VARIoT IoT vulnerabilities database
| VAR-201008-0250 | CVE-2010-1768 | Apple iTunes Vulnerabilities in which console privileges can be obtained |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch. Apple iTunes is prone to a local privilege-escalation vulnerability.
Successfully exploiting this issue may allow an attacker to execute arbitrary code with superuser privileges.
Versions prior to Apple iTunes 9.1 on Apple Mac OS X are vulnerable. iTunes is an Apple player software for iPod and mp3 files
| VAR-201008-0199 | CVE-2010-2826 | Cisco WCS In SQL Injection vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019.
Exploiting this issue could allow an authenticated attacker to compromise the affected device, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue is tracked by Cisco Bug ID CSCtf37019.
Cisco Wireless Control System 6.0.x are vulnerable.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds for this vulnerability.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100811-wcs.shtml
Affected Products
=================
Vulnerable Products
+------------------
Cisco WCS devices running software 6.0.x are affected by this
vulnerability.
Note: Cisco WCS software release 7.0 is not affected by this
vulnerability. Cisco WCS version 7.0.164.0 (which is the first 7.0
version) already contains the fix for this vulnerability. Cisco WCS
software releases prior to 6.0 are not affected by this
vulnerability.
The version of WCS software installed on a particular device can be
found via the Cisco WCS HTTP management interface. Choose "Help >
About the Software" to obtain the software version. No other Cisco products are currently known to be
affected by this vulnerability.
Details
=======
Cisco WCS enables an administrator to configure and monitor one or
more WLCs and associated access points. Exploitation could
allow an authenticated attacker to modify system configuration;
create, modify and delete users; or modify the configuration of
wireless devices managed by WCS.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCtf37019 - SQL injection in order by clause of Client List screens
CVSS Base Score - 9.0
Access Vector - Network
Access Complexity - Low
Authentication - Single
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 7.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of this vulnerability could allow an
authenticated attacker to modify system configuration; create, modify
and delete users; or modify the configuration of wireless devices
managed by WCS.
Software Versions and Fixes
===========================
When considering software upgrades, also consult:
http://www.cisco.com/go/psirt
and any subsequent advisories to determine exposure and a
complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
This vulnerability is fixed in Cisco WCS version 6.0.196.0.
Cisco WCS software can be downloaded from this location:
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=279705270
Workarounds
===========
There are no workarounds for this vulnerability.
Mitigation techniques that can be deployed on Cisco devices within
the network are available in the Cisco Applied Mitigation Bulletin
companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20100811-wcs.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address this
vulnerability. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at:
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was found during the troubleshooting of a customer
service request.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20100811-wcs.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-August-11 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
iD8DBQFMYrdh86n/Gc8U/uARAh2TAJ9/xiYveRbH2lyeoozsVy9sC7L70ACZAdcc
zDOqM+sdoPH3nvIAQ+dz9+k=
=FXD2
-----END PGP SIGNATURE-----
| VAR-201008-0198 | CVE-2010-2825 | Cisco ACE Module SIP Service operation interruption in inspection function (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569. The Cisco Application Control Engine Application Control Engine is a solution for a portfolio of load balancing and application delivery products. SIP is used for call processing sessions, especially for both parties. Only devices with SIP detection enabled are affected by this vulnerability, and default SIP detection is not enabled. Note: TCP or UDP SIP messages can overload the device. If you are using TCP, you need to complete the three-way handshake to exploit this vulnerability. Only Transit communication can trigger this vulnerability, and the target communication for the affected device is not affected by this vulnerability.
An attacker can exploit this issue to cause an affected device to crash and reload, denying service to legitimate users.
This issue is tracked by Cisco bug IDs CSCta65603 and CSCta71569.
Workarounds that mitigate some of the vulnerabilities are available.
Note: These vulnerabilities are independent of each other. For
specific version information, refer to the Software Versions and
Fixes section of this advisory. RTSP inspection is disabled by default. HTTP, RTSP, and SIP
inspection are disabled by default.
Note: This vulnerability is independent from the other RSTP and SIP
inspection vulnerabilities described in this advisory.
Determining Software Versions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To display the version of system software that is currently running
on Cisco ACE Application Control Engine, use the "show version"
command. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
loader: Version 0.95
system: Version A3(1.0) [build 3.0(0)A3(0.0.148)]
system image file: (nd)/192.168.65.31/scimitar.bin
Device Manager version 1.1 (0) 20080805:0415
... All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
loader: Version 12.2[121]
system: Version A2<3.0> [build 3.0(0)A2(2.99.80)]
system image file: [LCP] disk0:c6ace-t1k9-mzg.A2_2_99_80.bin
licensed features: no feature license is installed
...
<output truncated>
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco ACE XML Gateway, the Cisco ACE Web Application Firewall,
and the Cisco ACE GSS 4400 Series Global Site Selector Appliances are
not affected by any of the vulnerabilities that are described in this
advisory.
No other Cisco products are currently known to be affected by these
vulnerabilities. Multiple
vulnerabilities exist in both products. These vulnerabilities are
independent of each other. The following information
provides the details about each of the vulnerabilities that are
addressed in this advisory.
RTSP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The RTSP is used by RealAudio, RealNetworks, Apple QuickTime 4,
RealPlayer, and Cisco IP/TV connections. RTSP applications use the
well-known port 554 with TCP and UDP as the control channel. The
module and the appliance only support RTSP over TCP. RTSP
inspection is disabled by default. Deep packet inspection is a special case of application
inspection where the ACE examines the application payload of a packet
or a traffic stream and makes decisions based on the content of the
data. During HTTP deep inspection, the main focus of the application
inspection process is on HTTP attributes such as the HTTP header, the
URL, and to a limited extent, the payload. User-defined regular
expressions can also be used to detect "signatures" in the payload. HTTP, RTSP, and SIP inspection are
disabled by default. The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCta85227, CSCtg14858 - RTSP Inspection DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCtb54493 - HTTP, RTSP, and SIP Inspection DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCta20756 - SSL DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCta65603, CSCta71569 - SIP Inspection DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of any of the vulnerabilities described in
this security advisory may cause a reload of the affected device.
Repeated exploitation could result in a sustained DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult:
http://www.cisco.com/go/psirt
and any subsequent advisories to determine exposure and a
complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the software table (below) describes the earliest
possible releases that contain the fix (along with the anticipated
date of availability for each, if applicable) are listed in the
"First Fixed Release" column of the table. The "Recommended Release"
column indicates the releases which have fixes for all the published
vulnerabilities at the time of this Advisory. A device running a
release in the given train that is earlier than the release in a
specific column (less than the First Fixed Release) is known to be
vulnerable. Cisco recommends upgrading to a release equal to or later
than the release in the "Recommended Releases" column of the table. RTSP inspection is disabled by default.
Administrators can disable RTSP inspection by issuing the "no inspect
rtsp" command under the respective policy map.
Note: This workaround is only feasible if RTSP inspection is not
needed or required in a load-balancing deployment.
HTTP, RTSP, and SIP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This vulnerability can be mitigated by disabling HTTP, RTSP, and SIP
inspection if they are not required. HTTP, RTSP, and SIP inspection
are disabled by default.
Administrators can disable HTTP inspection by issuing the "no inspect
http" command under the respective policy map.
Administrators can disable RTSP inspection by issuing the "no inspect
rtsp" command under the respective policy map.
Administrators can disable SIP inspection by issuing the "no inspect
sip" command under the respective policy map.
Note: This workaround is only feasible if HTTP, RTSP, and SIP
inspections are not needed or required in a load-balancing
deployment.
SSL DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~
There are no workarounds available to mitigate this vulnerability.
Administrators can disable SIP inspection by issuing the "no inspect
sip" command under the respective policy map.
Note: This workaround is only feasible if SIP inspection is not
needed or required in a load-balancing deployment.
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at:
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during the troubleshooting of
customer service requests and internal testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20100811-ace.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-August-11 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
iD8DBQFMYrc986n/Gc8U/uARAsRXAJ9mSSZZEsFDbdgF09VYUcdoSiGcDwCfQmNk
Aw+GHKEq3mpY2/rCv+nq7Gg=
=qoPf
-----END PGP SIGNATURE-----
| VAR-201008-0195 | CVE-2010-2822 | Cisco ACE Module RTSP Service operation interruption in inspection function (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858. The Cisco Application Control Engine Application Control Engine is a solution for a portfolio of load balancing and application delivery products. RTSP is used for RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer and Cisco IP/TV links. RTSP applications use TCP and UDP port 554 as control channels. Modules and applications only support RTSP over TCP. Devices that only enable RTSP detection are affected by this vulnerability. RTSP detection is not enabled by default. Note: To exploit this vulnerability, you need to complete a three-way handshake. Only Transit communication can trigger this vulnerability, and the target communication for the affected device is not affected by this vulnerability.
An attacker can exploit this issue to cause an affected device to crash and reload, denying service to legitimate users.
This issue is tracked by Cisco bug IDs CSCta85227 and CSCtg14858.
Workarounds that mitigate some of the vulnerabilities are available.
Note: These vulnerabilities are independent of each other. For
specific version information, refer to the Software Versions and
Fixes section of this advisory.
Note: This vulnerability is independent from the other RSTP and SIP
inspection vulnerabilities described in this advisory. SIP inspection is disabled by default. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
loader: Version 0.95
system: Version A3(1.0) [build 3.0(0)A3(0.0.148)]
system image file: (nd)/192.168.65.31/scimitar.bin
Device Manager version 1.1 (0) 20080805:0415
... All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
loader: Version 12.2[121]
system: Version A2<3.0> [build 3.0(0)A2(2.99.80)]
system image file: [LCP] disk0:c6ace-t1k9-mzg.A2_2_99_80.bin
licensed features: no feature license is installed
...
<output truncated>
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco ACE XML Gateway, the Cisco ACE Web Application Firewall,
and the Cisco ACE GSS 4400 Series Global Site Selector Appliances are
not affected by any of the vulnerabilities that are described in this
advisory.
No other Cisco products are currently known to be affected by these
vulnerabilities. Multiple
vulnerabilities exist in both products. These vulnerabilities are
independent of each other. The following information
provides the details about each of the vulnerabilities that are
addressed in this advisory. Deep packet inspection is a special case of application
inspection where the ACE examines the application payload of a packet
or a traffic stream and makes decisions based on the content of the
data. During HTTP deep inspection, the main focus of the application
inspection process is on HTTP attributes such as the HTTP header, the
URL, and to a limited extent, the payload. User-defined regular
expressions can also be used to detect "signatures" in the payload.
SIP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SIP is used for call handling sessions, especially two-party
conferences. SIP inspection is disabled by default.
Note: TCP or UDP SIP packets may cause a device reload. The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCta85227, CSCtg14858 - RTSP Inspection DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCtb54493 - HTTP, RTSP, and SIP Inspection DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCta20756 - SSL DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCta65603, CSCta71569 - SIP Inspection DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of any of the vulnerabilities described in
this security advisory may cause a reload of the affected device.
Repeated exploitation could result in a sustained DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult:
http://www.cisco.com/go/psirt
and any subsequent advisories to determine exposure and a
complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the software table (below) describes the earliest
possible releases that contain the fix (along with the anticipated
date of availability for each, if applicable) are listed in the
"First Fixed Release" column of the table. The "Recommended Release"
column indicates the releases which have fixes for all the published
vulnerabilities at the time of this Advisory. A device running a
release in the given train that is earlier than the release in a
specific column (less than the First Fixed Release) is known to be
vulnerable. Cisco recommends upgrading to a release equal to or later
than the release in the "Recommended Releases" column of the table.
Administrators can disable RTSP inspection by issuing the "no inspect
rtsp" command under the respective policy map.
Note: This workaround is only feasible if RTSP inspection is not
needed or required in a load-balancing deployment.
HTTP, RTSP, and SIP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This vulnerability can be mitigated by disabling HTTP, RTSP, and SIP
inspection if they are not required.
Administrators can disable HTTP inspection by issuing the "no inspect
http" command under the respective policy map.
Administrators can disable RTSP inspection by issuing the "no inspect
rtsp" command under the respective policy map.
Administrators can disable SIP inspection by issuing the "no inspect
sip" command under the respective policy map.
