VARIoT IoT vulnerabilities database
| VAR-201108-0336 | No CVE | Ingres Database IIPROMPT Unspecified Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Ingres Database is prone to an unspecified vulnerability that can be exploited to overflow data.
The impact is currently unknown; however, this class of vulnerability may allow attackers to gain access to sensitive information, corrupt memory or cause a denial-of-service condition.
Ingres Database versions 2.6, 9.1, 9.2, 9.3, and 10.0 for Windows are vulnerable.
| VAR-201108-0303 | No CVE | SAP NetWeaver 'EPS_DELETE_FILE' Arbitrary File Removal Vulnerability |
CVSS V2: - CVSS V3: - Severity: LOW |
SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The \"EPS_DELETE_FILE\" function has an input validation error, and an attacker submits a directory traversal sequence request to delete any file. To successfully exploit the vulnerability you need access to the default SAP account TMSADM or SAPCPIC. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing
Find out more, take a free test drive, and share your opinion with us:
http://secunia.com/blog/242
----------------------------------------------------------------------
TITLE:
SAP NetWeaver "EPS_DELETE_FILE" Arbitrary File Deletion Vulnerability
SECUNIA ADVISORY ID:
SA45715
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45715/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45715
RELEASE DATE:
2011-08-27
DISCUSS ADVISORY:
http://secunia.com/advisories/45715/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45715/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45715
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Alexey Sintsov has reported a vulnerability in SAP NetWeaver, which
can be exploited by malicious users to manipulate certain data.
TMSADM or SAPCPIC.
SOLUTION:
Apply fixes. Please see the vendor's advisory for details.
PROVIDED AND/OR DISCOVERED BY:
Alexey Sintsov, Digital Security Research Group (DSecRG).
ORIGINAL ADVISORY:
SAP:
https://service.sap.com/sap/support/notes/1554030
Digital Security Research Group:
http://dsecrg.com/pages/vul/show.php?id=331
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201109-0092 | CVE-2011-2763 |
LifeSize Room appliance authentication bypass and arbitrary code injection vulnerability
Related entries in the VARIoT exploits database: VAR-E-201108-0401, VAR-E-201108-0400 |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php. LifeSize Room appliance contains an authentication bypass and arbitrary code injection vulnerability when failing to sanitize input from unauthenticated clients. LifeSize Room is a high definition video conferencing device. LifeSize Room is prone to a security-bypass vulnerability and a command-injection vulnerability.
LifeSize Room versions 3.5.3 and 4.7.18 are affected; other versions may also be vulnerable. Discovered: 07-13-11
By: Spencer McIntyre (zeroSteiner) SecureState R&D Team
www.securestate.com
Background:
-----------
Multiple vulnerabilities within the LifeSize Room appliance.
Vulnerability Summaries:
------------------------
Login page can be bypassed, granting administrative access to the web interface.
Unauthenticated OS command injection is possible through the web interface.
The easiest way to perform these attacks is using a web proxy.
Authentication By Pass:
-----------------------
Following the request to /gateway.php that references the LSRoom_Remoting.authenticate
function, modify the AMF data in the response from the server to change "false" to "true"
Example:
Original False AMF: "\x0d\x0a\x0d\x0a\x00\x00\x00\x00\x00\x01\x00\x0c\x2f\x35\x37\x2f\x6f\x6e\x52\x65\x73\x75\x6c\x74\x00\x04\x6e\x75\x6c\x6c\x00\x00\x00\x02\x01\x00"
Modified True AMF: "\x0d\x0a\x0d\x0a\x00\x00\x00\x00\x00\x01\x00\x0c\x2f\x35\x37\x2f\x6f\x6e\x52\x65\x73\x75\x6c\x74\x00\x04\x6e\x75\x6c\x6c\xff\xff\xff\xff\x01\x01"
Command Injection:
------------------
The request to /gateway.php references a vulnerable function LSRoom_Remoting.doCommand
within the encoded AMF data. The original parameter for the vulnerable function is
"pref -l /var/system/upgrade/status" Replace this part with the command to be executed.
Authentication to the web application is not necessary however a valid PHP session ID
must be passed within the request.
References:
-----------
CVE-2011-2762 - authentication bypass
CVE-2011-2763 - OS command injection
| VAR-201109-0091 | CVE-2011-2762 |
LifeSize Room appliance authentication bypass and arbitrary code injection vulnerability
Related entries in the VARIoT exploits database: VAR-E-201108-0401, VAR-E-201108-0400 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php. LifeSize Room is a high definition video conferencing device. LifeSize Room is prone to a security-bypass vulnerability and a command-injection vulnerability.
Exploiting these issues could allow an attacker to bypass authentication or execute arbitrary commands in the context of the application.
LifeSize Room versions 3.5.3 and 4.7.18 are affected; other versions may also be vulnerable.
Unauthenticated OS command injection is possible through the web interface.
The easiest way to perform these attacks is using a web proxy.
Authentication By Pass:
-----------------------
Following the request to /gateway.php that references the LSRoom_Remoting.authenticate
function, modify the AMF data in the response from the server to change "false" to "true"
Example:
Original False AMF: "\x0d\x0a\x0d\x0a\x00\x00\x00\x00\x00\x01\x00\x0c\x2f\x35\x37\x2f\x6f\x6e\x52\x65\x73\x75\x6c\x74\x00\x04\x6e\x75\x6c\x6c\x00\x00\x00\x02\x01\x00"
Modified True AMF: "\x0d\x0a\x0d\x0a\x00\x00\x00\x00\x00\x01\x00\x0c\x2f\x35\x37\x2f\x6f\x6e\x52\x65\x73\x75\x6c\x74\x00\x04\x6e\x75\x6c\x6c\xff\xff\xff\xff\x01\x01"
Command Injection:
------------------
The request to /gateway.php references a vulnerable function LSRoom_Remoting.doCommand
within the encoded AMF data. The original parameter for the vulnerable function is
"pref -l /var/system/upgrade/status" Replace this part with the command to be executed.
Authentication to the web application is not necessary however a valid PHP session ID
must be passed within the request.
References:
-----------
CVE-2011-2762 - authentication bypass
CVE-2011-2763 - OS command injection
| VAR-201108-0132 | CVE-2011-3192 |
Apache HTTPD 1.3/2.x Range header DoS vulnerability
Related entries in the VARIoT exploits database: VAR-E-201108-0001, VAR-E-201108-0002, VAR-E-201112-0005 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. Both the 'Range' header and the 'Range-Request' header are vulnerable. The attack tool causes a significant increase in CPU and memory usage on the server. Apache HTTPD The server has a service disruption (DoS) Vulnerabilities exist. Apache HTTPD The server Range Header and Request-Range There is a problem with header processing, and service operation is interrupted. (DoS) Vulnerabilities exist. Attacks using this vulnerability have been observed. Also, "Apache Killer" The attack tool called is released. Apache The advisory states that: "Background and the 2007 report There are two aspects to this vulnerability. One is new, is Apache specific; and resolved with this server side fix. The other issue is fundamentally a protocol design issue dating back to 2007: http://seclists.org/bugtraq/2007/Jan/83 The contemporary interpretation of the HTTP protocol (currently) requires a server to return multiple (overlapping) ranges; in the order requested. This means that one can request a very large range (e.g. from byte 0- to the end) 100's of times in a single request. Being able to do so is an issue for (probably all) webservers and currently subject of an IETF discussion to change the protocol: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/311 This advisory details a problem with how Apache httpd and its so called internal 'bucket brigades' deal with serving such "valid" request. The problem is that currently such requests internally explode into 100's of large fetches, all of which are kept in memory in an inefficient way. This is being addressed in two ways. By making things more efficient. And by weeding out or simplifying requests deemed too unwieldy."Service disruption by a remote third party (DoS) There is a possibility of being attacked. ==========================================================================
Ubuntu Security Notice USN-1199-1
September 01, 2011
apache2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
A remote attacker could send crafted input to Apache and cause it to crash.
Software Description:
- apache2: Apache HTTP server
Details:
A flaw was discovered in the byterange filter in Apache.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
apache2.2-bin 2.2.17-1ubuntu1.2
Ubuntu 10.10:
apache2.2-bin 2.2.16-1ubuntu3.3
Ubuntu 10.04 LTS:
apache2.2-bin 2.2.14-5ubuntu8.6
Ubuntu 8.04 LTS:
apache2-mpm-event 2.2.8-1ubuntu0.21
apache2-mpm-perchild 2.2.8-1ubuntu0.21
apache2-mpm-prefork 2.2.8-1ubuntu0.21
apache2-mpm-worker 2.2.8-1ubuntu0.21
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1199-1
CVE-2011-3192
Package Information:
https://launchpad.net/ubuntu/+source/apache2/2.2.17-1ubuntu1.2
https://launchpad.net/ubuntu/+source/apache2/2.2.16-1ubuntu3.3
https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.6
https://launchpad.net/ubuntu/+source/apache2/2.2.8-1ubuntu0.21
. Multiple Cisco products
may be affected by this vulnerability.
Mitigations that can be deployed on Cisco devices within the network
are available in the Cisco Applied Intelligence companion document
for this Advisory:
http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=24024
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20110830-apache.shtml
Affected Products
=================
Cisco is currently evaluating products for possible exposure to this
vulnerability. Products will only be listed in the Vulnerable
Products or Products Confirmed Not Vulnerable sections of this
security advisory when a final determination about exposure is made.
Products that are not listed in either of these two sections are
still being evaluated.
Vulnerable Products
+------------------
This section will be updated when more information is available. The
following products are confirmed to be affected by this
vulnerability:
* Cisco MDS 9000 NX-OS Software releases prior to 4.2.x are
affected. Cisco MDS 9000 NX-OS Software releases 4.2.x and later
are not affected.
* Cisco NX-OS Software for Cisco Nexus 7000 Series Switches
releases prior to 4.2.x are affected. Cisco NX-OS Software for
Cisco Nexus 7000 Series Switches versions 4.2.x and later are not
affected.
