause a DoS (Denial of Service).
1) Certain input is not properly sanitised before being used in SQL
queries.
The vulnerabilities are reported in versions prior to 7.0, 7.0, 7.1,
8.0, and 8.5.
SOLUTION:
Update to version 7.1MR1 Patch 1, 8.0MR1 Patch 1, or 8.5MR3.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Daniel Mende, ERNW GmbH.
2) Reported by the vendor.
ORIGINAL ADVISORY:
Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-mp
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------