Note: This workaround is only feasible if HTTP, RTSP, and SIP
inspections are not needed or required in a load-balancing
deployment.
SSL DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~
There are no workarounds available to mitigate this vulnerability.
SIP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This vulnerability can be mitigated by disabling SIP inspection if it
is not required. SIP inspection is disabled by default.
Administrators can disable SIP inspection by issuing the "no inspect
sip" command under the respective policy map.
Note: This workaround is only feasible if SIP inspection is not
needed or required in a load-balancing deployment.
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at:
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during the troubleshooting of
customer service requests and internal testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20100811-ace.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-August-11 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
iD8DBQFMYrc986n/Gc8U/uARAsRXAJ9mSSZZEsFDbdgF09VYUcdoSiGcDwCfQmNk
Aw+GHKEq3mpY2/rCv+nq7Gg=
=qoPf
-----END PGP SIGNATURE-----
| VAR-201008-0197 | CVE-2010-2824 | Cisco ACE Application Control Engine Module SSL Handling Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via a sequence of SSL packets, aka Bug ID CSCta20756. The Cisco Application Control Engine Application Control Engine is a solution for a portfolio of load balancing and application delivery products. The Cisco ACE 4710 Application Control Engine application is not affected by this vulnerability. Note: To exploit this vulnerability, you need to complete a three-way handshake. Only communications targeted to affected devices are affected by this vulnerability, and Transit communications are not affected by this vulnerability.
An attacker can exploit this issue to cause an affected device to crash and reload, denying service to legitimate users.
This issue is tracked by Cisco bug ID CSCta20756.
Workarounds that mitigate some of the vulnerabilities are available.
Note: These vulnerabilities are independent of each other. For
specific version information, refer to the Software Versions and
Fixes section of this advisory. RTSP inspection is disabled by default. HTTP, RTSP, and SIP
inspection are disabled by default.
Note: This vulnerability is independent from the other RSTP and SIP
inspection vulnerabilities described in this advisory. SIP inspection is disabled by default.
Determining Software Versions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To display the version of system software that is currently running
on Cisco ACE Application Control Engine, use the "show version"
command. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
loader: Version 0.95
system: Version A3(1.0) [build 3.0(0)A3(0.0.148)]
system image file: (nd)/192.168.65.31/scimitar.bin
Device Manager version 1.1 (0) 20080805:0415
... All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
loader: Version 12.2[121]
system: Version A2<3.0> [build 3.0(0)A2(2.99.80)]
system image file: [LCP] disk0:c6ace-t1k9-mzg.A2_2_99_80.bin
licensed features: no feature license is installed
...
No other Cisco products are currently known to be affected by these
vulnerabilities. Multiple
vulnerabilities exist in both products. These vulnerabilities are
independent of each other. The following information
provides the details about each of the vulnerabilities that are
addressed in this advisory.
RTSP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The RTSP is used by RealAudio, RealNetworks, Apple QuickTime 4,
RealPlayer, and Cisco IP/TV connections. RTSP applications use the
well-known port 554 with TCP and UDP as the control channel. The
module and the appliance only support RTSP over TCP. Only devices with RTSP inspection enabled are affected. RTSP
inspection is disabled by default. Deep packet inspection is a special case of application
inspection where the ACE examines the application payload of a packet
or a traffic stream and makes decisions based on the content of the
data. During HTTP deep inspection, the main focus of the application
inspection process is on HTTP attributes such as the HTTP header, the
URL, and to a limited extent, the payload. User-defined regular
expressions can also be used to detect "signatures" in the payload. Devices with HTTP, RTSP, or SIP
inspection enabled are affected. HTTP, RTSP, and SIP inspection are
disabled by default.
SIP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SIP is used for call handling sessions, especially two-party
conferences. Only devices with SIP inspection enabled are
affected. SIP inspection is disabled by default.
Note: TCP or UDP SIP packets may cause a device reload. The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCta85227, CSCtg14858 - RTSP Inspection DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCtb54493 - HTTP, RTSP, and SIP Inspection DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCta20756 - SSL DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCta65603, CSCta71569 - SIP Inspection DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of any of the vulnerabilities described in
this security advisory may cause a reload of the affected device.
Repeated exploitation could result in a sustained DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult:
http://www.cisco.com/go/psirt
and any subsequent advisories to determine exposure and a
complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the software table (below) describes the earliest
possible releases that contain the fix (along with the anticipated
date of availability for each, if applicable) are listed in the
"First Fixed Release" column of the table. The "Recommended Release"
column indicates the releases which have fixes for all the published
vulnerabilities at the time of this Advisory. A device running a
release in the given train that is earlier than the release in a
specific column (less than the First Fixed Release) is known to be
vulnerable. Cisco recommends upgrading to a release equal to or later
than the release in the "Recommended Releases" column of the table.
+--------------------------------------------------------------+
| | First Fixed Release | Recommended |
| | | Release |
|Vulnerability |-------------------------+--------------------|
| | ACE | ACE Module | ACE | ACE |
| | Appliance | | Appliance | Module |
|---------------+------------+------------+-----------+--------|
| RTSP | | | | A2 |
| Inspection | A3(2.6) | A2(3.2) | A3(2.6) | (3.2) |
| Vulnerability | | | | |
|---------------+------------+------------+-----------+--------|
| HTTP, RTSP, | | | | |
| SIP | A3(2.6) | Not | A3(2.6) | A2 |
| Inspection | | vulnerable | | (3.2) |
| Vulnerability | | | | |
|---------------+------------+------------+-----------+--------|
| | | A2(1.6) | | |
| SSL | Not | | | A2 |
| Vulnerability | vulnerable | A2(2.3) | A3(2.6) | (3.2) |
| | | | | |
| | | A2(3.1) | | |
|---------------+------------+------------+-----------+--------|
| | | A2(1.6) | | |
| SIP | | | | A2 |
| Inspection | A3(2.4) | A2(2.3) | A3(2.6) | (3.2) |
| Vulnerability | | | | |
| | | A2(3.1) | | |
+--------------------------------------------------------------+
Cisco ACE 4710 Application Control Engine appliance software can be
downloaded from:
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=281222179
Cisco ACE Module software can be downloaded from:
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=280557289
Workarounds
===========
In addition to the recommendations described below, mitigation
techniques that can be deployed on Cisco devices within the network
are available in the Cisco Applied Mitigation Bulletin companion
document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20100811-ace.shtml
RTSP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This vulnerability can be mitigated by disabling RTSP inspection if
it is not required. RTSP inspection is disabled by default.
Administrators can disable RTSP inspection by issuing the "no inspect
rtsp" command under the respective policy map.
Note: This workaround is only feasible if RTSP inspection is not
needed or required in a load-balancing deployment.
HTTP, RTSP, and SIP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This vulnerability can be mitigated by disabling HTTP, RTSP, and SIP
inspection if they are not required. HTTP, RTSP, and SIP inspection
are disabled by default.
Administrators can disable HTTP inspection by issuing the "no inspect
http" command under the respective policy map.
Administrators can disable RTSP inspection by issuing the "no inspect
rtsp" command under the respective policy map.
Administrators can disable SIP inspection by issuing the "no inspect
sip" command under the respective policy map.
Note: This workaround is only feasible if HTTP, RTSP, and SIP
inspections are not needed or required in a load-balancing
deployment.
SSL DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~
There are no workarounds available to mitigate this vulnerability.
SIP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This vulnerability can be mitigated by disabling SIP inspection if it
is not required. SIP inspection is disabled by default.
Administrators can disable SIP inspection by issuing the "no inspect
sip" command under the respective policy map.
Note: This workaround is only feasible if SIP inspection is not
needed or required in a load-balancing deployment.
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at:
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during the troubleshooting of
customer service requests and internal testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20100811-ace.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-August-11 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
iD8DBQFMYrc986n/Gc8U/uARAsRXAJ9mSSZZEsFDbdgF09VYUcdoSiGcDwCfQmNk
Aw+GHKEq3mpY2/rCv+nq7Gg=
=qoPf
-----END PGP SIGNATURE-----
| VAR-201008-0196 | CVE-2010-2823 | Cisco ACE 4710 Service disruption in the deep packet inspection function (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493. Cisco ACE 4710 Application Control Engine is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause an affected device to crash and reload, denying service to legitimate users.
This issue is tracked by Cisco bug ID CSCtb54493.
Workarounds that mitigate some of the vulnerabilities are available.
Note: These vulnerabilities are independent of each other. A device
may be affected by one vulnerability and not affected by another.
Affected versions vary depending on the specific vulnerability. For
specific version information, refer to the Software Versions and
Fixes section of this advisory. RTSP inspection is disabled by default. HTTP, RTSP, and SIP
inspection are disabled by default.
Note: This vulnerability is independent from the other RSTP and SIP
inspection vulnerabilities described in this advisory. SIP inspection is disabled by default.
Determining Software Versions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To display the version of system software that is currently running
on Cisco ACE Application Control Engine, use the "show version"
command. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
loader: Version 0.95
system: Version A3(1.0) [build 3.0(0)A3(0.0.148)]
system image file: (nd)/192.168.65.31/scimitar.bin
Device Manager version 1.1 (0) 20080805:0415
... All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
loader: Version 12.2[121]
system: Version A2<3.0> [build 3.0(0)A2(2.99.80)]
system image file: [LCP] disk0:c6ace-t1k9-mzg.A2_2_99_80.bin
licensed features: no feature license is installed
...
<output truncated>
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco ACE XML Gateway, the Cisco ACE Web Application Firewall,
and the Cisco ACE GSS 4400 Series Global Site Selector Appliances are
not affected by any of the vulnerabilities that are described in this
advisory.
No other Cisco products are currently known to be affected by these
vulnerabilities. Multiple
vulnerabilities exist in both products. These vulnerabilities are
independent of each other. A device may be affected by one
vulnerability and not affected by another. The following information
provides the details about each of the vulnerabilities that are
addressed in this advisory.
RTSP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The RTSP is used by RealAudio, RealNetworks, Apple QuickTime 4,
RealPlayer, and Cisco IP/TV connections. RTSP applications use the
well-known port 554 with TCP and UDP as the control channel. The
module and the appliance only support RTSP over TCP. Only devices with RTSP inspection enabled are affected. RTSP
inspection is disabled by default.
Note: A TCP three-way handshake is needed in order to exploit this
vulnerability. Only transit traffic can trigger this vulnerability;
traffic that is destined to the affected device will not trigger the
vulnerability. Deep packet inspection is a special case of application
inspection where the ACE examines the application payload of a packet
or a traffic stream and makes decisions based on the content of the
data. During HTTP deep inspection, the main focus of the application
inspection process is on HTTP attributes such as the HTTP header, the
URL, and to a limited extent, the payload. User-defined regular
expressions can also be used to detect "signatures" in the payload. Devices with HTTP, RTSP, or SIP
inspection enabled are affected. HTTP, RTSP, and SIP inspection are
disabled by default. A TCP three-way handshake is needed in order
to exploit this vulnerability. Only transit traffic can trigger this
vulnerability; traffic that is destined to the affected device will
not trigger this vulnerability.
Note: A TCP three-way handshake is needed in order to exploit this
vulnerability. Only traffic that is destined to the affected device
can trigger this vulnerability; transit traffic will not trigger this
vulnerability.
SIP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SIP is used for call handling sessions, especially two-party
conferences. Only devices with SIP inspection enabled are
affected. SIP inspection is disabled by default.
Note: TCP or UDP SIP packets may cause a device reload. If TCP is
used, a TCP three-way handshake is needed in order to exploit this
vulnerability. Only transit traffic can trigger this vulnerability;
traffic that is destined to the affected device will not trigger this
vulnerability. The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCta85227, CSCtg14858 - RTSP Inspection DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCtb54493 - HTTP, RTSP, and SIP Inspection DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCta20756 - SSL DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCta65603, CSCta71569 - SIP Inspection DoS Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of any of the vulnerabilities described in
this security advisory may cause a reload of the affected device.
Repeated exploitation could result in a sustained DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult:
http://www.cisco.com/go/psirt
and any subsequent advisories to determine exposure and a
complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the software table (below) describes the earliest
possible releases that contain the fix (along with the anticipated
date of availability for each, if applicable) are listed in the
"First Fixed Release" column of the table. The "Recommended Release"
column indicates the releases which have fixes for all the published
vulnerabilities at the time of this Advisory. A device running a
release in the given train that is earlier than the release in a
specific column (less than the First Fixed Release) is known to be
vulnerable. Cisco recommends upgrading to a release equal to or later
than the release in the "Recommended Releases" column of the table. RTSP inspection is disabled by default.