* Cisco TelePresence Video Communication Server (Cisco TelePresence
VCS)
* Cisco Video Surveillance Manager (VSM)
* Cisco Video Surveillance Operations Manager (VSOM)
* Cisco Wireless Control System (WCS)
Products Confirmed Not Vulnerable
+--------------------------------
The following products are confirmed not vulnerable:
* Cisco ASA 5500 Series Adaptive Security Appliances
* Cisco Catalyst 6500 Series ASA Services Module
* Cisco Catalyst 6500 Series Firewall Services Module
* Cisco Fabric Manager
* Cisco Identity Services Engine
* Cisco Intercompany Media Engine
* Cisco IOS Software
* Cisco IOS XE Software
* Cisco IOS XR Software
* Cisco IP Interoperability and Collaboration System (IPICS)
* Cisco Unified IP Phones
* Cisco MDS 9000 NX-OS Software releases 4.2.x or later (prior
versions are affected)
* Cisco NX-OS Software for Nexus 7000 Series Switches releases
4.2.x or later (prior versions are affected)
* Cisco Prime Central
* Cisco Prime Optical
* Cisco Prime Performance Manager
* Cisco TelePresence Server
* Cisco Unified Communications Manager (formerly Cisco CallManager)
* Cisco Unity
* Cisco Unity Connection
* Cisco Wireless LAN Controllers (WLC)
This section will be updated when more information is available. Multiple Cisco products
may be affected by this vulnerability.
The following Cisco bug IDs are being used to track potential
exposure to this vulnerability. The following Cisco bug IDs do not
confirm that a product is vulnerable; rather, the Cisco bug IDs
indicate that the product is under investigation by the appropriate
product teams.
+--------------------------------------------------------------------------------------------+
| Cisco Product | Cisco bug ID |
|----------------------------------------------------------------+---------------------------|
| Cisco ACE 4710 Appliance | CSCts35635 |
|----------------------------------------------------------------+---------------------------|
| Cisco ACE Application Control Engine Module | CSCts35610 |
|----------------------------------------------------------------+---------------------------|
| Cisco ACE GSS 4400 Series Global Site Selector (GSS) | CSCts33313 |
|----------------------------------------------------------------+---------------------------|
| Cisco ACE XML Gateway | CSCts33321 |
|----------------------------------------------------------------+---------------------------|
| Cisco Active Network Abstraction | CSCts33317 |
|----------------------------------------------------------------+---------------------------|
| Cisco ASA 5500 Series Adaptive Security Appliances | CSCts33180 |
|----------------------------------------------------------------+---------------------------|
| Cisco CNS Network Registrar | CSCts36064 |
|----------------------------------------------------------------+---------------------------|
| Cisco Conductor for Videoscape | CSCts32986 |
|----------------------------------------------------------------+---------------------------|
| Cisco Content Delivery Engine | CSCts36206 |
|----------------------------------------------------------------+---------------------------|
| Cisco Content Delivery System Internet Streamer | CSCts35643 |
|----------------------------------------------------------------+---------------------------|
| Cisco Detector XT DDoS Mitigation Appliance | CSCts33211 |
|----------------------------------------------------------------+---------------------------|
| Cisco Guard XT DDoS Mitigation Appliance | CSCts33210 |
|----------------------------------------------------------------+---------------------------|
| Cisco Healthpresence | CSCts36069 |
|----------------------------------------------------------------+---------------------------|
| Cisco Identity Services Engine | CSCts33092 |
|----------------------------------------------------------------+---------------------------|
| Cisco IP Interoperability and Collaboration System | CSCts33206 |
|----------------------------------------------------------------+---------------------------|
| Cisco IP Phones | CSCts33264 |
|----------------------------------------------------------------+---------------------------|
| Cisco IPS Software | CSCts33199 |
|----------------------------------------------------------------+---------------------------|
| Cisco MDS 9000 SAN Device Management | CSCts33220 |
|----------------------------------------------------------------+---------------------------|
| Cisco MDS 9000 Series Multilayer Switches | CSCts33294 |
|----------------------------------------------------------------+---------------------------|
| Cisco NAC Manager | CSCts32965 |
|----------------------------------------------------------------+---------------------------|
| Cisco NAC Profiler | CSCts33267 |
|----------------------------------------------------------------+---------------------------|
| Cisco NAC Server | CSCts32976 |
|----------------------------------------------------------------+---------------------------|
| Cisco Network Analysis Module | CSCts33320 |
|----------------------------------------------------------------+---------------------------|
| Cisco Networking Services (CNS) Software | CSCts33279 |
|----------------------------------------------------------------+---------------------------|
| Cisco Nexus 5000 Series Switches | CSCts35605 |
|----------------------------------------------------------------+---------------------------|
| Cisco Nexus 7000 Series Switches | CSCts35665 |
|----------------------------------------------------------------+---------------------------|
| Cisco OnPlus Network Management and Automation | CSCts33287 |
|----------------------------------------------------------------+---------------------------|
| Cisco Prime Central | CSCts33004 |
|----------------------------------------------------------------+---------------------------|
| Cisco Prime Network Control System | CSCts33114 |
|----------------------------------------------------------------+---------------------------|
| Cisco Prime Performance Manager | CSCts36072 |
|----------------------------------------------------------------+---------------------------|
| Cisco Quad Collaboration | CSCts36158 |
|----------------------------------------------------------------+---------------------------|
| Cisco Secure Access Control System | CSCts33196 |
|----------------------------------------------------------------+---------------------------|
| Cisco Security Manager | CSCts33056 |
|----------------------------------------------------------------+---------------------------|
| Cisco Service Exchange Framework | CSCts33218 |
|----------------------------------------------------------------+---------------------------|
| Cisco Signaling Gateway Manager | CSCts33248 |
|----------------------------------------------------------------+---------------------------|
| Cisco Small Business Network Storage Systems | CSCts33288 |
|----------------------------------------------------------------+---------------------------|
| Cisco SSC System Manager | CSCts36187 |
|----------------------------------------------------------------+---------------------------|
| Cisco TelePresence Manager | CSCts33310 |
|----------------------------------------------------------------+---------------------------|
| Cisco TelePresence Multipoint Switch | CSCts33224 |
|----------------------------------------------------------------+---------------------------|
| Cisco TelePresence Server | CSCts33230 |
|----------------------------------------------------------------+---------------------------|
| Cisco CTS 500-32 Telepresence System Series | CSCts35874 |
|----------------------------------------------------------------+---------------------------|
| All Cisco CTS TelePresence Systems except Cisco CTS 500-32 | CSCts33276 |
| TelePresence System Series | |
|----------------------------------------------------------------+---------------------------|
| Cisco Telepresence System Integrator C Series | CSCts35860 |
|----------------------------------------------------------------+---------------------------|
| Cisco UCS B-Series Blade Servers | CSCts33291 |
|----------------------------------------------------------------+---------------------------|
| Cisco Unified Communications Manager | CSCts32992 |
|----------------------------------------------------------------+---------------------------|
| Cisco Unified Communications System Voice and Unified | CSCts33271 |
| Communications (VOSS) | |
|----------------------------------------------------------------+---------------------------|
| Cisco Unified MeetingPlace | CSCts33169 |
|----------------------------------------------------------------+---------------------------|
| Cisco Unified Operations Manager | CSCts33273 |
|----------------------------------------------------------------+---------------------------|
| Cisco Unified Presence Server | CSCts33257 |
|----------------------------------------------------------------+---------------------------|
| Cisco Unified Service Monitor | CSCts35893 |
|----------------------------------------------------------------+---------------------------|
| Cisco Unified Service Statistics Manager | CSCts36074 |
|----------------------------------------------------------------+---------------------------|
| Cisco Unity | CSCts33302 |
|----------------------------------------------------------------+---------------------------|
| Cisco Unity Connection | CSCts33260 |
|----------------------------------------------------------------+---------------------------|
| Cisco Video Surveillance Manager | CSCts33173 |
|----------------------------------------------------------------+---------------------------|
| Cisco Video Surveillance Operations Manager | CSCts33178 |
|----------------------------------------------------------------+---------------------------|
| Cisco Virtual Network Management | CSCts36207 |
|----------------------------------------------------------------+---------------------------|
| Cisco Voice Manager (CVM) | CSCts36152 |
|----------------------------------------------------------------+---------------------------|
| Cisco Wide Area Application Services (WAAS) Software | CSCts33254 |
|----------------------------------------------------------------+---------------------------|
| Cisco Wireless Control System (WCS) | CSCts33325 |
|----------------------------------------------------------------+---------------------------|
| Cisco Wireless Control System Navigator | CSCts33052 |
|----------------------------------------------------------------+---------------------------|
| Cisco Wireless LAN Controllers (WLC) | CSCts33327 |
|----------------------------------------------------------------+---------------------------|
| CiscoWorks Common Services | CSCts33049 |
|----------------------------------------------------------------+---------------------------|
| CiscoWorks LAN Management Solution (LMS) | CSCts35837 |
|----------------------------------------------------------------+---------------------------|
| Cisco Digital Media Suite Products | CSCts33189 |
|----------------------------------------------------------------+---------------------------|
| Management Center for Cisco Security Agents | CSCts33208 |
|----------------------------------------------------------------+---------------------------|
| Service Exchange Framework | CSCts36185 |
|----------------------------------------------------------------+---------------------------|
| Cisco Shared Network Management and Automation | CSCts33476 |
+--------------------------------------------------------------------------------------------+
This vulnerability has been assigned the Common Vulnerabilities and
Exposures (CVE) identifier CVE-2011-3192.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
* Apache HTTPd Range Header Denial of Service Vulnerability
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 7.8
Exploitability - High
Remediation Level - Unavailable
Report Confidence - Confirmed
Impact
======
Successful exploitation of this vulnerability could cause significant
memory and CPU utilization on affected products. Repeated
exploitation could result in a sustained DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Cisco NX-OS Software
+-------------------
Cisco MDS 9000 NX-OS Software releases prior to 4.2.x are affected.
Cisco MDS 9000 NX-OS Software releases 4.2.x and later are not
affected.
Cisco NX-OS Software for Cisco Nexus 7000 Series Switches releases
prior to 4.2.x are affected. Cisco NX-OS Software for Cisco Nexus
7000 Series Switches releases 4.2.x and later are not affected.
Cisco Video Surveillance Manager (VSM)
+-------------------------------------
No fixed software is available.
Cisco Video Surveillance Operations Manager (VSOM)
+-------------------------------------------------
No fixed software is available.
This section will be updated when more information is available.
Workarounds
===========
Mitigations that can be deployed on Cisco devices within the network
are available in the Cisco Applied Intelligence companion document
for this Advisory:
http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=24024
Obtaining Fixed Software
========================
Cisco has released free software updates that address this
vulnerability. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
================================
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
=================================================
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
===================================
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
This vulnerability was initially reported to the Full Disclosure
mailing list at the following link:
http://seclists.org/fulldisclosure/2011/Aug/175
Apache has confirmed that it is aware of exploitation of this
vulnerability. Cisco is not aware of malicious exploitation of this
vulnerability related specifically to Cisco products.
Proof-of-concept code is available for this vulnerability.
Status of this Notice: INTERIM
==============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW
INFORMATION BECOMES AVAILABLE.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20110830-apache.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2011-August-30 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iFcDBQFOXE95QXnnBKKRMNARCNOOAPwNqw0GmcvgFiKgHiHKH/T2rH/tiaXmqEU5
zwHUOqyYegD8CZvVuM9OPIOb3f3AeMz5HxYDbPMxkg+SEURf05JtyBw=
=lasc
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing
Find out more, take a free test drive, and share your opinion with us:
http://secunia.com/blog/242
----------------------------------------------------------------------
TITLE:
Hitachi Web Server ByteRange Filter Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA45865
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45865/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45865
RELEASE DATE:
2011-09-05
DISCUSS ADVISORY:
http://secunia.com/advisories/45865/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45865/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45865
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Hitachi has acknowledged a vulnerability in Hitachi Web Server, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
ORIGINAL ADVISORY:
Hitachi (Japanese):
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-019/index.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/httpd-2.2.21-i486-1_slack13.37.txz: Upgraded.
Respond with HTTP_NOT_IMPLEMENTED when the method is not
recognized. [Jean-Frederic Clere] SECURITY: CVE-2011-3348
Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20.
PR 51748. [<lowprio20 gmail.com>]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.21-i486-1_slack12.0.tgz
Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.21-i486-1_slack12.1.tgz
Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.21-i486-1_slack12.2.tgz
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.21-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.21-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.21-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.21-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.21-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.21-x86_64-1_slack13.37.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.21-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.21-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 12.0 package:
e6ed3d69eeb235a35799ad4fb43b02bb httpd-2.2.21-i486-1_slack12.0.tgz
Slackware 12.1 package:
531a640d39b1ec2f4216a8fa4cea9c52 httpd-2.2.21-i486-1_slack12.1.tgz
Slackware 12.2 package:
f93ceab045175be85509f0b9f7be0993 httpd-2.2.21-i486-1_slack12.2.tgz
Slackware 13.0 package:
569145d8fb1f800f04f4d6333f16f704 httpd-2.2.21-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
03f6c419d49e3c4a351956ad27d72fd6 httpd-2.2.21-x86_64-1_slack13.0.txz
Slackware 13.1 package:
1a218016a62fbaf8a110e6afcc6789b2 httpd-2.2.21-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
82eed1a8af9ab4545a18158f4a4641c1 httpd-2.2.21-x86_64-1_slack13.1.txz
Slackware 13.37 package:
d7c15df0fcc28648220ad329b0685f65 httpd-2.2.21-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
a192a12b1b63489733a7b8fc62435d3d httpd-2.2.21-x86_64-1_slack13.37.txz
Slackware -current package:
a16f461ad9843823811c40de6f38b63e n/httpd-2.2.21-i486-1.txz
Slackware x86_64 -current package:
0b4c491e383ea496020db90aa67b970c n/httpd-2.2.21-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg httpd-2.2.21-i486-1_slack13.37.txz
Then, restart the httpd daemon.
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address.
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
794722078d25e916e10d41dab7099529 2009.0/i586/apache-base-2.2.9-12.12mdv2009.0.i586.rpm
95e2263fdc53b7e5ca1087bd207b67f0 2009.0/i586/apache-devel-2.2.9-12.12mdv2009.0.i586.rpm
fd2387b91e3d050df4dcb8f71c66b00d 2009.0/i586/apache-htcacheclean-2.2.9-12.12mdv2009.0.i586.rpm
a79155011bcfd0b9d35ad775826cbcfb 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.12mdv2009.0.i586.rpm
1efee802fe6a3ca7e59065ba75fd4ffd 2009.0/i586/apache-mod_cache-2.2.9-12.12mdv2009.0.i586.rpm
c4f4067f4f32f7b1bd02c510c85e778d 2009.0/i586/apache-mod_dav-2.2.9-12.12mdv2009.0.i586.rpm
0e2cc898950204b5ece75c73d37099f4 2009.0/i586/apache-mod_dbd-2.2.9-12.12mdv2009.0.i586.rpm
6d847a5c982da5f0f6eba3f8e3ea9f31 2009.0/i586/apache-mod_deflate-2.2.9-12.12mdv2009.0.i586.rpm
c07fec10959c58aafaef912c1bc4ba9b 2009.0/i586/apache-mod_disk_cache-2.2.9-12.12mdv2009.0.i586.rpm
4b0bc90c0c55d6a6e35d7b95089897e2 2009.0/i586/apache-mod_file_cache-2.2.9-12.12mdv2009.0.i586.rpm
b2e3e87000d17bd19ef1e90c216e5575 2009.0/i586/apache-mod_ldap-2.2.9-12.12mdv2009.0.i586.rpm
db73005fe9ac79e270363e366cbba80e 2009.0/i586/apache-mod_mem_cache-2.2.9-12.12mdv2009.0.i586.rpm
3a2601e4b6b38a018270faf3f9eeae05 2009.0/i586/apache-mod_proxy-2.2.9-12.12mdv2009.0.i586.rpm
7f4b71f64e79751b70b805b27de0befb 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.12mdv2009.0.i586.rpm
5a2ee6a9495dca9fa35e9dc1cf5eadee 2009.0/i586/apache-mod_ssl-2.2.9-12.12mdv2009.0.i586.rpm
b8dd7ed23f1d52826b0a7aa26db65d25 2009.0/i586/apache-modules-2.2.9-12.12mdv2009.0.i586.rpm
df32690f6a0c881b9b88f5dbe839bfca 2009.0/i586/apache-mod_userdir-2.2.9-12.12mdv2009.0.i586.rpm
75b95ec22e34447b298ac4cda1f62a4d 2009.0/i586/apache-mpm-event-2.2.9-12.12mdv2009.0.i586.rpm
8986041e7735220e865e903713c6585a 2009.0/i586/apache-mpm-itk-2.2.9-12.12mdv2009.0.i586.rpm
7db0f13f8777a84e6eb2a4d54c1ed825 2009.0/i586/apache-mpm-peruser-2.2.9-12.12mdv2009.0.i586.rpm
5709d251b49a8fe51847c68c89b03ef4 2009.0/i586/apache-mpm-prefork-2.2.9-12.12mdv2009.0.i586.rpm
9436f8468da7538fd050408c672522fc 2009.0/i586/apache-mpm-worker-2.2.9-12.12mdv2009.0.i586.rpm
9a37ff8ccfe612446431e053df3c55f7 2009.0/i586/apache-source-2.2.9-12.12mdv2009.0.i586.rpm
d1f20a10f4a743d492333ee9296c0c45 2009.0/SRPMS/apache-2.2.9-12.12mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
f2479060934de461fc5243f44c1c9877 2009.0/x86_64/apache-base-2.2.9-12.12mdv2009.0.x86_64.rpm
744dd6b28a74fe7707a7f485dd714f70 2009.0/x86_64/apache-devel-2.2.9-12.12mdv2009.0.x86_64.rpm
24b61074fcdc90664fdc22fa97731431 2009.0/x86_64/apache-htcacheclean-2.2.9-12.12mdv2009.0.x86_64.rpm
ffe9175656c4b9f9a6d1c0905997612f 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.12mdv2009.0.x86_64.rpm
e10c4164abab4e7ecdfc354dc26b25c7 2009.0/x86_64/apache-mod_cache-2.2.9-12.12mdv2009.0.x86_64.rpm
0adf7c2b0207c7af3850da6ef054ade4 2009.0/x86_64/apache-mod_dav-2.2.9-12.12mdv2009.0.x86_64.rpm
a052d802d4170269e4e84a7f09db2486 2009.0/x86_64/apache-mod_dbd-2.2.9-12.12mdv2009.0.x86_64.rpm
dec7e0b69c3d6bb2b691b6d5828f9b4d 2009.0/x86_64/apache-mod_deflate-2.2.9-12.12mdv2009.0.x86_64.rpm