Administrators can disable RTSP inspection by issuing the "no inspect
rtsp" command under the respective policy map.
Note: This workaround is only feasible if RTSP inspection is not
needed or required in a load-balancing deployment.
HTTP, RTSP, and SIP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This vulnerability can be mitigated by disabling HTTP, RTSP, and SIP
inspection if they are not required. HTTP, RTSP, and SIP inspection
are disabled by default.
Administrators can disable HTTP inspection by issuing the "no inspect
http" command under the respective policy map.
Administrators can disable RTSP inspection by issuing the "no inspect
rtsp" command under the respective policy map.
Administrators can disable SIP inspection by issuing the "no inspect
sip" command under the respective policy map.
Note: This workaround is only feasible if HTTP, RTSP, and SIP
inspections are not needed or required in a load-balancing
deployment.
SSL DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~
There are no workarounds available to mitigate this vulnerability.
SIP Inspection DoS Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This vulnerability can be mitigated by disabling SIP inspection if it
is not required. SIP inspection is disabled by default.
Administrators can disable SIP inspection by issuing the "no inspect
sip" command under the respective policy map.
Note: This workaround is only feasible if SIP inspection is not
needed or required in a load-balancing deployment.
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at:
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during the troubleshooting of
customer service requests and internal testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20100811-ace.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-August-11 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
iD8DBQFMYrc986n/Gc8U/uARAsRXAJ9mSSZZEsFDbdgF09VYUcdoSiGcDwCfQmNk
Aw+GHKEq3mpY2/rCv+nq7Gg=
=qoPf
-----END PGP SIGNATURE-----
| VAR-201008-0339 | CVE-2010-3032 | SAP Crystal Reports of ebus-3-3-2-6.dll Module integer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow. SAP Crystal Reports is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary malicious code in the context of the SYSTEM user. Failed exploit attempts will likely crash the application. ----------------------------------------------------------------------
Get tweets from Secunia
http://twitter.com/secunia
----------------------------------------------------------------------
TITLE:
SAP Crystal Reports GIOP Message Size Integer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA40960
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40960/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40960
RELEASE DATE:
2010-08-13
DISCUSS ADVISORY:
http://secunia.com/advisories/40960/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40960/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40960
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in SAP Crystal Reports, which can
be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an integer overflow within the
ebus-3-3-2-6.dll module when processing the packet sizes of GIOP
requests. This can be exploited to cause a heap-based buffer overflow
by sending specially crafted GIOP requests.
Successful exploitation may allow the execution of arbitrary code
with SYSTEM privileges.
SOLUTION:
Apply patch.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
Aaron Portnoy, TippingPoint DVLabs
ORIGINAL ADVISORY:
SAP:
https://service.sap.com/sap/support/notes/1473327
TippingPoint DVLabs:
http://dvlabs.tippingpoint.com/advisory/TPTI-10-07
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201008-0401 | No CVE | Arbitrary Code Execution Vulnerability in JP1/Cm2/Network Node Manager |
CVSS V2: 10.0 CVSS V3: - Severity: High |
JP1/Cm2/Network Node Manager contains a vulnerability that could allow a remote attacker to cause a denial of service (DoS) condition or execute arbitrary code.A remote attacker could cause a denial of service (DoS) condition or execute arbitrary code.
| VAR-201008-0358 | CVE-2010-2987 | Cisco WCS Solution Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtg33854. Wireless Control System Software is prone to a cross-site scripting vulnerability. Remote attackers can inject arbitrary web scripts or HTML with unknown vectors. ----------------------------------------------------------------------
Get tweets from Secunia
http://twitter.com/secunia
----------------------------------------------------------------------
TITLE:
Cisco Wireless Control System Cross-Site Scripting Vulnerabilities
SECUNIA ADVISORY ID:
SA40827
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40827/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40827
RELEASE DATE:
2010-08-06
DISCUSS ADVISORY:
http://secunia.com/advisories/40827/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40827/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40827
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco Wireless Control
System, which can be exploited by malicious people to conduct
cross-site scripting attacks.
1) Input passed via the "searchText" parameter to
webacs/QuickSearchAction.do is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
2) Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
3) Certain input passed to searchClientAction.do and
switchGeneralAction.do is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
SOLUTION:
Update to version 6.0.196.0 or later.
PROVIDED AND/OR DISCOVERED BY:
1) Tom Neaves
2, 3) Reported by the vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
Tom Neaves:
http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201008-0359 | CVE-2010-2988 | Cisco WCS Solution Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333. Unified Wireless Network Solution Software is prone to a cross-site scripting vulnerability. ----------------------------------------------------------------------
Get tweets from Secunia
http://twitter.com/secunia
----------------------------------------------------------------------
TITLE:
Cisco Wireless Control System Cross-Site Scripting Vulnerabilities
SECUNIA ADVISORY ID:
SA40827
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40827/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40827
RELEASE DATE:
2010-08-06
DISCUSS ADVISORY:
http://secunia.com/advisories/40827/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40827/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40827
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco Wireless Control
System, which can be exploited by malicious people to conduct
cross-site scripting attacks.
1) Input passed via the "searchText" parameter to
webacs/QuickSearchAction.do is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
2) Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
3) Certain input passed to searchClientAction.do and
switchGeneralAction.do is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
SOLUTION:
Update to version 6.0.196.0 or later.
PROVIDED AND/OR DISCOVERED BY:
1) Tom Neaves
2, 3) Reported by the vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
Tom Neaves:
http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201008-0172 | CVE-2010-2808 | FreeType of Mac_Read_POST_Resource Buffer overflow vulnerability in functions |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. FreeType is prone to multiple memory-corruption vulnerabilities and a stack-based buffer-overflow vulnerability.
Successful exploits may allow attackers to execute arbitrary code in the context of an application that uses the affected library. Failed exploit attempts will likely result in denial-of-service conditions. It can be used to rasterize and map characters into bitmaps and provide support for other font-related businesses.
Background
==========
FreeType is a high-quality and portable font engine. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All FreeType users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8"
References
==========
[ 1 ] CVE-2010-1797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797
[ 2 ] CVE-2010-2497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497
[ 3 ] CVE-2010-2498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498
[ 4 ] CVE-2010-2499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499
[ 5 ] CVE-2010-2500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500
[ 6 ] CVE-2010-2519
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519
[ 7 ] CVE-2010-2520
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520
[ 8 ] CVE-2010-2527
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527
[ 9 ] CVE-2010-2541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541
[ 10 ] CVE-2010-2805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805
[ 11 ] CVE-2010-2806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806
[ 12 ] CVE-2010-2807
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807
[ 13 ] CVE-2010-2808
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808
[ 14 ] CVE-2010-3053
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053
[ 15 ] CVE-2010-3054
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054
[ 16 ] CVE-2010-3311
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311
[ 17 ] CVE-2010-3814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814
[ 18 ] CVE-2010-3855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855
[ 19 ] CVE-2011-0226
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226
[ 20 ] CVE-2011-3256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256
[ 21 ] CVE-2011-3439
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201201-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ===========================================================
Ubuntu Security Notice USN-972-1 August 17, 2010
freetype vulnerabilities
CVE-2010-1797, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806,
CVE-2010-2807, CVE-2010-2808
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libfreetype6 2.1.10-1ubuntu2.8
Ubuntu 8.04 LTS:
libfreetype6 2.3.5-1ubuntu4.8.04.4
Ubuntu 9.04:
libfreetype6 2.3.9-4ubuntu0.3
Ubuntu 9.10:
libfreetype6 2.3.9-5ubuntu0.2
Ubuntu 10.04 LTS:
libfreetype6 2.3.11-1ubuntu2.2
After a standard system update you need to restart your session to make
all the necessary changes.
Details follow:
It was discovered that FreeType did not correctly handle certain malformed
font files.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.diff.gz
Size/MD5: 70961 d986f14b69d50fe1884e8dd5f9386731
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.dsc
Size/MD5: 719 a91985ecc92b75aa3f3647506bad4039
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz
Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_amd64.deb
Size/MD5: 717794 f332d5b1974aa53f200e4e6ecf9df088
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_amd64.deb
Size/MD5: 440974 afa83868cc67cec692f72a9dc93635ff
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_amd64.deb
Size/MD5: 133902 dca56851436275285b4563c96388a070
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_amd64.udeb
Size/MD5: 251958 358627e207009dbe0c5be095e7bed18d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_i386.deb
Size/MD5: 677592 ee43f5e97f31b8da57582dbdb1e63033
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_i386.deb
Size/MD5: 416328 ef092c08ba2c167af0da25ab743ea663
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_i386.deb
Size/MD5: 117302 b2633ed4487657fe349fd3de76fce405
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_i386.udeb
Size/MD5: 227436 f55ab8a9bb7e76ad743f6c0fa2974e64
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_powerpc.deb
Size/MD5: 708654 ee71c714e62e96a9af4cf7ba909142e6
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_powerpc.deb
Size/MD5: 431036 4f1c6a1e28d3a14b593bef37605119ab
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_powerpc.deb
Size/MD5: 134260 66ba7d95f551eaadb1bba5a56d76529d
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_powerpc.udeb
Size/MD5: 241726 d2c4f13b12c8280b1fad56cdc0965502
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_sparc.deb
Size/MD5: 683964 49df9101deb9a317229351d72b5804ec
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_sparc.deb
Size/MD5: 411982 efaca20d5deec9e51be023710902852b
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_sparc.deb
Size/MD5: 120138 ff723720ed499e40049e3487844b9db3
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_sparc.udeb
Size/MD5: 222676 71f172ba71fc507b04e5337d55b32ed6
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.diff.gz
Size/MD5: 40949 1cc5014da4db8200edb54df32561fcd0
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.dsc
Size/MD5: 907 7f698125814f4ca67a01b0a66d9bcfe9
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz
Size/MD5: 1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_amd64.deb
Size/MD5: 694322 c740e1665d09a0c691163a543c8d650b
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_amd64.deb
Size/MD5: 362386 5b085e83764fcda129bede2c5c4ca179
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_amd64.deb
Size/MD5: 221392 dbebbbaffc086dccf550468fff1daa92
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_amd64.udeb
Size/MD5: 258454 f3903d4e43891753f3c6439cd862617f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_i386.deb
Size/MD5: 663330 7601af27049730f0f7afcfa30244ae88
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_i386.deb
Size/MD5: 347172 de53a441e28e385598d20333ff636026
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_i386.deb
Size/MD5: 201266 c9c50bdc87d0a46fc43f3bbca26adec5
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_i386.udeb
Size/MD5: 243462 16bb61f604fe48a301f6faeaa094d266
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_lpia.deb
Size/MD5: 665120 bf0dcd13b8a171f6a740ca225d943e68
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_lpia.deb
Size/MD5: 347512 d2beee3ccf7fe0233825d46cc61ca62d
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_lpia.deb
Size/MD5: 205560 7879f630a5356e3d6e9c0609e8008de9
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_lpia.udeb
Size/MD5: 244324 4e10fb5e68a78312eb02c69508120c6a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_powerpc.deb
Size/MD5: 687156 6d36300396fa84d6f889147b0247f385
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_powerpc.deb
Size/MD5: 358086 06b9874cc9ba11fdb6feb10b0831e890
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_powerpc.deb
Size/MD5: 235578 ce514bab4cbc028a0451742c38c633cd