e9d6a08421ce454bad59cd63f7298cde 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.12mdv2009.0.x86_64.rpm
9add3c7b179e884d55e24f5fab1507e6 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.12mdv2009.0.x86_64.rpm
c097e8abb528f4e04279012e2e77ebed 2009.0/x86_64/apache-mod_ldap-2.2.9-12.12mdv2009.0.x86_64.rpm
02396d0d003be14aa6361d8bf9a2d5c0 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.12mdv2009.0.x86_64.rpm
769f0f0836ccf07367d0efac06467a33 2009.0/x86_64/apache-mod_proxy-2.2.9-12.12mdv2009.0.x86_64.rpm
0e4c4a945729b9c8d2535796f4cd7e9e 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.12mdv2009.0.x86_64.rpm
7180962ec0dae497928579f2ec90d6b9 2009.0/x86_64/apache-mod_ssl-2.2.9-12.12mdv2009.0.x86_64.rpm
96a29510a80201af1dbaee936e28a6a7 2009.0/x86_64/apache-modules-2.2.9-12.12mdv2009.0.x86_64.rpm
0b895df84b0d65cfe26d4445e0f7a1a4 2009.0/x86_64/apache-mod_userdir-2.2.9-12.12mdv2009.0.x86_64.rpm
879ad41af024969d952c3ba00ab8c7ff 2009.0/x86_64/apache-mpm-event-2.2.9-12.12mdv2009.0.x86_64.rpm
34c244f26df5c2de95e5ab3a698a7ebd 2009.0/x86_64/apache-mpm-itk-2.2.9-12.12mdv2009.0.x86_64.rpm
eb9122d0d0ccd25b1d3e6fe604d683c4 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.12mdv2009.0.x86_64.rpm
2f9890e1c47b78db2f8331318d6f3fbe 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.12mdv2009.0.x86_64.rpm
c52990034c85d64875d9d5e42c8d86a9 2009.0/x86_64/apache-mpm-worker-2.2.9-12.12mdv2009.0.x86_64.rpm
47796ce3087582082c434d3860357a72 2009.0/x86_64/apache-source-2.2.9-12.12mdv2009.0.x86_64.rpm
d1f20a10f4a743d492333ee9296c0c45 2009.0/SRPMS/apache-2.2.9-12.12mdv2009.0.src.rpm
Mandriva Linux 2010.1:
81a67350e6c227b77ca9262b87754a42 2010.1/i586/apache-base-2.2.15-3.3mdv2010.2.i586.rpm
22ed9c09140b2e0da116b3ae600c99b6 2010.1/i586/apache-devel-2.2.15-3.3mdv2010.2.i586.rpm
835a1cb70f3077b17c2751030e947a1a 2010.1/i586/apache-htcacheclean-2.2.15-3.3mdv2010.2.i586.rpm
f83ae1aeec0aef106324e2eecafd84cd 2010.1/i586/apache-mod_authn_dbd-2.2.15-3.3mdv2010.2.i586.rpm
498d15231c15b7f763f2b78045264902 2010.1/i586/apache-mod_cache-2.2.15-3.3mdv2010.2.i586.rpm
ec112c861fff6b5a031f4181d6b48809 2010.1/i586/apache-mod_dav-2.2.15-3.3mdv2010.2.i586.rpm
b45c566d698b92b733b67bf6568f046a 2010.1/i586/apache-mod_dbd-2.2.15-3.3mdv2010.2.i586.rpm
f70ae53162e2675fda33eb1f227eecb3 2010.1/i586/apache-mod_deflate-2.2.15-3.3mdv2010.2.i586.rpm
aa5188a8f55699823245b443410d959b 2010.1/i586/apache-mod_disk_cache-2.2.15-3.3mdv2010.2.i586.rpm
527d0908428b913bd6c0554058df2c72 2010.1/i586/apache-mod_file_cache-2.2.15-3.3mdv2010.2.i586.rpm
af5377b482327b152bb472f86287b6b4 2010.1/i586/apache-mod_ldap-2.2.15-3.3mdv2010.2.i586.rpm
4a1f0e7481668b8df9a4d2d277642c9b 2010.1/i586/apache-mod_mem_cache-2.2.15-3.3mdv2010.2.i586.rpm
13d629b5f77ff05c8da71e0d82c9b096 2010.1/i586/apache-mod_proxy-2.2.15-3.3mdv2010.2.i586.rpm
4593b415b086a5a9068e1bbb839762b2 2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.3mdv2010.2.i586.rpm
9ad8a9aef61f1dbcaafe6556faa850f6 2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.3mdv2010.2.i586.rpm
40de5c085fdfb042200556843de97956 2010.1/i586/apache-mod_reqtimeout-2.2.15-3.3mdv2010.2.i586.rpm
b963aca159b1b72df406247fa459b47d 2010.1/i586/apache-mod_ssl-2.2.15-3.3mdv2010.2.i586.rpm
b050d1b4cd9f5f6ce472239871bfce2c 2010.1/i586/apache-modules-2.2.15-3.3mdv2010.2.i586.rpm
c9c6b5054581c07c3b87b132f5915fe0 2010.1/i586/apache-mod_userdir-2.2.15-3.3mdv2010.2.i586.rpm
297bfb9c523877a9539091ce3f432715 2010.1/i586/apache-mpm-event-2.2.15-3.3mdv2010.2.i586.rpm
9b07ff9544e2faff59f778ccc9ef29a8 2010.1/i586/apache-mpm-itk-2.2.15-3.3mdv2010.2.i586.rpm
7420dfebbce0b235a1e1311ca80180cf 2010.1/i586/apache-mpm-peruser-2.2.15-3.3mdv2010.2.i586.rpm
6995e9868b1fb6d21634bafa0856ac64 2010.1/i586/apache-mpm-prefork-2.2.15-3.3mdv2010.2.i586.rpm
912d834661d60ea0be3a4ea16d0cb73d 2010.1/i586/apache-mpm-worker-2.2.15-3.3mdv2010.2.i586.rpm
56a7db4e67242869c601cc826fa93cff 2010.1/i586/apache-source-2.2.15-3.3mdv2010.2.i586.rpm
b1f2f7b99fe4fed57b5f1c9b5d8f1f4d 2010.1/SRPMS/apache-2.2.15-3.3mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
0c2aa94e105e9515efac127fa20442e9 2010.1/x86_64/apache-base-2.2.15-3.3mdv2010.2.x86_64.rpm
33c94640b13df6c28182c16dea368e38 2010.1/x86_64/apache-devel-2.2.15-3.3mdv2010.2.x86_64.rpm
9a96344d4c53af1e8f7bc672e5b03258 2010.1/x86_64/apache-htcacheclean-2.2.15-3.3mdv2010.2.x86_64.rpm
5cfdc0d5ffcbb974ec4b3c37d9bd9ae3 2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.3mdv2010.2.x86_64.rpm
b2f0790cdd2e8f9a626588730e9fed0e 2010.1/x86_64/apache-mod_cache-2.2.15-3.3mdv2010.2.x86_64.rpm
0e213220481b3bf26fef61edacae91e9 2010.1/x86_64/apache-mod_dav-2.2.15-3.3mdv2010.2.x86_64.rpm
dc11bdc25528146f888203d7f5a002ee 2010.1/x86_64/apache-mod_dbd-2.2.15-3.3mdv2010.2.x86_64.rpm
cddd73d266e4f341dfdb25841964aeba 2010.1/x86_64/apache-mod_deflate-2.2.15-3.3mdv2010.2.x86_64.rpm
b6ea61f1ae2162b680f7e585413a78a2 2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.3mdv2010.2.x86_64.rpm
f8ffce7c0de413be9363ea5f19fe40f0 2010.1/x86_64/apache-mod_file_cache-2.2.15-3.3mdv2010.2.x86_64.rpm
1c48da2d7aaab57b1a64994fd36d0173 2010.1/x86_64/apache-mod_ldap-2.2.15-3.3mdv2010.2.x86_64.rpm
3ebe1e7ffe99f9776d993d71347b6e0e 2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.3mdv2010.2.x86_64.rpm
6bc78c9f7d6fccc39d9fd7f3ac38268d 2010.1/x86_64/apache-mod_proxy-2.2.15-3.3mdv2010.2.x86_64.rpm
e91158618a4360a0e31e91aa4c426380 2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.3mdv2010.2.x86_64.rpm
7d8b66b5f07f414808994f92950fbe13 2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.3mdv2010.2.x86_64.rpm
e32cfd54df5d8959ce261b8af31be16b 2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.3mdv2010.2.x86_64.rpm
3c51abbefbdf59d35cfea47a3d08274a 2010.1/x86_64/apache-mod_ssl-2.2.15-3.3mdv2010.2.x86_64.rpm
78a819577503f238f7eb50cb2128a9f8 2010.1/x86_64/apache-modules-2.2.15-3.3mdv2010.2.x86_64.rpm
b9e4ffc332fb36a3a76c3e4227af4fea 2010.1/x86_64/apache-mod_userdir-2.2.15-3.3mdv2010.2.x86_64.rpm
d2ad2b6cc3eee3dc9d326ce62f403a90 2010.1/x86_64/apache-mpm-event-2.2.15-3.3mdv2010.2.x86_64.rpm
3b1b3b6d910e4c93a7abaf7d83bcc437 2010.1/x86_64/apache-mpm-itk-2.2.15-3.3mdv2010.2.x86_64.rpm
94195bd7bbd28489a1bc40bd78c33933 2010.1/x86_64/apache-mpm-peruser-2.2.15-3.3mdv2010.2.x86_64.rpm
0d6159786b6386e315e0f0b3af1be3ca 2010.1/x86_64/apache-mpm-prefork-2.2.15-3.3mdv2010.2.x86_64.rpm
70a9ed912a5d693d894031ac47c32f09 2010.1/x86_64/apache-mpm-worker-2.2.15-3.3mdv2010.2.x86_64.rpm
0db5f7644597f37e44b99c5da59d84d9 2010.1/x86_64/apache-source-2.2.15-3.3mdv2010.2.x86_64.rpm
b1f2f7b99fe4fed57b5f1c9b5d8f1f4d 2010.1/SRPMS/apache-2.2.15-3.3mdv2010.2.src.rpm
Corporate 4.0:
6cb0c4739d8240c5cf749c1f86071b79 corporate/4.0/i586/apache-base-2.2.3-1.13.20060mlcs4.i586.rpm
1f5bff1627d07a0e9ab7541417cf3890 corporate/4.0/i586/apache-devel-2.2.3-1.13.20060mlcs4.i586.rpm
63fc24071e4c58bcacf8bd6b15b59f12 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.13.20060mlcs4.i586.rpm
39e139423c51fc720ac59874e13e58d5 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.13.20060mlcs4.i586.rpm
95ad8d5dffb33c87879fccd7ec910ffb corporate/4.0/i586/apache-mod_cache-2.2.3-1.13.20060mlcs4.i586.rpm
c0e3f64d4a14836ed9713418a2a37a3b corporate/4.0/i586/apache-mod_dav-2.2.3-1.13.20060mlcs4.i586.rpm
73d6b23714a17b3fd5a5db143c9b2e2f corporate/4.0/i586/apache-mod_dbd-2.2.3-1.13.20060mlcs4.i586.rpm
b6ab335ed0766b9de3f2664dd749016d corporate/4.0/i586/apache-mod_deflate-2.2.3-1.13.20060mlcs4.i586.rpm
b51574552a760bdc34edb396fdcf1713 corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.13.20060mlcs4.i586.rpm
ab5c9ed4a99664edd26b98d4d10ce207 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.13.20060mlcs4.i586.rpm
d42183bb46acf94d6210132a8960d796 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.13.20060mlcs4.i586.rpm
48e903f8cb741290da23053686e44874 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.13.20060mlcs4.i586.rpm
88d46c9bc3980a49dd3c8ee22b2e756c corporate/4.0/i586/apache-mod_proxy-2.2.3-1.13.20060mlcs4.i586.rpm
0c47f19fa12a16a547b4356fd3d65ef0 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.13.20060mlcs4.i586.rpm
94f14b2cccff878e5fbfada10a411234 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.13.20060mlcs4.i586.rpm
6c099d9fa38df92030808e1cfbea70f6 corporate/4.0/i586/apache-modules-2.2.3-1.13.20060mlcs4.i586.rpm
74745343711a6d62274fef26680cb7cb corporate/4.0/i586/apache-mod_userdir-2.2.3-1.13.20060mlcs4.i586.rpm
42407b409fcc55b28679496a515d2d3d corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.13.20060mlcs4.i586.rpm
949273655647845491bf7433ed6947f5 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.13.20060mlcs4.i586.rpm
1065b5ff5c0b493b11499fed06902455 corporate/4.0/i586/apache-source-2.2.3-1.13.20060mlcs4.i586.rpm
05cac55ce2e5fd0fa84e8cf7999b769c corporate/4.0/SRPMS/apache-2.2.3-1.13.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
ab51e2d012c3d2260ae7494421ee76b7 corporate/4.0/x86_64/apache-base-2.2.3-1.13.20060mlcs4.x86_64.rpm
53e32a766a5687182810ccf3256ec45c corporate/4.0/x86_64/apache-devel-2.2.3-1.13.20060mlcs4.x86_64.rpm
e5b009bd8f9201a0333374a0d76e9ed6 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.13.20060mlcs4.x86_64.rpm
9a228b8b08ffdb7601a0fcc9c13eb0a6 corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.13.20060mlcs4.x86_64.rpm
216040d632883ac2f81ebcba986fa28c corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.13.20060mlcs4.x86_64.rpm
ea200972e74b3de8b0c1c5d601e1b55f corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.13.20060mlcs4.x86_64.rpm
d7a9816d96d0b52e088e0161d0b686b3 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.13.20060mlcs4.x86_64.rpm
997b77ebcccebf5cec8601d2a2205355 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.13.20060mlcs4.x86_64.rpm
c4e8adc271e2806fb17a682bd480d450 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.13.20060mlcs4.x86_64.rpm
deb5a46c8843982b01620d12d182c2f2 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.13.20060mlcs4.x86_64.rpm
cf91402d2713a735ca5176f1fae748d4 corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.13.20060mlcs4.x86_64.rpm
61eab13877dc720a0ad2c1c55bd27612 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.13.20060mlcs4.x86_64.rpm
dd810b0e0cf871c2a29847014edaf12e corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.13.20060mlcs4.x86_64.rpm
2ae4e2b6a4f8e89894c10062e26c52f8 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.13.20060mlcs4.x86_64.rpm
63afd5a4dbfdbe53fc4fe77897a56288 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.13.20060mlcs4.x86_64.rpm
dcc501e359941fd3a30ba45e6681cef5 corporate/4.0/x86_64/apache-modules-2.2.3-1.13.20060mlcs4.x86_64.rpm
4b7a6233d441e4f8b87dbe6557957b8c corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.13.20060mlcs4.x86_64.rpm
dd1478de94663c57c76384dea1c13383 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.13.20060mlcs4.x86_64.rpm
f14236bbe5ee8edcc69e35ff92baa699 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.13.20060mlcs4.x86_64.rpm
f6f9428ee237c21cb75aa1f1f9f29981 corporate/4.0/x86_64/apache-source-2.2.3-1.13.20060mlcs4.x86_64.rpm
05cac55ce2e5fd0fa84e8cf7999b769c corporate/4.0/SRPMS/apache-2.2.3-1.13.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
8f2c047d79dc68e5109417c63e6341bc mes5/i586/apache-base-2.2.9-12.12mdvmes5.2.i586.rpm
40f90571fc968b477594a9edc1937aee mes5/i586/apache-devel-2.2.9-12.12mdvmes5.2.i586.rpm
d48ca72adb7932a678b163779905c888 mes5/i586/apache-htcacheclean-2.2.9-12.12mdvmes5.2.i586.rpm
3c2949148e484d8ca2dcec6a77b68bf8 mes5/i586/apache-mod_authn_dbd-2.2.9-12.12mdvmes5.2.i586.rpm
cff46a05b8b28bb318ab00b63f29c421 mes5/i586/apache-mod_cache-2.2.9-12.12mdvmes5.2.i586.rpm
c01d753a6928dbb8b79309ad0ffc6bb7 mes5/i586/apache-mod_dav-2.2.9-12.12mdvmes5.2.i586.rpm
3d69d11a7f2ca0db8ef734f90b76cf47 mes5/i586/apache-mod_dbd-2.2.9-12.12mdvmes5.2.i586.rpm
f9d11522f31e4eba56eab96b975aa271 mes5/i586/apache-mod_deflate-2.2.9-12.12mdvmes5.2.i586.rpm
ce7e199d50c484dbaae4ac8a24fdfd8f mes5/i586/apache-mod_disk_cache-2.2.9-12.12mdvmes5.2.i586.rpm
e13784109c7c987f161e62db23875e99 mes5/i586/apache-mod_file_cache-2.2.9-12.12mdvmes5.2.i586.rpm
0679925298a2b084fb835c8342ff2db6 mes5/i586/apache-mod_ldap-2.2.9-12.12mdvmes5.2.i586.rpm
18d8638b92b40111dc4c3d9061c4f954 mes5/i586/apache-mod_mem_cache-2.2.9-12.12mdvmes5.2.i586.rpm
4f2fb07cf38766b852c35f8ec84c4615 mes5/i586/apache-mod_proxy-2.2.9-12.12mdvmes5.2.i586.rpm
28b41c1d6e0898417715d91a8ae9c786 mes5/i586/apache-mod_proxy_ajp-2.2.9-12.12mdvmes5.2.i586.rpm
e46a77e76f3a09d8ae3a1f13e8d73914 mes5/i586/apache-mod_ssl-2.2.9-12.12mdvmes5.2.i586.rpm
00732d13045c0503c471214f37dc7e7c mes5/i586/apache-modules-2.2.9-12.12mdvmes5.2.i586.rpm
4279cd7a1e58191ca58db6f23ce668af mes5/i586/apache-mod_userdir-2.2.9-12.12mdvmes5.2.i586.rpm
f75d539d341234ffa941fc2ff95e1af9 mes5/i586/apache-mpm-event-2.2.9-12.12mdvmes5.2.i586.rpm
7dc2aac397b2764e9ffd2f62948fd5ac mes5/i586/apache-mpm-itk-2.2.9-12.12mdvmes5.2.i586.rpm
bde67f65165d76bf16430e47d1fe0cb5 mes5/i586/apache-mpm-peruser-2.2.9-12.12mdvmes5.2.i586.rpm
f437fcd2fd93bbe1b931035b1d5e7366 mes5/i586/apache-mpm-prefork-2.2.9-12.12mdvmes5.2.i586.rpm
990deab998e13f0e1f9b0705898265f7 mes5/i586/apache-mpm-worker-2.2.9-12.12mdvmes5.2.i586.rpm
60e73f359da6fb7f22e4f3e4221e9c47 mes5/i586/apache-source-2.2.9-12.12mdvmes5.2.i586.rpm
f2081e47da0c06c0a01718c4fa6e615f mes5/SRPMS/apache-2.2.9-12.12mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
68c25a84b6281604cf34e9b8c28f1049 mes5/x86_64/apache-base-2.2.9-12.12mdvmes5.2.x86_64.rpm
d1fea716c89eab4cf4c794770a1b6b4b mes5/x86_64/apache-devel-2.2.9-12.12mdvmes5.2.x86_64.rpm
dea5767ddfd52f162ace3ae36cfae969 mes5/x86_64/apache-htcacheclean-2.2.9-12.12mdvmes5.2.x86_64.rpm
7834f28e7bed5dc4919d0ec2f53cd7c2 mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.12mdvmes5.2.x86_64.rpm
322e4da0618785d76b197703d0b4ffeb mes5/x86_64/apache-mod_cache-2.2.9-12.12mdvmes5.2.x86_64.rpm
47cdb78ab11983271844e601f2a818dd mes5/x86_64/apache-mod_dav-2.2.9-12.12mdvmes5.2.x86_64.rpm
60a44577f80f32aa1be156b74a15d55e mes5/x86_64/apache-mod_dbd-2.2.9-12.12mdvmes5.2.x86_64.rpm
cd5e323d115b924886a8939072265d96 mes5/x86_64/apache-mod_deflate-2.2.9-12.12mdvmes5.2.x86_64.rpm
34c3f3579c313da8c2f3fc6376c6480f mes5/x86_64/apache-mod_disk_cache-2.2.9-12.12mdvmes5.2.x86_64.rpm
41f634d505250b2ad795871311f83ef1 mes5/x86_64/apache-mod_file_cache-2.2.9-12.12mdvmes5.2.x86_64.rpm
e2d14257c9122287ea7a7e1ec80327b3 mes5/x86_64/apache-mod_ldap-2.2.9-12.12mdvmes5.2.x86_64.rpm
5d93d3561c9b8410e2603bc5f0edc50f mes5/x86_64/apache-mod_mem_cache-2.2.9-12.12mdvmes5.2.x86_64.rpm
9f5e94a9d87db50d479ddb17219d831d mes5/x86_64/apache-mod_proxy-2.2.9-12.12mdvmes5.2.x86_64.rpm
4923ba24f69c8dacbe56e9871e3b8cc4 mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.12mdvmes5.2.x86_64.rpm
22238b128d6dc133a5dae8066c2a18a7 mes5/x86_64/apache-mod_ssl-2.2.9-12.12mdvmes5.2.x86_64.rpm
694ab458009917d81721764e0aad57a9 mes5/x86_64/apache-modules-2.2.9-12.12mdvmes5.2.x86_64.rpm
de18f38d71f2fc95d6fe782510cb26bd mes5/x86_64/apache-mod_userdir-2.2.9-12.12mdvmes5.2.x86_64.rpm
30858da82b560e8d18b85c2601e71851 mes5/x86_64/apache-mpm-event-2.2.9-12.12mdvmes5.2.x86_64.rpm
a22541e594bfc4ea2de372941d938396 mes5/x86_64/apache-mpm-itk-2.2.9-12.12mdvmes5.2.x86_64.rpm
c33ea0b752f5a394dbe7e27fad15182f mes5/x86_64/apache-mpm-peruser-2.2.9-12.12mdvmes5.2.x86_64.rpm
24d6c3ade6d8053562c5e14ce6b25250 mes5/x86_64/apache-mpm-prefork-2.2.9-12.12mdvmes5.2.x86_64.rpm
3b54d14149d52a44d130a2c45f48e79d mes5/x86_64/apache-mpm-worker-2.2.9-12.12mdvmes5.2.x86_64.rpm
33fab873f19b2cd2ac6c9fc87ecf7852 mes5/x86_64/apache-source-2.2.9-12.12mdvmes5.2.x86_64.rpm
f2081e47da0c06c0a01718c4fa6e615f mes5/SRPMS/apache-2.2.9-12.12mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFOY4ZemqjQ0CJFipgRAqbCAJ9v2n0eNDDc2DYK3WqOifUDtsN+JACgkx4s
4pin0XPWifvtN+m/Z38bY+U=
=IhYU
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Release Date: 2011-09-08
Last Updated: 2011-09-08
------------------------------------------------------------------------------
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX Apache Web Server.