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_powerpc.udeb
Size/MD5: 254526 d50f40a9421b52f4302c4d260170edb3
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_sparc.deb
Size/MD5: 658094 184f0f51023baa8ce459fababaa190d9
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_sparc.deb
Size/MD5: 332124 5aa036de5269896c893ea8f825329b84
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_sparc.deb
Size/MD5: 199782 9323f9209333cf42114e97d3305d901c
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_sparc.udeb
Size/MD5: 227810 7657e99ad137ad5ce654b74cfbbfdc10
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.diff.gz
Size/MD5: 44032 17b27322a6448d40599c55561209c940
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.dsc
Size/MD5: 1311 5124a4df7016a625a631c1ff4661aae9
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz
Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_amd64.deb
Size/MD5: 729408 788a2af765a8356c4a7c01e893695b0b
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_amd64.udeb
Size/MD5: 272950 a1f9a0ad0d036e5a14b073c139ce5408
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_amd64.deb
Size/MD5: 407052 bfd510dc0c46a0f25dd3329693ee66a8
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_amd64.deb
Size/MD5: 226474 9b8e6c521d8629b9b1db2760209460a3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_i386.deb
Size/MD5: 697818 9176ee8649b8441333d7c5d9359c53a6
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_i386.udeb
Size/MD5: 257896 c26f46491d69a174fa9cad126a3201cf
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_i386.deb
Size/MD5: 392692 648d0605a187b74291b3233e5e4930e3
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_i386.deb
Size/MD5: 198834 0b41da08de5417a7db21e24e730e03d9
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_lpia.deb
Size/MD5: 698682 12c20dd647db986bd87a250d8706e8e8
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_lpia.udeb
Size/MD5: 257736 dee60e4b8a1824d2aa13364ec0f01602
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_lpia.deb
Size/MD5: 392978 e19bcc3c8c0cec76227c64843b01516a
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_lpia.deb
Size/MD5: 201636 a558e986b6c6e878e115126e7d3a28a5
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_powerpc.deb
Size/MD5: 720040 70c8792cddd9cfe45480f8d760dd0163
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_powerpc.udeb
Size/MD5: 265790 b356a500845d045f431db6ef4db4f811
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_powerpc.deb
Size/MD5: 400532 91aa4eea6b8e9b67a721b552caab8468
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_powerpc.deb
Size/MD5: 227834 fa22e303b8d06dfb99a8c3c1f2980061
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_sparc.deb
Size/MD5: 689244 dff22369b1bb07d4ef7c6d9f474149db
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_sparc.udeb
Size/MD5: 238164 cb1e597bd0065d2ffbad763a52088c1d
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_sparc.deb
Size/MD5: 372422 c6f36ae3119f8f17368d796943ba9908
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_sparc.deb
Size/MD5: 201390 c3f108859375787b11190d3c5a1d966b
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.diff.gz
Size/MD5: 43530 f78681f1641b93f34d41ff4d6f31eb71
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.dsc
Size/MD5: 1311 8a9a302e0a62f2dbe2a62aba456e2108
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz
Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_amd64.deb
Size/MD5: 731028 3b5ed0ad073cca0c1eee212b0e12f255
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_amd64.udeb
Size/MD5: 275110 a23822489a0d7d45152f341b86f0df20
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_amd64.deb
Size/MD5: 409362 ba180d650e17df6980ca09b8d1a109e1
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_amd64.deb
Size/MD5: 230774 a0a51691eefc0fb6e94d41c3282c3ab2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_i386.deb
Size/MD5: 696892 ad2164ed812ccd9cf7829659cff219c7
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_i386.udeb
Size/MD5: 258710 c2d256e87eaee83ab83592247588bee7
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_i386.deb
Size/MD5: 393912 c8d04b785d17066229bab50a3c13e1af
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_i386.deb
Size/MD5: 195702 02aa03f1f62a61383d829b5bf494b7b0
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_lpia.deb
Size/MD5: 699382 ff8200917b43322062d2f3b5f3f6bab8
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_lpia.udeb
Size/MD5: 259348 0395bdbaf357d161d0f1d3b257ae4732
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_lpia.deb
Size/MD5: 394122 8481f2e278a5da28b28ef0fa79207662
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_lpia.deb
Size/MD5: 198546 a3f0a848da83a64d14344b6744b33a90
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_powerpc.deb
Size/MD5: 719762 bd7185c852b151794c27f8c2ead4da94
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_powerpc.udeb
Size/MD5: 264578 58a77cbf2ae4c2a447a81cce72f6b8c5
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_powerpc.deb
Size/MD5: 399118 c943fa66513b862ccb6ac99699c9e33c
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_powerpc.deb
Size/MD5: 203834 842dd94d9b3fad52c0b1b6489775d2ea
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_sparc.deb
Size/MD5: 691054 557de31093ac67c2dedec97e55998295
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_sparc.udeb
Size/MD5: 240534 f3c79ed9e84e7169851de3f432b613c3
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_sparc.deb
Size/MD5: 374982 e84af1b516f050ee9bdb93c213994943
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_sparc.deb
Size/MD5: 195786 599978c8d9cff2525eba228c793833c3
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.diff.gz
Size/MD5: 41646 9b97425327300eda74c492034fed50ad
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.dsc
Size/MD5: 1313 b7b625334a0d9c926bf34cc83dcc904c
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11.orig.tar.gz
Size/MD5: 1709600 5aa22c0bc6aa3815b40a309ead2b9d1b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_amd64.deb
Size/MD5: 739530 db9147ce9477b7ab22374f89d24b24ca
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_amd64.udeb
Size/MD5: 277536 35fc46f3c281aee82eeed4e00cfdacdc
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_amd64.deb
Size/MD5: 434932 1bf8e620c3008504b87354470e7be9a5
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_amd64.deb
Size/MD5: 221434 4b4fcbd633bf1b3c2151617adae44835
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_i386.deb
Size/MD5: 704694 f58601afde2b4bc257492762654cbf94
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_i386.udeb
Size/MD5: 260916 a540a7f9ae973bce66bbd3fdb9a4f849
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_i386.deb
Size/MD5: 419000 d4a78ce7ae146caa59b61f43b27d363c
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_i386.deb
Size/MD5: 188710 e94b4202fcfe184fdf81409fe610a42a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_powerpc.deb
Size/MD5: 728090 5f2e98a54cb2a0ac03591c387aacf461
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_powerpc.udeb
Size/MD5: 266750 66bf2b146ab219d1b78e1887d0053f2a
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_powerpc.deb
Size/MD5: 424614 fd964644b45bbbc79729c9609c4b6bb8
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_powerpc.deb
Size/MD5: 196686 b88a8cebff19c95b6c9c161f7d1bb472
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_sparc.deb
Size/MD5: 707164 bf26d7cb1aa3f759ca31510f92888053
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_sparc.udeb
Size/MD5: 250768 100b4d4b270421fb1dcb503c88b547e8
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_sparc.deb
Size/MD5: 408132 b009cd0f1aafa500f8cc16273e9f2ed9
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_sparc.deb
Size/MD5: 198302 504ec3da9ee2048391e2c4035d7149fc
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2105-1 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
September 07, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : freetype
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-1797 CVE-2010-2541 CVE-2010-2805 CVE-2010-2806
CVE-2010-2807 CVE-2010-2808 CVE-2010-3053
Several vulnerabilities have been discovered in the FreeType font
library.
For the stable distribution (lenny), these problems have been fixed in
version 2.3.7-2+lenny3
For the unstable distribution (sid) and the testing distribution
(squeeze), these problems have been fixed in version 2.4.2-1
We recommend that you upgrade your freetype package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.diff.gz
Size/MD5 checksum: 39230 95a3841e7258573ca2d3e0075b8e7f73
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.dsc
Size/MD5 checksum: 1219 2a2bf3d4568d92e2a48ebcda38140e73
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_alpha.deb
Size/MD5 checksum: 775278 2f2ca060588fc33b6d7baae02201dbd2
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_alpha.deb
Size/MD5 checksum: 412188 ad9537e93ed3fb61f9348470940f3ce5
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb
Size/MD5 checksum: 296592 e689b1c4b6bd7779e44d1cd641be9622
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_alpha.deb
Size/MD5 checksum: 253786 287a98ca57139d4dee8041eba2881e3b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_amd64.deb
Size/MD5 checksum: 713260 f1d4002e7b6d185ff9f46bc25d67c4c9
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_amd64.deb
Size/MD5 checksum: 223170 cb00f76d826be115243faa9dfd0b8a91
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_amd64.udeb
Size/MD5 checksum: 269796 40762e686138c27ac92b20174e67012e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_amd64.deb
Size/MD5 checksum: 385848 0294d7e3e1d6b37532f98344a9849cde
arm architecture (ARM)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_arm.deb
Size/MD5 checksum: 686154 fbe32c7124ba2ce093b31f46736e002b
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_arm.deb
Size/MD5 checksum: 357158 0d793d543a33cfa192098234c925d639
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_arm.udeb
Size/MD5 checksum: 242196 1cfc9f7dc6a7cd0843aa234bab35b69e
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_arm.deb
Size/MD5 checksum: 205120 39ab4dfbc19c8a63affc493e0b5aaf2d
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_armel.deb
Size/MD5 checksum: 684568 325686fbc2fba7687da424ada57b9419
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_armel.deb
Size/MD5 checksum: 209992 69f6a68fb90658ec74dfd7cc7cc0b766
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb
Size/MD5 checksum: 236564 a48afca5c6798d16b140b3362dfac0ca
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_armel.deb
Size/MD5 checksum: 353814 76960109910d6de2f74ec0e345f00854
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_i386.udeb
Size/MD5 checksum: 254452 a34af74eda0feb2b763cfc6f5b8330c1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_i386.deb
Size/MD5 checksum: 371586 ec294ffffeb9ddec389e3e988d880534
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_i386.deb
Size/MD5 checksum: 198558 3283ad058d37eed8bca46df743c6a915
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_i386.deb
Size/MD5 checksum: 684624 014d335b35ed41022adb628796a0c122
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_ia64.deb
Size/MD5 checksum: 332160 2dbb364f09414e4b0e0f59d9e91d1edc
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_ia64.deb
Size/MD5 checksum: 876692 2f6d3421d6c8424523388347c5640666
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_ia64.deb
Size/MD5 checksum: 531496 5dd7755f63271f597b64c3f513e8e7f1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_ia64.udeb
Size/MD5 checksum: 415934 ea2ba16157b3504d8b9c8f251b69b16f
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mips.deb
Size/MD5 checksum: 717022 9ee8c246af10f4bf7cdf5cdc54010dd6
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mips.deb
Size/MD5 checksum: 213212 3641ad81738e8935c5df2b648383c8e0
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mips.deb
Size/MD5 checksum: 369018 18559e273ffcea5614e71ab32b95ef47
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb
Size/MD5 checksum: 253924 1be1e224f27a780beb6799d55fa74663
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mipsel.deb
Size/MD5 checksum: 369772 6181d98166fe1f004fb033f2665ce4af
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mipsel.deb
Size/MD5 checksum: 214802 6edbec67ff79e96921d1fe4bf57b0fce
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mipsel.deb
Size/MD5 checksum: 712502 4a99ccc68b1913f88901c5e0686fea4f
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mipsel.udeb
Size/MD5 checksum: 254212 e30825a94175fd78a561b8365392cbad
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_powerpc.udeb
Size/MD5 checksum: 262804 d35ced8ba625f39dc7a04e3e61e0d49d
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_powerpc.deb
Size/MD5 checksum: 233882 6e294c19dd0109ee80fe6cd401b6a185
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_powerpc.deb
Size/MD5 checksum: 378612 c96a180e7132c543396486b14107cdad
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_powerpc.deb
Size/MD5 checksum: 708212 9602a7786b2ebffd1d75d443901574c5
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_s390.deb
Size/MD5 checksum: 225190 393c9515f7cd89bcd8b0c38d6d6dd7ac
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_s390.deb
Size/MD5 checksum: 384160 4e20bc56e5fc65fb08529d8765d28850
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_s390.deb
Size/MD5 checksum: 698798 f589b6b8882d998bb7b89fa1dfa40b3a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb
Size/MD5 checksum: 268272 7b6511b9ad657aa165e906a4fcbfee11
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_sparc.deb
Size/MD5 checksum: 200078 29c1833cbde5b4da5c2e35aaf856ab58
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb
Size/MD5 checksum: 235424 e64a8fc3b744253b22161e31fbb6e92a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_sparc.deb
Size/MD5 checksum: 352544 a7f480889460b104bbab16fd8d8da2d5
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_sparc.deb
Size/MD5 checksum: 676520 6d0f57a5bd6457a9b9b85271c7001531
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkyGowMACgkQNxpp46476aos+gCggzMhJbnoGyXAhf8hfIrNJLn7
reQAnj4mmmGRshTxck3LwMxdmtAhb8uJ
=RkKg
-----END PGP SIGNATURE-----
| VAR-201008-0170 | CVE-2010-2806 | FreeType of t42_parse_sfnts Vulnerability in arbitrary code execution in function |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. FreeType is prone to multiple memory-corruption vulnerabilities and a stack-based buffer-overflow vulnerability.