References: CVE-2011-3192, CVE-2011-0419
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.17 containing Apache v2.2.15.07 or earlier
HP-UX B.11.11 running HP-UX Apache Web Server Suite v2.33 containing Apache v2.0.64.01 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
This bulletin will be revised when additional information becomes available.
HP has provided the following software update to resolve these vulnerabilities.
The update is available for download from the following location
ftp://srt10606:P2xg=AD5@ftp.usa.hp.com
or
https://ftp.usa.hp.com/hprc/home with
username srt10606 and password P2xg=AD5
HP-UX Web Server Suite (WSS) v.3.18 containing Apache v2.2.15.08
HP-UX 11i Release / Apache Depot name
B.11.23 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot
B.11.23 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot
B.11.31 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot
B.11.31 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot
HP-UX Web Server Suite (WSS) v.2.33 containing Apache v2.0.64.01 and earlier
HP-UX 11i Release / Apache Depot name
B.11.11 / Use work around suggested below
B.11.23 (32 & 64-bit) / No longer supported. Upgrade to WSS v 3.18
B.11.31 (32 & 64-bit) / No longer supported. Upgrade to WSS v 3.18
Alternatives to Installing the Preliminary Patch
The Apache Software Foundation has documented work arounds.
Note: that no patch is available for Apache 2.0.64.01.
2) Limit the size of the request field to a few hundred bytes.
3) Use mod_headers to completely disallow the use of Range headers.
Please refer to the Apache advisory for details. http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348F82@minotaur.apache.org%3e
MANUAL ACTIONS: Yes - Update
Install HP-UX Web Server Suite v3.18 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check.
It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically.
AFFECTED VERSIONS
HP-UX Web Server Suite v3.18
HP-UX B.11.23
HP-UX B.11.31
==================
hpuxws22APCH32.APACHE
hpuxws22APCH32.APACHE2
hpuxws22APCH32.AUTH_LDAP
hpuxws22APCH32.AUTH_LDAP2
hpuxws22APCH32.MOD_JK
hpuxws22APCH32.MOD_JK2
hpuxws22APCH32.MOD_PERL
hpuxws22APCH32.MOD_PERL2
hpuxws22APCH32.PHP
hpuxws22APCH32.PHP2
hpuxws22APCH32.WEBPROXY
hpuxws22APCH32.WEBPROXY2
hpuxws22APACHE.APACHE
hpuxws22APACHE.APACHE2
hpuxws22APACHE.AUTH_LDAP
hpuxws22APACHE.AUTH_LDAP2
hpuxws22APACHE.MOD_JK
hpuxws22APACHE.MOD_JK2
hpuxws22APACHE.MOD_PERL
hpuxws22APACHE.MOD_PERL2
hpuxws22APACHE.PHP
hpuxws22APACHE.PHP2
hpuxws22APACHE.WEBPROXY
hpuxws22APACHE.WEBPROXY2
action: install revision B.2.2.15.08 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 8 September 2011 Initial release
Version:2 (rev.2) - 8 September 2011 Updated affectivity, recommendations, typos
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
| VAR-201109-0061 | CVE-2011-0258 | Apple of QuickTime Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Quicktime handles 'mp4v' codec information. When parsing the video description table it will read the size field preceding the 'mp4v' tag and use that size to create an allocation to hold the data. It will then copy the correct amount of data into that buffer, but then does some endian changes on a fixed portion of the buffer without checking its size. The resulting memory corruption could result in remote code execution under the context of the current user. Apple QuickTime is prone to a buffer-overflow vulnerability because of a failure to properly bounds check user-supplied data.
Successful exploits will allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts may cause denial-of-service conditions.
Versions prior to QuickTime 7.7 are vulnerable. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT4826
-- Disclosure Timeline:
2011-06-03 - Vulnerability reported to vendor
2011-08-31 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Damian Put
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
| VAR-201108-0099 | CVE-2011-2561 | Cisco Unified Communications Manager Service disruption in ( Service stop ) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990. The problem is Bug ID CSCtc61990 It is a problem.Denial of service via a crafted call by a third party ( Service stop ) There is a possibility of being put into a state. Cisco Unified Communications Manager is a call processing component in the Cisco IP Telephony solution. Single channel audio may occur when configuring MTP with g729ar8 codec. Under certain conditions, service interruptions may occur. The SIP process generates a stack trace when processing the session description protocol SDP portion of a SIP call.
An attacker can exploit these issues to cause denial-of-service conditions in the affected application.
These issues are documented by these Cisco bug IDs:
CSCtf97162
CSCtc61990
CSCth43256.
A workaround exists for the SIP and Packet Capture Service DoS
vulnerabilities.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml
Two of the vulnerabilities described in this advisory also affect the
Cisco Intercompany Media Engine.
A separate Cisco Security Advisory has been published to disclose the
vulnerabilities that affect the Cisco Intercompany Media Engine.
The first DoS vulnerability involves the Packet Capture Service which
is enabled by default. The Packet Capture Service fails to timeout or
close idle TCP connections. The Packet Capture Service should be disabled in
the Cisco Unified Communications Manager Administration Interface by
setting the service parameter to False. This vulnerability is documented in Cisco Bug ID
CSCtf97162 ( registered customers only) and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2011-2560.
The second DoS vulnerability involves certain configurations of Media
Termination Points (MTP). This
vulnerability is documented in Cisco Bug ID CSCtc61990 ( registered
customers only) and has been assigned CVE identifier CVE-2011-2561.
The third DoS vulnerability involves a coredump when processing
certain SIP INVITE messages. This vulnerability is documented in
Cisco Bug ID CSCth43256 ( registered customers only) and has been
assigned CVE identifier CVE-2011-2562.
The remaining two DoS vulnerabilities involve the Service
Advertisement Framework (SAF). Successful exploitation could cause the device to
reload. These vulnerabilities are documented in Cisco Bug IDs
CSCth26669 ( registered customers only) and CSCth19417 ( registered
customers only) and have been assigned CVE identifiers CVE-2011-2563
and CVE-2011-2564, respectively. Cisco Intercompany Media
Engine Release 8.x is also affected by these vulnerabilities. A
separate Cisco Security Advisory has been published to disclose the
vulnerabilities that affect the Cisco Intercompany Media Engine. That
advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-ime.shtml
Note: An established TCP connection with a three-way handshake is
required to trigger the SAF vulnerabilities.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCtf97162 - CCM Application Restarts During TCP Flood
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCtc61990 - Coredump may be experienced when processing
certain SIP packets
CVSS Base Score - 7.1
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 5.9
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth43256 - Coredump may be experienced when processing
certain SIP packets
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth26669 - CUCM may experience a reload when receiving certain
UCM client msgs
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth19417 - CUCM may experience a reload when receiving certain
UCM client msgs
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerabilities that are described in
this advisory could result in the interruption of voice services. In
certain instances, the affected Cisco Unified Communications Manager
processes will restart, but repeated attacks may result in a
sustained DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Cisco recommends upgrading to a release equal to or later than the
release in the Recommended Releases column of the table.
+---------------------------------------+
| Cisco Unified | Recommended |
| Communications Manager | Releases |
| Version | |
|-------------------------+-------------|
| 6.x | 6.1(5)SU3 |
|-------------------------+-------------|
| 7.x | 7.1(5b)SU4 |
|-------------------------+-------------|
| 8.0 | 8.0(3a)SU2 |
|-------------------------+-------------|
| 8.5 | 8.5(1)SU2, |
| | 8.6(1) |
+---------------------------------------+
Workarounds
===========
A workaround exists for the SIP DoS vulnerabilities. SIP processing is enabled by
default.
* Step 3: Change the SIP Interoperability Enabled parameter to
False, and click Save.
Note: For a SIP processing change to take effect, the Cisco
CallManager service must be restarted. For information on how to
restart the service, refer to the "Restarting the Cisco CallManager
Service" section of the document at the following location:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124
It is possible to mitigate these vulnerabilities by implementing
filtering on screening devices and only permitting access to TCP
ports 5060 and 5061 and UDP ports 5060 and 5061 from networks that
require SIP access to Cisco Unified Communications Manager servers.
A workaround exists for the DoS vulnerabilities involving the Packet
Capture Service in Cisco Communications Manager version 4.x.
Customers who do not require the Packet Capture Service for
troubleshooting can use the following instructions to disable this
process:
* Step 1: Log into the Cisco Unified Communications Manager
Administration web interface.
* Step 3: Change the Packet Capture Enabled parameter to False, and
click Save.
Note: For the Packet Capture Service change to take effect, the Cisco
CallManager service must be restarted. For information on how to
restart the service, refer to the "Restarting the Cisco CallManager
Service" section of the document at the following location:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124
Additional mitigations that can be deployed on Cisco devices in the
network are available in the companion document "Cisco Applied
Mitigation Bulletin: Identifying and Mitigating Exploitation of the
Multiple Vulnerabilities in Cisco Unified Communications Manager"
which is available at the following location:
http://www.cisco.com/warp/public/707/cisco-amb-20110824-cucm-ime.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during internal testing and during
the troubleshooting of customer service requests.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2011-August-24 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iFcDBQFOVFpYQXnnBKKRMNARCOCeAPwP66zH85V+OOW8YRl94JMDc+UpiRzqoqUl
6C0WGFrBJgD/eR7bXF71he/ByVHVpfpY3qaX8M45+MqcqzIDrM6hbCY=
=kz9x
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing
Find out more, take a free test drive, and share your opinion with us:
http://secunia.com/blog/242
----------------------------------------------------------------------
TITLE:
Cisco Unified Communications Manager Multiple Denial of Service
Vulnerabilities
SECUNIA ADVISORY ID:
SA45738
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45738/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45738
RELEASE DATE:
2011-08-25
DISCUSS ADVISORY:
http://secunia.com/advisories/45738/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45738/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45738
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco Unified
Communications Manager, which can be exploited by malicious people to
cause a DoS (Denial of Service).
Note: This vulnerability only affects version 7.0.x and later.
The vulnerabilities are reported in versions 6.x, 7.x, and 8.x.
SOLUTION:
Update to version 6.1(5)SU3, 7.1(5b)SU4, 8.0(3a)SU2, 8.5(1)SU2, or
8.6(1).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201108-0092 | CVE-2011-2562 | Cisco Unified Communications Manager Service disruption in ( Service stop ) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256. Cisco Unified Communications Manager There is a service disruption ( Service stop ) There is a vulnerability that becomes a condition. The problem is Bug ID CSCth43256 It is a problem.By a third party SIP INVITE Service disruption via message ( Service stop ) There is a possibility of being put into a state.
An attacker can exploit these issues to cause denial-of-service conditions in the affected application.
These issues are documented by these Cisco bug IDs:
CSCtf97162
CSCtc61990
CSCth43256.
A workaround exists for the SIP and Packet Capture Service DoS
vulnerabilities.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml
Two of the vulnerabilities described in this advisory also affect the
Cisco Intercompany Media Engine.
A separate Cisco Security Advisory has been published to disclose the
vulnerabilities that affect the Cisco Intercompany Media Engine.
The first DoS vulnerability involves the Packet Capture Service which
is enabled by default. The Packet Capture Service fails to timeout or
close idle TCP connections. This vulnerability is documented in Cisco Bug ID
CSCtf97162 ( registered customers only) and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2011-2560.
The second DoS vulnerability involves certain configurations of Media
Termination Points (MTP). One-way audio may be observed when an MTP
is configured with the g729ar8 codec only. In certain situations, an
interruption in service may occur and a stack trace will be generated
by the Session Initiation Protocol (SIP) process when processing the
Session Description Protocol SDP portion of a SIP call. This
vulnerability is documented in Cisco Bug ID CSCtc61990 ( registered
customers only) and has been assigned CVE identifier CVE-2011-2561. This vulnerability is documented in
Cisco Bug ID CSCth43256 ( registered customers only) and has been
assigned CVE identifier CVE-2011-2562.
The remaining two DoS vulnerabilities involve the Service
Advertisement Framework (SAF). Successful exploitation could cause the device to
reload. These vulnerabilities are documented in Cisco Bug IDs
CSCth26669 ( registered customers only) and CSCth19417 ( registered
customers only) and have been assigned CVE identifiers CVE-2011-2563
and CVE-2011-2564, respectively. Cisco Intercompany Media
Engine Release 8.x is also affected by these vulnerabilities. A
separate Cisco Security Advisory has been published to disclose the
vulnerabilities that affect the Cisco Intercompany Media Engine. That
advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-ime.shtml
Note: An established TCP connection with a three-way handshake is
required to trigger the SAF vulnerabilities.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCtf97162 - CCM Application Restarts During TCP Flood
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCtc61990 - Coredump may be experienced when processing
certain SIP packets
CVSS Base Score - 7.1
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 5.9
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth43256 - Coredump may be experienced when processing
certain SIP packets
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth26669 - CUCM may experience a reload when receiving certain
UCM client msgs
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth19417 - CUCM may experience a reload when receiving certain
UCM client msgs
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerabilities that are described in
this advisory could result in the interruption of voice services.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Cisco recommends upgrading to a release equal to or later than the
release in the Recommended Releases column of the table. SIP processing is enabled by
default.
* Step 3: Change the SIP Interoperability Enabled parameter to
False, and click Save. For information on how to
restart the service, refer to the "Restarting the Cisco CallManager
Service" section of the document at the following location:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124
It is possible to mitigate these vulnerabilities by implementing
filtering on screening devices and only permitting access to TCP
ports 5060 and 5061 and UDP ports 5060 and 5061 from networks that
require SIP access to Cisco Unified Communications Manager servers.
Customers who do not require the Packet Capture Service for
troubleshooting can use the following instructions to disable this
process:
* Step 1: Log into the Cisco Unified Communications Manager
Administration web interface.
* Step 3: Change the Packet Capture Enabled parameter to False, and
click Save. For information on how to
restart the service, refer to the "Restarting the Cisco CallManager
Service" section of the document at the following location:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124
Additional mitigations that can be deployed on Cisco devices in the
network are available in the companion document "Cisco Applied
Mitigation Bulletin: Identifying and Mitigating Exploitation of the
Multiple Vulnerabilities in Cisco Unified Communications Manager"
which is available at the following location:
http://www.cisco.com/warp/public/707/cisco-amb-20110824-cucm-ime.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during internal testing and during
the troubleshooting of customer service requests.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2011-August-24 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iFcDBQFOVFpYQXnnBKKRMNARCOCeAPwP66zH85V+OOW8YRl94JMDc+UpiRzqoqUl
6C0WGFrBJgD/eR7bXF71he/ByVHVpfpY3qaX8M45+MqcqzIDrM6hbCY=
=kz9x
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing
Find out more, take a free test drive, and share your opinion with us:
http://secunia.com/blog/242
----------------------------------------------------------------------
TITLE:
Cisco Unified Communications Manager Multiple Denial of Service
Vulnerabilities
SECUNIA ADVISORY ID:
SA45738
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45738/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45738
RELEASE DATE:
2011-08-25
DISCUSS ADVISORY:
http://secunia.com/advisories/45738/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45738/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45738
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco Unified
Communications Manager, which can be exploited by malicious people to
cause a DoS (Denial of Service).
Note: This vulnerability only affects version 7.0.x and later.
The vulnerabilities are reported in versions 6.x, 7.x, and 8.x.
SOLUTION:
Update to version 6.1(5)SU3, 7.1(5b)SU4, 8.0(3a)SU2, 8.5(1)SU2, or
8.6(1).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201108-0098 | CVE-2011-2560 | Cisco Unified Communications Manager Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162. The problem is Bug ID CSCtf97162 It is a problem.Service operation disruption by establishing many connections by a third party ( Memory corruption and restart ) There is a possibility of being put into a state. Cisco Unified Communications Manager is a call processing component in the Cisco IP Telephony solution.
An attacker can exploit these issues to cause denial-of-service conditions in the affected application.
These issues are documented by these Cisco bug IDs:
CSCtf97162
CSCtc61990
CSCth43256.
A workaround exists for the SIP and Packet Capture Service DoS
vulnerabilities.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml
Two of the vulnerabilities described in this advisory also affect the
Cisco Intercompany Media Engine.
A separate Cisco Security Advisory has been published to disclose the
vulnerabilities that affect the Cisco Intercompany Media Engine. This vulnerability is documented in Cisco Bug ID
CSCtf97162 ( registered customers only) and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2011-2560.
The second DoS vulnerability involves certain configurations of Media
Termination Points (MTP). One-way audio may be observed when an MTP
is configured with the g729ar8 codec only. In certain situations, an
interruption in service may occur and a stack trace will be generated
by the Session Initiation Protocol (SIP) process when processing the
Session Description Protocol SDP portion of a SIP call. This
vulnerability is documented in Cisco Bug ID CSCtc61990 ( registered
customers only) and has been assigned CVE identifier CVE-2011-2561.
The third DoS vulnerability involves a coredump when processing
certain SIP INVITE messages. This vulnerability is documented in
Cisco Bug ID CSCth43256 ( registered customers only) and has been
assigned CVE identifier CVE-2011-2562.
The remaining two DoS vulnerabilities involve the Service
Advertisement Framework (SAF). Successful exploitation could cause the device to
reload. These vulnerabilities are documented in Cisco Bug IDs
CSCth26669 ( registered customers only) and CSCth19417 ( registered
customers only) and have been assigned CVE identifiers CVE-2011-2563
and CVE-2011-2564, respectively. Cisco Intercompany Media
Engine Release 8.x is also affected by these vulnerabilities. A
separate Cisco Security Advisory has been published to disclose the
vulnerabilities that affect the Cisco Intercompany Media Engine. That
advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-ime.shtml
Note: An established TCP connection with a three-way handshake is
required to trigger the SAF vulnerabilities.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCtf97162 - CCM Application Restarts During TCP Flood
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCtc61990 - Coredump may be experienced when processing
certain SIP packets
CVSS Base Score - 7.1
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 5.9
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth43256 - Coredump may be experienced when processing
certain SIP packets
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth26669 - CUCM may experience a reload when receiving certain
UCM client msgs
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth19417 - CUCM may experience a reload when receiving certain
UCM client msgs
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerabilities that are described in
this advisory could result in the interruption of voice services.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Cisco recommends upgrading to a release equal to or later than the
release in the Recommended Releases column of the table.