Successful exploits may allow attackers to execute arbitrary code in the context of an application that uses the affected library. Failed exploit attempts will likely result in denial-of-service conditions. It can be used to rasterize and map characters into bitmaps and provide support for other font-related businesses. The t42_parse_sfnts function in type42/t42parse.c in versions prior to FreeType 2.4.2 has an array index error vulnerability.
Background
==========
FreeType is a high-quality and portable font engine. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All FreeType users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8"
References
==========
[ 1 ] CVE-2010-1797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797
[ 2 ] CVE-2010-2497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497
[ 3 ] CVE-2010-2498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498
[ 4 ] CVE-2010-2499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499
[ 5 ] CVE-2010-2500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500
[ 6 ] CVE-2010-2519
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519
[ 7 ] CVE-2010-2520
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520
[ 8 ] CVE-2010-2527
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527
[ 9 ] CVE-2010-2541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541
[ 10 ] CVE-2010-2805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805
[ 11 ] CVE-2010-2806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806
[ 12 ] CVE-2010-2807
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807
[ 13 ] CVE-2010-2808
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808
[ 14 ] CVE-2010-3053
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053
[ 15 ] CVE-2010-3054
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054
[ 16 ] CVE-2010-3311
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311
[ 17 ] CVE-2010-3814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814
[ 18 ] CVE-2010-3855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855
[ 19 ] CVE-2011-0226
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226
[ 20 ] CVE-2011-3256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256
[ 21 ] CVE-2011-3439
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201201-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ===========================================================
Ubuntu Security Notice USN-972-1 August 17, 2010
freetype vulnerabilities
CVE-2010-1797, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806,
CVE-2010-2807, CVE-2010-2808
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libfreetype6 2.1.10-1ubuntu2.8
Ubuntu 8.04 LTS:
libfreetype6 2.3.5-1ubuntu4.8.04.4
Ubuntu 9.04:
libfreetype6 2.3.9-4ubuntu0.3
Ubuntu 9.10:
libfreetype6 2.3.9-5ubuntu0.2
Ubuntu 10.04 LTS:
libfreetype6 2.3.11-1ubuntu2.2
After a standard system update you need to restart your session to make
all the necessary changes.
Details follow:
It was discovered that FreeType did not correctly handle certain malformed
font files.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.diff.gz
Size/MD5: 70961 d986f14b69d50fe1884e8dd5f9386731
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.dsc
Size/MD5: 719 a91985ecc92b75aa3f3647506bad4039
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz
Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_amd64.deb
Size/MD5: 717794 f332d5b1974aa53f200e4e6ecf9df088
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_amd64.deb
Size/MD5: 440974 afa83868cc67cec692f72a9dc93635ff
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_amd64.deb
Size/MD5: 133902 dca56851436275285b4563c96388a070
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_amd64.udeb
Size/MD5: 251958 358627e207009dbe0c5be095e7bed18d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_i386.deb
Size/MD5: 677592 ee43f5e97f31b8da57582dbdb1e63033
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_i386.deb
Size/MD5: 416328 ef092c08ba2c167af0da25ab743ea663
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_i386.deb
Size/MD5: 117302 b2633ed4487657fe349fd3de76fce405
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_i386.udeb
Size/MD5: 227436 f55ab8a9bb7e76ad743f6c0fa2974e64
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_powerpc.deb
Size/MD5: 708654 ee71c714e62e96a9af4cf7ba909142e6
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_powerpc.deb
Size/MD5: 431036 4f1c6a1e28d3a14b593bef37605119ab
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_powerpc.deb
Size/MD5: 134260 66ba7d95f551eaadb1bba5a56d76529d
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_powerpc.udeb
Size/MD5: 241726 d2c4f13b12c8280b1fad56cdc0965502
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_sparc.deb
Size/MD5: 683964 49df9101deb9a317229351d72b5804ec
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_sparc.deb
Size/MD5: 411982 efaca20d5deec9e51be023710902852b
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_sparc.deb
Size/MD5: 120138 ff723720ed499e40049e3487844b9db3
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_sparc.udeb
Size/MD5: 222676 71f172ba71fc507b04e5337d55b32ed6
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.diff.gz
Size/MD5: 40949 1cc5014da4db8200edb54df32561fcd0
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.dsc
Size/MD5: 907 7f698125814f4ca67a01b0a66d9bcfe9
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz
Size/MD5: 1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_amd64.deb
Size/MD5: 694322 c740e1665d09a0c691163a543c8d650b
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_amd64.deb
Size/MD5: 362386 5b085e83764fcda129bede2c5c4ca179
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_amd64.deb
Size/MD5: 221392 dbebbbaffc086dccf550468fff1daa92
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_amd64.udeb
Size/MD5: 258454 f3903d4e43891753f3c6439cd862617f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_i386.deb
Size/MD5: 663330 7601af27049730f0f7afcfa30244ae88
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_i386.deb
Size/MD5: 347172 de53a441e28e385598d20333ff636026
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_i386.deb
Size/MD5: 201266 c9c50bdc87d0a46fc43f3bbca26adec5
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_i386.udeb
Size/MD5: 243462 16bb61f604fe48a301f6faeaa094d266
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_lpia.deb
Size/MD5: 665120 bf0dcd13b8a171f6a740ca225d943e68
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_lpia.deb
Size/MD5: 347512 d2beee3ccf7fe0233825d46cc61ca62d
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_lpia.deb
Size/MD5: 205560 7879f630a5356e3d6e9c0609e8008de9
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_lpia.udeb
Size/MD5: 244324 4e10fb5e68a78312eb02c69508120c6a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_powerpc.deb
Size/MD5: 687156 6d36300396fa84d6f889147b0247f385
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_powerpc.deb
Size/MD5: 358086 06b9874cc9ba11fdb6feb10b0831e890
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_powerpc.deb
Size/MD5: 235578 ce514bab4cbc028a0451742c38c633cd
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_powerpc.udeb
Size/MD5: 254526 d50f40a9421b52f4302c4d260170edb3
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_sparc.deb
Size/MD5: 658094 184f0f51023baa8ce459fababaa190d9
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_sparc.deb
Size/MD5: 332124 5aa036de5269896c893ea8f825329b84
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_sparc.deb
Size/MD5: 199782 9323f9209333cf42114e97d3305d901c
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_sparc.udeb
Size/MD5: 227810 7657e99ad137ad5ce654b74cfbbfdc10
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.diff.gz
Size/MD5: 44032 17b27322a6448d40599c55561209c940
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.dsc
Size/MD5: 1311 5124a4df7016a625a631c1ff4661aae9
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz
Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_amd64.deb
Size/MD5: 729408 788a2af765a8356c4a7c01e893695b0b
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_amd64.udeb
Size/MD5: 272950 a1f9a0ad0d036e5a14b073c139ce5408
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_amd64.deb
Size/MD5: 407052 bfd510dc0c46a0f25dd3329693ee66a8
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_amd64.deb
Size/MD5: 226474 9b8e6c521d8629b9b1db2760209460a3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_i386.deb
Size/MD5: 697818 9176ee8649b8441333d7c5d9359c53a6
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_i386.udeb
Size/MD5: 257896 c26f46491d69a174fa9cad126a3201cf
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_i386.deb
Size/MD5: 392692 648d0605a187b74291b3233e5e4930e3
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_i386.deb
Size/MD5: 198834 0b41da08de5417a7db21e24e730e03d9
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_lpia.deb
Size/MD5: 698682 12c20dd647db986bd87a250d8706e8e8
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_lpia.udeb
Size/MD5: 257736 dee60e4b8a1824d2aa13364ec0f01602
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_lpia.deb
Size/MD5: 392978 e19bcc3c8c0cec76227c64843b01516a
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_lpia.deb
Size/MD5: 201636 a558e986b6c6e878e115126e7d3a28a5
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_powerpc.deb
Size/MD5: 720040 70c8792cddd9cfe45480f8d760dd0163
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_powerpc.udeb
Size/MD5: 265790 b356a500845d045f431db6ef4db4f811
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_powerpc.deb
Size/MD5: 400532 91aa4eea6b8e9b67a721b552caab8468
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_powerpc.deb
Size/MD5: 227834 fa22e303b8d06dfb99a8c3c1f2980061
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_sparc.deb
Size/MD5: 689244 dff22369b1bb07d4ef7c6d9f474149db
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_sparc.udeb
Size/MD5: 238164 cb1e597bd0065d2ffbad763a52088c1d
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_sparc.deb
Size/MD5: 372422 c6f36ae3119f8f17368d796943ba9908
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_sparc.deb
Size/MD5: 201390 c3f108859375787b11190d3c5a1d966b
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.diff.gz
Size/MD5: 43530 f78681f1641b93f34d41ff4d6f31eb71
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.dsc
Size/MD5: 1311 8a9a302e0a62f2dbe2a62aba456e2108
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz
Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_amd64.deb
Size/MD5: 731028 3b5ed0ad073cca0c1eee212b0e12f255
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_amd64.udeb
Size/MD5: 275110 a23822489a0d7d45152f341b86f0df20
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_amd64.deb
Size/MD5: 409362 ba180d650e17df6980ca09b8d1a109e1
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_amd64.deb
Size/MD5: 230774 a0a51691eefc0fb6e94d41c3282c3ab2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_i386.deb
Size/MD5: 696892 ad2164ed812ccd9cf7829659cff219c7
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_i386.udeb
Size/MD5: 258710 c2d256e87eaee83ab83592247588bee7
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_i386.deb
Size/MD5: 393912 c8d04b785d17066229bab50a3c13e1af
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_i386.deb
Size/MD5: 195702 02aa03f1f62a61383d829b5bf494b7b0
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_lpia.deb
Size/MD5: 699382 ff8200917b43322062d2f3b5f3f6bab8
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_lpia.udeb
Size/MD5: 259348 0395bdbaf357d161d0f1d3b257ae4732
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_lpia.deb
Size/MD5: 394122 8481f2e278a5da28b28ef0fa79207662
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_lpia.deb
Size/MD5: 198546 a3f0a848da83a64d14344b6744b33a90
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_powerpc.deb
Size/MD5: 719762 bd7185c852b151794c27f8c2ead4da94
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_powerpc.udeb
Size/MD5: 264578 58a77cbf2ae4c2a447a81cce72f6b8c5
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_powerpc.deb
Size/MD5: 399118 c943fa66513b862ccb6ac99699c9e33c
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_powerpc.deb
Size/MD5: 203834 842dd94d9b3fad52c0b1b6489775d2ea
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_sparc.deb
Size/MD5: 691054 557de31093ac67c2dedec97e55998295
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_sparc.udeb
Size/MD5: 240534 f3c79ed9e84e7169851de3f432b613c3
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_sparc.deb
Size/MD5: 374982 e84af1b516f050ee9bdb93c213994943
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_sparc.deb
Size/MD5: 195786 599978c8d9cff2525eba228c793833c3
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.diff.gz
Size/MD5: 41646 9b97425327300eda74c492034fed50ad
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.dsc
Size/MD5: 1313 b7b625334a0d9c926bf34cc83dcc904c
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11.orig.tar.gz
Size/MD5: 1709600 5aa22c0bc6aa3815b40a309ead2b9d1b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_amd64.deb
Size/MD5: 739530 db9147ce9477b7ab22374f89d24b24ca
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_amd64.udeb
Size/MD5: 277536 35fc46f3c281aee82eeed4e00cfdacdc
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_amd64.deb
Size/MD5: 434932 1bf8e620c3008504b87354470e7be9a5
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_amd64.deb
Size/MD5: 221434 4b4fcbd633bf1b3c2151617adae44835
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_i386.deb
Size/MD5: 704694 f58601afde2b4bc257492762654cbf94
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_i386.udeb
Size/MD5: 260916 a540a7f9ae973bce66bbd3fdb9a4f849
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_i386.deb
Size/MD5: 419000 d4a78ce7ae146caa59b61f43b27d363c
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_i386.deb
Size/MD5: 188710 e94b4202fcfe184fdf81409fe610a42a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_powerpc.deb
Size/MD5: 728090 5f2e98a54cb2a0ac03591c387aacf461
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_powerpc.udeb
Size/MD5: 266750 66bf2b146ab219d1b78e1887d0053f2a
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_powerpc.deb
Size/MD5: 424614 fd964644b45bbbc79729c9609c4b6bb8
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_powerpc.deb
Size/MD5: 196686 b88a8cebff19c95b6c9c161f7d1bb472
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_sparc.deb
Size/MD5: 707164 bf26d7cb1aa3f759ca31510f92888053
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_sparc.udeb
Size/MD5: 250768 100b4d4b270421fb1dcb503c88b547e8
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_sparc.deb
Size/MD5: 408132 b009cd0f1aafa500f8cc16273e9f2ed9
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_sparc.deb
Size/MD5: 198302 504ec3da9ee2048391e2c4035d7149fc
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2105-1 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
September 07, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : freetype
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-1797 CVE-2010-2541 CVE-2010-2805 CVE-2010-2806
CVE-2010-2807 CVE-2010-2808 CVE-2010-3053
Several vulnerabilities have been discovered in the FreeType font
library.
For the stable distribution (lenny), these problems have been fixed in
version 2.3.7-2+lenny3
For the unstable distribution (sid) and the testing distribution
(squeeze), these problems have been fixed in version 2.4.2-1
We recommend that you upgrade your freetype package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.diff.gz
Size/MD5 checksum: 39230 95a3841e7258573ca2d3e0075b8e7f73
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.dsc
Size/MD5 checksum: 1219 2a2bf3d4568d92e2a48ebcda38140e73
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_alpha.deb
Size/MD5 checksum: 775278 2f2ca060588fc33b6d7baae02201dbd2
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_alpha.deb
Size/MD5 checksum: 412188 ad9537e93ed3fb61f9348470940f3ce5
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb
Size/MD5 checksum: 296592 e689b1c4b6bd7779e44d1cd641be9622
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_alpha.deb
Size/MD5 checksum: 253786 287a98ca57139d4dee8041eba2881e3b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_amd64.deb
Size/MD5 checksum: 713260 f1d4002e7b6d185ff9f46bc25d67c4c9
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_amd64.deb
Size/MD5 checksum: 223170 cb00f76d826be115243faa9dfd0b8a91
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_amd64.udeb
Size/MD5 checksum: 269796 40762e686138c27ac92b20174e67012e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_amd64.deb
Size/MD5 checksum: 385848 0294d7e3e1d6b37532f98344a9849cde
arm architecture (ARM)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_arm.deb
Size/MD5 checksum: 686154 fbe32c7124ba2ce093b31f46736e002b
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_arm.deb
Size/MD5 checksum: 357158 0d793d543a33cfa192098234c925d639
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_arm.udeb
Size/MD5 checksum: 242196 1cfc9f7dc6a7cd0843aa234bab35b69e
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_arm.deb
Size/MD5 checksum: 205120 39ab4dfbc19c8a63affc493e0b5aaf2d
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_armel.deb
Size/MD5 checksum: 684568 325686fbc2fba7687da424ada57b9419
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_armel.deb
Size/MD5 checksum: 209992 69f6a68fb90658ec74dfd7cc7cc0b766
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb
Size/MD5 checksum: 236564 a48afca5c6798d16b140b3362dfac0ca
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_armel.deb
Size/MD5 checksum: 353814 76960109910d6de2f74ec0e345f00854
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_i386.udeb
Size/MD5 checksum: 254452 a34af74eda0feb2b763cfc6f5b8330c1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_i386.deb
Size/MD5 checksum: 371586 ec294ffffeb9ddec389e3e988d880534
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_i386.deb
Size/MD5 checksum: 198558 3283ad058d37eed8bca46df743c6a915
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_i386.deb
Size/MD5 checksum: 684624 014d335b35ed41022adb628796a0c122
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_ia64.deb
Size/MD5 checksum: 332160 2dbb364f09414e4b0e0f59d9e91d1edc
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_ia64.deb
Size/MD5 checksum: 876692 2f6d3421d6c8424523388347c5640666
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_ia64.deb
Size/MD5 checksum: 531496 5dd7755f63271f597b64c3f513e8e7f1
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_ia64.udeb
Size/MD5 checksum: 415934 ea2ba16157b3504d8b9c8f251b69b16f
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mips.deb
Size/MD5 checksum: 717022 9ee8c246af10f4bf7cdf5cdc54010dd6
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mips.deb
Size/MD5 checksum: 213212 3641ad81738e8935c5df2b648383c8e0
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mips.deb
Size/MD5 checksum: 369018 18559e273ffcea5614e71ab32b95ef47
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb
Size/MD5 checksum: 253924 1be1e224f27a780beb6799d55fa74663
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mipsel.deb
Size/MD5 checksum: 369772 6181d98166fe1f004fb033f2665ce4af
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mipsel.deb
Size/MD5 checksum: 214802 6edbec67ff79e96921d1fe4bf57b0fce
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mipsel.deb
Size/MD5 checksum: 712502 4a99ccc68b1913f88901c5e0686fea4f
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mipsel.udeb
Size/MD5 checksum: 254212 e30825a94175fd78a561b8365392cbad
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_powerpc.udeb
Size/MD5 checksum: 262804 d35ced8ba625f39dc7a04e3e61e0d49d
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_powerpc.deb
Size/MD5 checksum: 233882 6e294c19dd0109ee80fe6cd401b6a185
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_powerpc.deb
Size/MD5 checksum: 378612 c96a180e7132c543396486b14107cdad
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_powerpc.deb
Size/MD5 checksum: 708212 9602a7786b2ebffd1d75d443901574c5
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_s390.deb
Size/MD5 checksum: 225190 393c9515f7cd89bcd8b0c38d6d6dd7ac
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_s390.deb
Size/MD5 checksum: 384160 4e20bc56e5fc65fb08529d8765d28850
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_s390.deb
Size/MD5 checksum: 698798 f589b6b8882d998bb7b89fa1dfa40b3a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb
Size/MD5 checksum: 268272 7b6511b9ad657aa165e906a4fcbfee11
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_sparc.deb
Size/MD5 checksum: 200078 29c1833cbde5b4da5c2e35aaf856ab58
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb
Size/MD5 checksum: 235424 e64a8fc3b744253b22161e31fbb6e92a
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_sparc.deb
Size/MD5 checksum: 352544 a7f480889460b104bbab16fd8d8da2d5
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_sparc.deb
Size/MD5 checksum: 676520 6d0f57a5bd6457a9b9b85271c7001531
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkyGowMACgkQNxpp46476aos+gCggzMhJbnoGyXAhf8hfIrNJLn7
reQAnj4mmmGRshTxck3LwMxdmtAhb8uJ
=RkKg
-----END PGP SIGNATURE-----
.
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3054
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
b8ab28fadc221eeae0ea9d9d14648be6 2008.0/i586/libfreetype6-2.3.5-2.5mdv2008.0.i586.rpm
b1341c5c0f0ed584ce12b5076af1bfa0 2008.0/i586/libfreetype6-devel-2.3.5-2.5mdv2008.0.i586.rpm
b806a4715130d102ea43695fe943cadf 2008.0/i586/libfreetype6-static-devel-2.3.5-2.5mdv2008.0.i586.rpm
d56c81e34ba5a646112cf7f54d1b6770 2008.0/SRPMS/freetype2-2.3.5-2.5mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
537b00290a2d20e10bfd103a01bfbcbe 2008.0/x86_64/lib64freetype6-2.3.5-2.5mdv2008.0.x86_64.rpm
28178fd2d4c12cb0806f29a283b56e60 2008.0/x86_64/lib64freetype6-devel-2.3.5-2.5mdv2008.0.x86_64.rpm
fccebfb3e2bc0f752ef37700107db924 2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.5mdv2008.0.x86_64.rpm
d56c81e34ba5a646112cf7f54d1b6770 2008.0/SRPMS/freetype2-2.3.5-2.5mdv2008.0.src.rpm
Mandriva Linux 2009.0:
9c93eb065e0fb99af3c7f8e23d323ff6 2009.0/i586/libfreetype6-2.3.7-1.4mdv2009.0.i586.rpm
9d18899bdac168770c4d44b1e1610107 2009.0/i586/libfreetype6-devel-2.3.7-1.4mdv2009.0.i586.rpm
1865120e616ce57a9d8a3a91980456d3 2009.0/i586/libfreetype6-static-devel-2.3.7-1.4mdv2009.0.i586.rpm
45197fd09ebbc0dd4b7f704843568d7a 2009.0/SRPMS/freetype2-2.3.7-1.4mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
daf8318e7b97d0781fa8403145d09d8b 2009.0/x86_64/lib64freetype6-2.3.7-1.4mdv2009.0.x86_64.rpm
5cbfff99d66a0133a52a438a7aaeea20 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.4mdv2009.0.x86_64.rpm
8aa86b0aba83c69d7ea2f6cef14ea420 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.4mdv2009.0.x86_64.rpm
45197fd09ebbc0dd4b7f704843568d7a 2009.0/SRPMS/freetype2-2.3.7-1.4mdv2009.0.src.rpm
Mandriva Linux 2009.1:
d5a7a6e2f6ed6b27be3b4c65cf8db53f 2009.1/i586/libfreetype6-2.3.9-1.5mdv2009.1.i586.rpm
40a0a8d44bfe4ec11f3e997ed9edb223 2009.1/i586/libfreetype6-devel-2.3.9-1.5mdv2009.1.i586.rpm
02597999b4a298ab1ab3d899c56e3931 2009.1/i586/libfreetype6-static-devel-2.3.9-1.5mdv2009.1.i586.rpm
3b53c61c4f842c7430efb0ba8635780e 2009.1/SRPMS/freetype2-2.3.9-1.5mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
68cb77ee3e1a6f154893976f9f2c86f5 2009.1/x86_64/lib64freetype6-2.3.9-1.5mdv2009.1.x86_64.rpm
52079b7f8a02a8a82eb74dd3dd7f1ac2 2009.1/x86_64/lib64freetype6-devel-2.3.9-1.5mdv2009.1.x86_64.rpm
3ae9c45414c50fe341c2b65ed2589128 2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.5mdv2009.1.x86_64.rpm
3b53c61c4f842c7430efb0ba8635780e 2009.1/SRPMS/freetype2-2.3.9-1.5mdv2009.1.src.rpm
Corporate 4.0:
e65d074d40c5674d71645c0b953fa72c corporate/4.0/i586/libfreetype6-2.1.10-9.12.20060mlcs4.i586.rpm
6d079e702800250eb1fdc29e3b6671b9 corporate/4.0/i586/libfreetype6-devel-2.1.10-9.12.20060mlcs4.i586.rpm
ad17cec3f86861c64df161cde9f878d2 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.12.20060mlcs4.i586.rpm
49d536d05fbb579529052c3fe8f5bb70 corporate/4.0/SRPMS/freetype2-2.1.10-9.12.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
a8a1aa31b5dbae30a8a40c18d0f9aa0f corporate/4.0/x86_64/lib64freetype6-2.1.10-9.12.20060mlcs4.x86_64.rpm
a9070117f5ea61b8da081ab5ffcf0e8d corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.12.20060mlcs4.x86_64.rpm
225ae55631ecd27e702a3dc032d958d9 corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.12.20060mlcs4.x86_64.rpm
49d536d05fbb579529052c3fe8f5bb70 corporate/4.0/SRPMS/freetype2-2.1.10-9.12.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
12cda3818dde1eaeb0fecc8f280e69ab mes5/i586/libfreetype6-2.3.7-1.4mdvmes5.1.i586.rpm
8906db2649c57e95df267bea2f966e62 mes5/i586/libfreetype6-devel-2.3.7-1.4mdvmes5.1.i586.rpm
03d24b33e39931fac9ee87f2da4bd102 mes5/i586/libfreetype6-static-devel-2.3.7-1.4mdvmes5.1.i586.rpm
4144b8e7112835012774ceff3a4465b0 mes5/SRPMS/freetype2-2.3.7-1.4mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
aa4547c5192dbafe9fa713e8c555f995 mes5/x86_64/lib64freetype6-2.3.7-1.4mdvmes5.1.x86_64.rpm
eaed945ee28b755846369e3ee4961a87 mes5/x86_64/lib64freetype6-devel-2.3.7-1.4mdvmes5.1.x86_64.rpm
eb183880095fdf063c2e96b15ab7b613 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.4mdvmes5.1.x86_64.rpm
4144b8e7112835012774ceff3a4465b0 mes5/SRPMS/freetype2-2.3.7-1.4mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMcR0TmqjQ0CJFipgRAoDhAKCEDvmL6DxMK1W23Qx0a994DC9+vwCbBZ9I
PpYmOElf5juXATavEmGyPbs=
=ofS6
-----END PGP SIGNATURE-----
| VAR-201008-0042 | CVE-2010-0834 | Ubuntu Vulnerability to execute arbitrary code in the base file package running above |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. Ubuntu installed on Dell Latitude 2110 netbooks is prone to a security-bypass vulnerability.
Successfully exploiting this issue will allow attackers to install malicious packages, resulting in the complete compromise of affected computers. ===========================================================
Ubuntu Security Notice USN-968-1 August 05, 2010
base-files vulnerability
CVE-2010-0834
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
base-files 5.0.0ubuntu7.1
Ubuntu 10.04 LTS:
base-files 5.0.0ubuntu20.10.04.2
In general, a standard system update will make all the necessary changes.
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/base-files_5.0.0ubuntu7.1.dsc
Size/MD5: 853 a699f7de48cd09591785129b4840ef56
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/base-files_5.0.0ubuntu7.1.tar.gz
Size/MD5: 74901 d802a9135ce2e49e065926b69e16e646
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/lsb-release-udeb_5.0.0ubuntu7.1_all.udeb
Size/MD5: 788 558c290ae2250679a3836da80fa3ebc0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/base-files_5.0.0ubuntu7.1_amd64.deb
Size/MD5: 68358 67faf1b12530db1c708ba12994d88f60
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/base-files_5.0.0ubuntu7.1_i386.deb
Size/MD5: 68354 ec91c2c47ba30e2a3f2c5ee3ef73d812
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/b/base-files/base-files_5.0.0ubuntu7.1_lpia.deb
Size/MD5: 68360 1feaa5345fd288eca0fdd180ee12e140
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/b/base-files/base-files_5.0.0ubuntu7.1_powerpc.deb
Size/MD5: 68364 4543aabd986eced6a2dadd78ab93daf9
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/b/base-files/base-files_5.0.0ubuntu7.1_sparc.deb
Size/MD5: 68366 2ccfbeddb349e6999d93d2505ed40a10
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/base-files_5.0.0ubuntu20.10.04.2.dsc
Size/MD5: 876 9afddf09156582a48e57c76fab0cf4fa
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/base-files_5.0.0ubuntu20.10.04.2.tar.gz
Size/MD5: 76356 d57362eab34a8e9f6cf27b595143c332
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/lsb-release-udeb_5.0.0ubuntu20.10.04.2_all.udeb
Size/MD5: 788 3e937b94118602fc84aab4adbe3f9e97
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/base-files_5.0.0ubuntu20.10.04.2_amd64.deb
Size/MD5: 70240 2ecf9c810ef2f2315f63881068d8b839
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/base-files_5.0.0ubuntu20.10.04.2_i386.deb
Size/MD5: 70236 d780378cf42209eeb90ed2f68940b837
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/b/base-files/base-files_5.0.0ubuntu20.10.04.2_powerpc.deb
Size/MD5: 70230 3a5889ee074ddf43e7be7e6cbbc81c16
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/b/base-files/base-files_5.0.0ubuntu20.10.04.2_sparc.deb
Size/MD5: 70236 c1fdeedbea2bcb8423ea745406ec3a05
. ----------------------------------------------------------------------
Get tweets from Secunia
http://twitter.com/secunia
----------------------------------------------------------------------
TITLE:
Ubuntu base-files Dell Latitude 2110 Unauthenticated Package
Installation
SECUNIA ADVISORY ID:
SA40889
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40889/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40889
RELEASE DATE:
2010-08-07
DISCUSS ADVISORY:
http://secunia.com/advisories/40889/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40889/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40889
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Canonical has acknowledged a vulnerability in Ubuntu, which can be
exploited by malicious people to bypass certain security features. This can be exploited to
e.g.
SOLUTION:
Apply updated packages.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
USN-968-1:
http://www.ubuntu.com/usn/usn-968-1
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201008-0048 | CVE-2010-2706 | HP ProCurve 2610 Switch In-band Agent Service disruption in (DoS) Vulnerabilities |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors. The HP ProCurve Switch is a network switch developed by Hewlett-Packard. HP ProCurve 2610 series switches are prone to multiple unspecified denial-of-service vulnerabilities because they fail to properly sanitize user-supplied input.
An attacker can exploit these issues to crash the device. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02436043
Version: 1
HPSBGN02559 SSRT100192 rev.1 - HP ProCurve 2610 Switch In-band Agent, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. The vulnerability could be remotely exploited resulting in a Denial of Service (DoS).
References: CVE-2010-2706, HP PR#18756
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
J9085A ProCurve Switch 2610-24
J9088A ProCurve Switch 2610-48
J9086A ProCurve Switch 2610-24/12PWR
J9087A ProCurve Switch 2610-24-PWR
J9089A ProCurve Switch 2610-48-PWR
Released versions prior to R.11.30
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-2706 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software update available to resolve this vulnerability.
Product Version: R.11.30 or later.
The updates are available from the following location:
http://www.procurve.com/customercare/support/software/switches.htm
PRODUCT SPECIFIC INFORMATION
None
HISTORY:
Version: 1 (rev.1) 4 August 2010 Initial release.
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkxZzb4ACgkQ4B86/C0qfVn6qQCfVYijKtWJOur5AsbH0PSjXAC1
HDsAoP8h9NFu1iE/kX4lJjIoXq6dIj89
=pWzv
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420."
Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:
http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf
----------------------------------------------------------------------
TITLE:
HP ProCurve 2610 Two Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA40864
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40864/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40864
RELEASE DATE:
2010-08-06
DISCUSS ADVISORY:
http://secunia.com/advisories/40864/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40864/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40864
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in HP ProCurve 2610 Series
switches, which can be exploited by malicious people to cause a DoS
(Denial of Service). No further information is currently available.
This vulnerability is reported in versions prior to R.11.30. No further information is currently available.
This vulnerability is reported in versions prior to R.11.22.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBGN02559 SSRT100192:
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02436043
HPSBGN02561 SSRT100194:
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02436045
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201008-0051 | CVE-2010-2708 | HP ProCurve 2610 Service disruption in switches (DoS) Vulnerabilities |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors. The HP ProCurve Switch is a network switch developed by Hewlett-Packard. There is an unspecified error in the DHCP service provided by the device. The attacker can perform a denial of service attack on the device. HP ProCurve 2610 series switches are prone to multiple unspecified denial-of-service vulnerabilities because they fail to properly sanitize user-supplied input. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02436045
Version: 1
HPSBGN02561 SSRT100194 rev.1 - HP ProCurve 2610 Switches running DHCP, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-08-04
Last Updated: 2010-08-04
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified in the ProCurve 2610 Switches running DHCP. The vulnerability could be remotely exploited resulting in a Denial of Service (DoS).
References: CVE-2010-2708, HP PR#11503
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
J9085A ProCurve Switch 2610-24
J9088A ProCurve Switch 2610-48
J9086A ProCurve Switch 2610-24/12PWR
J9087A ProCurve Switch 2610-24-PWR
J9089A ProCurve Switch 2610-48-PWR
Released versions prior to R.11.22
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-2708 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software update available to resolve this vulnerability.
Product Version: R.11.22 or later.
The updates are available from the following location:
http://www.procurve.com/customercare/support/software/switches.htm
PRODUCT SPECIFIC INFORMATION
None
HISTORY:
Version: 1 (rev.1) 4 August 2010 Initial release.
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkxZzb4ACgkQ4B86/C0qfVmHUQCguy73MxsSUepFrFfoFjArRbRa
vCQAoLAW4GmoAl6OfZexNT44nitEZjq3
=7Fzj
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420."
Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:
http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf
----------------------------------------------------------------------
TITLE:
HP ProCurve 2610 Two Denial of Service Vulnerabilities
SECUNIA ADVISORY ID:
SA40864
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40864/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40864
RELEASE DATE:
2010-08-06
DISCUSS ADVISORY:
http://secunia.com/advisories/40864/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40864/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40864
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in HP ProCurve 2610 Series
switches, which can be exploited by malicious people to cause a DoS
(Denial of Service). No further information is currently available.
This vulnerability is reported in versions prior to R.11.30. No further information is currently available.
This vulnerability is reported in versions prior to R.11.22.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBGN02559 SSRT100192:
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02436043
HPSBGN02561 SSRT100194:
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02436045
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201008-0273 | CVE-2010-2968 | Wind River VxWorks FTP Daemon Permissions and Access Control Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. Remote attackers can easily gain access with brute-force attacks
| VAR-201008-0050 | CVE-2010-2707 | HP ProCurve 2626/2650 Unknown Security Bypass Vulnerability |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. The HP ProCurve Switch is a network switch developed by Hewlett-Packard. HP ProCurve 2626/2650 series switches are prone to an unspecified security bypass vulnerability. ----------------------------------------------------------------------
"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420."
Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:
http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf
----------------------------------------------------------------------
TITLE:
HP ProCurve 2626/2650 Security Bypass Vulnerability
SECUNIA ADVISORY ID:
SA40865
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40865/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40865
RELEASE DATE:
2010-08-06
DISCUSS ADVISORY:
http://secunia.com/advisories/40865/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40865/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40865
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in HP ProCurve 2600 Series
switches, which can be exploited by malicious people to bypass
certain security restrictions. No further information is
currently available.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBGN02560 SSRT100193:
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02436047
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02436047
Version: 1
HPSBGN02560 SSRT100193 rev.1 - HP ProCurve 2626 and 2650 Switches, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-08-04
Last Updated: 2010-08-04
Potential Security Impact: Remote unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified in ProCurve 2626 and 2650 Switches. The vulnerability could result in remote unauthorized access.
References: CVE-2010-2707, HP PR#15972
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
J8165A ProCurve Switch 2650-PWR
J4899A, J4899B, and J4899C ProCurve Switch 2650
J8164A ProCurve Switch 2626-PWR
J4900A, J4900B, and J4900C ProCurve Switch 2626
Released versions prior to H.10.80
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-2707 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software update available to resolve this vulnerability.
Product Version: H.10.80 or later.
The updates are available from the following location:
http://www.procurve.com/customercare/support/software/switches.htm
PRODUCT SPECIFIC INFORMATION
None
HISTORY:
Version: 1 (rev.1) 4 August 2010 Initial release.
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkxZzb4ACgkQ4B86/C0qfVlGjwCgj7zooKj2/UJlVyAW4aMHMzxY
fUAAnj8yZEL4EvjtEFaS+xY3WLxwcmu3
=Zbzo
-----END PGP SIGNATURE-----
| VAR-201008-0047 | CVE-2010-2705 | HP ProCurve 1800 switch SNMP Unknown Information Disclosure Vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via unknown vectors. The HP ProCurve Switch is a network switch developed by Hewlett-Packard. HP ProCurve 1800 Switches are prone to an unspecified remote information-disclosure vulnerability. Other attacks with unspecified impact may also be possible. We will update this BID when more information becomes available. ----------------------------------------------------------------------
"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420."
Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:
http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf
----------------------------------------------------------------------
TITLE:
HP ProCurve 1800 SNMP Information Disclosure Vulnerability
SECUNIA ADVISORY ID:
SA40867
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40867/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40867
RELEASE DATE:
2010-08-06
DISCUSS ADVISORY:
http://secunia.com/advisories/40867/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40867/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40867
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in HP ProCurve 1800 Series
switches, which can be exploited by malicious people to disclose
potentially sensitive information.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBGN02501 SSRT071407:
https://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02436028
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02436028
Version: 1
HPSBGN02501 SSRT071407 rev.1 - HP ProCurve 1800 Switches running SNMP, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-08-04
Last Updated: 2010-08-04
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified in HP ProCurve 1800 Switches running SNMP. The vulnerability could be remotely exploited resulting in a disclosure of information.
References: CVE-2010-2705, HP PR#3791
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkxZzb4ACgkQ4B86/C0qfVnQtACfYS1KsuN0ChE28rYehq7Yclwz
PK8An2F5W7Hyip992VLvYOOZ6B1D0b91
=EDXR
-----END PGP SIGNATURE-----
| VAR-201008-0194 | CVE-2010-2821 | Cisco Firewall TCP Denial of service vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) with software 3.2 before 3.2(17.2), 4.0 before 4.0(11.1), and 4.1 before 4.1(1.2) for Catalyst 6500 series switches and 7600 series routers, when multi-mode is enabled, allows remote attackers to cause a denial of service (device reload) via crafted (1) Telnet, (2) SSH, or (3) ASDM traffic over TCP, aka Bug ID CSCtg68694. The Cisco Firewall Services Module is a firewall service module used on multiple cisco products. Users can divide a single FWSM into multiple virtual devices, which is called a security context. Each security context has its own security policy, interface, and administrator. Multiple contexts are similar to multiple independent services, supporting routing tables, firewall functions, and management functions in multiple context modes. However, this vulnerability is only affected if the Cisco FWSM is configured in multi-mode (using a virtual firewall) and receives Telnet, SSH or ASDM connections. Note: This vulnerability requires three TCP handshakes to be completed before reuse. This vulnerability can only be triggered by communication for devices, and Transit communication cannot trigger this vulnerability.
An attacker can exploit this issue to cause affected devices to reload, triggering a denial-of-service condition.
This issue is tracked by Cisco Bug ID CSCtg68694. ----------------------------------------------------------------------
"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420."
Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:
http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf
----------------------------------------------------------------------
TITLE:
Cisco Firewall Services Module Multiple Denial of Service
Vulnerabilities
SECUNIA ADVISORY ID:
SA40843
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40843/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40843
RELEASE DATE:
2010-08-06
DISCUSS ADVISORY:
http://secunia.com/advisories/40843/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40843/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40843
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco Firewall Services
Module (FWSM), which can be exploited by malicious people to cause a
DoS (Denial of Service).
1) Three errors exist in the SunRPC inspection engine while
processing certain SunRPC messages. This can be exploited to reload a
device via specially crafted SunRPC packets that transit the
appliance.
SOLUTION:
Update to a fixed version. Please see the vendor's advisory for
detailed patch information.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
cisco-sa-20100804-fwsm:
http://www.cisco.com/warp/public/707/cisco-sa-20100804-fwsm.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. Repeated
exploitation could result in a sustained DoS condition.
Cisco has released free software updates that address these
vulnerabilities. Workarounds are available for the vulnerabilities
disclosed in this advisory.
Note: These vulnerabilities are independent of each other.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100804-fwsm.shtml
Note: The Cisco ASA 5500 Series Adaptive Security Appliances are
affected by the SunRPC inspection vulnerabilities described in this
advisory. A separate Cisco Security Advisory has been published to
disclose this and other vulnerabilities that affect the Cisco ASA
5500 Series Adaptive Security Appliances. Affected versions of Cisco FWSM Software vary
depending on the specific vulnerability. SunRPC
inspection is enabled by default.
To check if SunRPC inspection is enabled, use the "show service-policy
| include sunrpc" command and confirm that the command returns output,
as shown in the following example:
fwsm#show service-policy | include sunrpc
Inspect: sunrpc , packet 0, drop 0, reset-drop 0
Alternatively, a device that has SunRPC inspection enabled has a
configuration similar to the following:
class-map inspection_default
match default-inspection-traffic
!
policy-map global_policy
class inspection_default
...
inspect sunrpc
...
!
service-policy global_policy global
Note: The Cisco ASA 5500 Series Adaptive Security Appliances are
affected by the SunRPC inspection vulnerabilities described in this
advisory. A separate Cisco Security Advisory has been published to
disclose this and other vulnerabilities that affect the Cisco ASA
5500 Series Adaptive Security Appliances. The advisory is available
at:
http://www.cisco.com/warp/public/707/cisco-sa-20100804-asa.shtml
TCP Denial of Service Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cisco FWSM Software version 3.x and 4.x are affected by this
vulnerability when configured in multi-mode (with virtual firewalls)
and with any of the following features:
* ASDM Administrative Access
* Telnet
* SSH
To verify if the FWSM is running in multiple mode, use the "show mode"
command, as shown in the following example:
FWSM(config)#show mode
Security context mode: multiple
The flash mode is the SAME as the running mode.
The following commands are used to enable the HTTPS server and allow
only hosts on the inside interface with an address in the 192.168.1.0
/24 network to create ASDM, SSH or Telnet connections:
asa(config)# http server enable
asa(config)# http 192.168.1.0 255.255.255.0 inside
asa(config)# telnet 192.168.1.0 255.255.255.0 inside
asa(config)# ssh 192.168.1.0 255.255.255.0 inside
Determining Software Versions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To determine the version of Cisco FWSM Software that is running,
issue the "show module" command from Cisco IOS Software or Cisco
Catalyst Operating System Software to identify what modules and sub
modules are installed on the system.
The following example shows a system with a Cisco FWSM (WS-SVC-FWM-1)
installed in slot 2:
switch>show module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 16 SFM-capable 16 port 1000mb GBIC WS-X6516-GBIC SAL06334NS9
2 6 Firewall Module WS-SVC-FWM-1 SAD10360485
3 8 Intrusion Detection System WS-SVC-IDSM-2 SAD0932089Z
4 4 SLB Application Processor Complex WS-X6066-SLB-APC SAD093004BD
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B SAL0934888E
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
1 0009.11e3.ade8 to 0009.11e3.adf7 5.1 6.3(1) 8.5(0.46)RFW Ok
2 0018.ba41.5092 to 0018.ba41.5099 4.0 7.2(1) 3.2(2)10 Ok
3 0014.a90c.9956 to 0014.a90c.995d 5.0 7.2(1) 5.1(6)E1 Ok
4 0014.a90c.66e6 to 0014.a90c.66ed 1.7 4.2(3) Ok
5 0013.c42e.7fe0 to 0013.c42e.7fe3 4.4 8.1(3) 12.2(18)SXF1 Ok
[...]
After locating the correct slot, issue the "show module <slot number>"
command to identify the software version that is running, as shown in
the following example:
switch>show module 2
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
2 6 Firewall Module WS-SVC-FWM-1 SAD10360485
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
2 0018.ba41.5092 to 0018.ba41.5099 4.0 7.2(1) 3.2(2)10 Ok
[...]
The preceding example shows that the FWSM is running software version
3.2(2)10 as indicated by the column under "Sw."
Note: Recent versions of Cisco IOS Software will show the software
version of each module in the output from the "show module" command;
therefore, executing the "show module <slot number>" command is not
necessary.
If a Virtual Switching System (VSS) is used to allow two physical
Cisco Catalyst 6500 Series Switches to operate as a single logical
virtual switch, the "show module switch all" command can display the
software version of all FWSMs that belong to switch 1 and switch 2.
The output from this command will be similar to the output from the
"show module <slot number>" but will include module information for the
modules in each switch in the VSS.
Alternatively, version information can be obtained directly from the
FWSM through the show version command, as shown in the following
example:
FWSM> show version
FWSM Firewall Version 3.2(2)10
[...]
Customers who use the Cisco Adaptive Security Device Manager (ASDM)
to manage their devices can find the version of the software
displayed in the table in the login window or in the upper left
corner of the ASDM window. The version notation is similar to the
following example.
FWSM Version: 3.2(2)10
Products Confirmed Not Vulnerable
+--------------------------------
With the exception of Cisco ASA 5500 Series Adaptive Security
Appliances, no other Cisco products are currently known to be
affected by these vulnerabilities. The FWSM
offers firewall services with stateful packet filtering and deep
packet inspection.
These vulnerabilities are documented in Cisco bug IDs CSCte61710,
CSCte61622, and CSCte61662; and have been assigned Common
Vulnerabilities and Exposures (CVE) IDs CVE-2010-2818, CVE-2010-2819,
and CVE-2010-2820, respectively.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCte61710, CSCte61622, CSCte61662 - Passthrough traffic crashes FWSM
with SunRPC inspection
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCtg68694 - FWSM may crash with certain TCP sessions in multiple mode
CVSS Base Score - 7.1
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of all the vulnerabilities described in this
security advisory may cause a reload of the affected appliance.
Repeated exploitation could result in a sustained DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
+-------------------------------------------------------------------+
| | Major | First |
| Vulnerability | Release | Fixed |
| | | Release |
|--------------------------------------------+---------+------------|
| | 3.1 | 3.1(17.2) |
| |---------+------------|
| SunRPC Inspection Denial of Service | 3.2 | 3.2(16.1) |
| Vulnerabilities (CSCte61710, CSCte61622, |---------+------------|
| and CSCte61662) | 4.0 | 4.0(10.1) |
| |---------+------------|
| | 4.1 | 4.1(1.1) |
|--------------------------------------------+---------+------------|
| | 3.1 | Not |
| | | vulnerable |
| |---------+------------|
| TCP Denial of Service Vulnerability | 3.2 | 3.2(17.2) |
| (CSCtg68694) |---------+------------|
| | 4.0 | 4.0(11.1) |
| |---------+------------|
| | 4.1 | 4.1(1.2) |
+-------------------------------------------------------------------+
Recommended Releases
~~~~~~~~~~~~~~~~~~~~
The following table lists all recommended releases. These recommended
releases contain the fixes for all vulnerabilities in this advisory.
Cisco recommends upgrading to a release that is equal to or later
than these recommended releases.
+-------------------------------------------------------------------+
| Major Release | Recommended Release |
|---------------------------+---------------------------------------|
| 3.1 | 3.1(18) |
|---------------------------+---------------------------------------|
| 3.2 | 3.2(18) |
|---------------------------+---------------------------------------|
| 4.0 | 4.0(12) |
|---------------------------+---------------------------------------|
| 4.1 | 4.1(2) |
+-------------------------------------------------------------------+
Software Download
~~~~~~~~~~~~~~~~~
Fixed Cisco FWSM Software can be downloaded from the Software Center
on Cisco.com by visiting:
http://www.cisco.com/cisco/web/download/index.html
and navigating to:
Security > Cisco Catalyst 6500 Series Firewall Services Module > Firewall Services Module (FWSM) Software
Workarounds
===========
The SunRPC inspection vulnerabilities can be mitigated by disabling
SunRPC inspection, if it is not required. Administrators can disable
SunRPC inspection by issuing the "no inspect sunrpc" command in class
configuration sub-mode within policy-map configuration.
The TCP DoS vulnerability can be mitigated by only allowing trusted
hosts to communicate with the FWSM via HTTPs, SSH, or Telnet. For
example, the following commands are used to enable the HTTPS server
and allow only hosts on the inside interface with an address in the
192.168.1.0/24 network to create ASDM, SSH or Telnet connections:
asa(config)# http server enable
asa(config)# http 192.168.1.0 255.255.255.0 inside
asa(config)# telnet 192.168.1.0 255.255.255.0 inside
asa(config)# ssh 192.168.1.0 255.255.255.0 inside
Additional mitigation techniques that can be deployed on Cisco
devices within the network are available in the Cisco Applied
Mitigation Bulletin companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20100804-fwsm.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at:
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
These vulnerabilities were found during the troubleshooting of
customer service requests and internal testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20100804-fwsm.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2010-August-04 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
iD8DBQFMWMiN86n/Gc8U/uARAvJgAJ0S+X3dxciSvVwJbXA8vWnsb9lqkQCfcOna
6FAY8ScwLN4d+dsW3tBl5LU=
=lHQS
-----END PGP SIGNATURE-----
| VAR-201008-0279 | CVE-2010-2974 |
Wonderware Archestra ConfigurationAccessComponent Stack Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201008-0050, VAR-E-201008-0051 |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method. Wonderware Archestra ConfigurationAccessComponent ActiveX The control contains a buffer overflow vulnerability. The UnsubscribeData method of the IConfigurationAccess interface privately wcscpy() copies the first parameter to the static size buffer, which can trigger a buffer overflow. Successful exploitation of a vulnerability can execute arbitrary instructions with application privileges. Wonderware Archestra ConfigurationAccessComponent ActiveX control is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed attempts will likely result in denial-of-service conditions.
The vulnerable ActiveX control is included in the following products:
Wonderware Application Server prior to 3.1 Service Pack 2 Patch 01