+---------------------------------------+
| Cisco Unified | Recommended |
| Communications Manager | Releases |
| Version | |
|-------------------------+-------------|
| 6.x | 6.1(5)SU3 |
|-------------------------+-------------|
| 7.x | 7.1(5b)SU4 |
|-------------------------+-------------|
| 8.0 | 8.0(3a)SU2 |
|-------------------------+-------------|
| 8.5 | 8.5(1)SU2, |
| | 8.6(1) |
+---------------------------------------+
Workarounds
===========
A workaround exists for the SIP DoS vulnerabilities. SIP processing is enabled by
default.
* Step 3: Change the SIP Interoperability Enabled parameter to
False, and click Save.
Note: For a SIP processing change to take effect, the Cisco
CallManager service must be restarted.
* Step 3: Change the Packet Capture Enabled parameter to False, and
click Save. For information on how to
restart the service, refer to the "Restarting the Cisco CallManager
Service" section of the document at the following location:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124
Additional mitigations that can be deployed on Cisco devices in the
network are available in the companion document "Cisco Applied
Mitigation Bulletin: Identifying and Mitigating Exploitation of the
Multiple Vulnerabilities in Cisco Unified Communications Manager"
which is available at the following location:
http://www.cisco.com/warp/public/707/cisco-amb-20110824-cucm-ime.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during internal testing and during
the troubleshooting of customer service requests.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2011-August-24 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iFcDBQFOVFpYQXnnBKKRMNARCOCeAPwP66zH85V+OOW8YRl94JMDc+UpiRzqoqUl
6C0WGFrBJgD/eR7bXF71he/ByVHVpfpY3qaX8M45+MqcqzIDrM6hbCY=
=kz9x
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing
Find out more, take a free test drive, and share your opinion with us:
http://secunia.com/blog/242
----------------------------------------------------------------------
TITLE:
Cisco Unified Communications Manager Packet Capture Service Denial of
Service
SECUNIA ADVISORY ID:
SA45741
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45741/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45741
RELEASE DATE:
2011-08-25
DISCUSS ADVISORY:
http://secunia.com/advisories/45741/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45741/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45741
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco Unified Communications
Manager, which can be exploited by malicious people to cause a DoS
(Denial of Service).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201108-0093 | CVE-2011-2563 | Cisco Unified Communications Manager and Cisco Intercompany Media Engine Vulnerability in |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669. Cisco Unified Communications Manager is a call processing component in the Cisco IP Telephony solution. The Service Advertisement Framework (SAF) has a denial of service attack. An unauthenticated attacker can use these vulnerabilities to send specially crafted SAF packets to the affected device. The attacker exploits the vulnerability to overload the device.
An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users.
These issues are being tracked by Cisco Bug IDs CSCth26669 and CSCth19417.
Intercompany Media Engine versions 8.0.x are affected.
A workaround exists for the SIP and Packet Capture Service DoS
vulnerabilities.
Products Confirmed Not Vulnerable
+--------------------------------
All supported versions of Cisco Unified Communications Manager are
affected by one or more of the vulnerabilities described in this
advisory.
The first DoS vulnerability involves the Packet Capture Service which
is enabled by default. The Packet Capture Service fails to timeout or
close idle TCP connections. This vulnerability is documented in Cisco Bug ID
CSCtf97162 ( registered customers only) and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2011-2560.
The second DoS vulnerability involves certain configurations of Media
Termination Points (MTP). One-way audio may be observed when an MTP
is configured with the g729ar8 codec only. In certain situations, an
interruption in service may occur and a stack trace will be generated
by the Session Initiation Protocol (SIP) process when processing the
Session Description Protocol SDP portion of a SIP call. This
vulnerability is documented in Cisco Bug ID CSCtc61990 ( registered
customers only) and has been assigned CVE identifier CVE-2011-2561.
The third DoS vulnerability involves a coredump when processing
certain SIP INVITE messages. This vulnerability is documented in
Cisco Bug ID CSCth43256 ( registered customers only) and has been
assigned CVE identifier CVE-2011-2562. These vulnerabilities are documented in Cisco Bug IDs
CSCth26669 ( registered customers only) and CSCth19417 ( registered
customers only) and have been assigned CVE identifiers CVE-2011-2563
and CVE-2011-2564, respectively. That
advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-ime.shtml
Note: An established TCP connection with a three-way handshake is
required to trigger the SAF vulnerabilities.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCtf97162 - CCM Application Restarts During TCP Flood
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCtc61990 - Coredump may be experienced when processing
certain SIP packets
CVSS Base Score - 7.1
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 5.9
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth43256 - Coredump may be experienced when processing
certain SIP packets
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth26669 - CUCM may experience a reload when receiving certain
UCM client msgs
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth19417 - CUCM may experience a reload when receiving certain
UCM client msgs
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerabilities that are described in
this advisory could result in the interruption of voice services. In
certain instances, the affected Cisco Unified Communications Manager
processes will restart, but repeated attacks may result in a
sustained DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Cisco recommends upgrading to a release equal to or later than the
release in the Recommended Releases column of the table.
+---------------------------------------+
| Cisco Unified | Recommended |
| Communications Manager | Releases |
| Version | |
|-------------------------+-------------|
| 6.x | 6.1(5)SU3 |
|-------------------------+-------------|
| 7.x | 7.1(5b)SU4 |
|-------------------------+-------------|
| 8.0 | 8.0(3a)SU2 |
|-------------------------+-------------|
| 8.5 | 8.5(1)SU2, |
| | 8.6(1) |
+---------------------------------------+
Workarounds
===========
A workaround exists for the SIP DoS vulnerabilities. SIP processing is enabled by
default. Customers who do not require SIP processing can use the
following instructions to disable SIP processing:
* Step 1: Log into the Cisco Unified Communications Manager
Administration Interface.
* Step 3: Change the SIP Interoperability Enabled parameter to
False, and click Save.
Note: For a SIP processing change to take effect, the Cisco
CallManager service must be restarted. For information on how to
restart the service, refer to the "Restarting the Cisco CallManager
Service" section of the document at the following location:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124
It is possible to mitigate these vulnerabilities by implementing
filtering on screening devices and only permitting access to TCP
ports 5060 and 5061 and UDP ports 5060 and 5061 from networks that
require SIP access to Cisco Unified Communications Manager servers.
A workaround exists for the DoS vulnerabilities involving the Packet
Capture Service in Cisco Communications Manager version 4.x.
Customers who do not require the Packet Capture Service for
troubleshooting can use the following instructions to disable this
process:
* Step 1: Log into the Cisco Unified Communications Manager
Administration web interface.
* Step 3: Change the Packet Capture Enabled parameter to False, and
click Save.
Note: For the Packet Capture Service change to take effect, the Cisco
CallManager service must be restarted. For information on how to
restart the service, refer to the "Restarting the Cisco CallManager
Service" section of the document at the following location:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124
Additional mitigations that can be deployed on Cisco devices in the
network are available in the companion document "Cisco Applied
Mitigation Bulletin: Identifying and Mitigating Exploitation of the
Multiple Vulnerabilities in Cisco Unified Communications Manager"
which is available at the following location:
http://www.cisco.com/warp/public/707/cisco-amb-20110824-cucm-ime.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during internal testing and during
the troubleshooting of customer service requests.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2011-August-24 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iFcDBQFOVFpYQXnnBKKRMNARCOCeAPwP66zH85V+OOW8YRl94JMDc+UpiRzqoqUl
6C0WGFrBJgD/eR7bXF71he/ByVHVpfpY3qaX8M45+MqcqzIDrM6hbCY=
=kz9x
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
There are no available workarounds to mitigate these vulnerabilities.
Details
=======
Cisco Intercompany Media Engine provides a technique for establishing
direct IP connectivity between enterprises by combining peer-to-peer
technologies with the existing public switched telephone network
(PSTN) infrastructure. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing
Find out more, take a free test drive, and share your opinion with us:
http://secunia.com/blog/242
----------------------------------------------------------------------
TITLE:
Cisco Unified Communications Manager Multiple Denial of Service
Vulnerabilities
SECUNIA ADVISORY ID:
SA45738
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45738/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45738
RELEASE DATE:
2011-08-25
DISCUSS ADVISORY:
http://secunia.com/advisories/45738/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45738/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45738
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco Unified
Communications Manager, which can be exploited by malicious people to
cause a DoS (Denial of Service).
Note: This vulnerability only affects version 7.0.x and later.
The vulnerabilities are reported in versions 6.x, 7.x, and 8.x.
SOLUTION:
Update to version 6.1(5)SU3, 7.1(5b)SU4, 8.0(3a)SU2, 8.5(1)SU2, or
8.6(1).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201108-0094 | CVE-2011-2564 | Cisco Unified Communications Manager and Cisco Intercompany Media Engine Vulnerability in |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417. Cisco Unified Communications Manager is a call processing component in the Cisco IP Telephony solution. An unauthenticated attacker can send a specially crafted SAF packet to the affected device. The attacker can exploit the vulnerability to reload the device.
These issues are being tracked by Cisco Bug IDs CSCth26669 and CSCth19417.
Intercompany Media Engine versions 8.0.x are affected.
A workaround exists for the SIP and Packet Capture Service DoS
vulnerabilities.
Products Confirmed Not Vulnerable
+--------------------------------
All supported versions of Cisco Unified Communications Manager are
affected by one or more of the vulnerabilities described in this
advisory.
The first DoS vulnerability involves the Packet Capture Service which
is enabled by default. The Packet Capture Service fails to timeout or
close idle TCP connections. This vulnerability is documented in Cisco Bug ID
CSCtf97162 ( registered customers only) and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2011-2560.
The second DoS vulnerability involves certain configurations of Media
Termination Points (MTP). One-way audio may be observed when an MTP
is configured with the g729ar8 codec only. In certain situations, an
interruption in service may occur and a stack trace will be generated
by the Session Initiation Protocol (SIP) process when processing the
Session Description Protocol SDP portion of a SIP call. This
vulnerability is documented in Cisco Bug ID CSCtc61990 ( registered
customers only) and has been assigned CVE identifier CVE-2011-2561.
The third DoS vulnerability involves a coredump when processing
certain SIP INVITE messages. This vulnerability is documented in
Cisco Bug ID CSCth43256 ( registered customers only) and has been
assigned CVE identifier CVE-2011-2562. These vulnerabilities are documented in Cisco Bug IDs
CSCth26669 ( registered customers only) and CSCth19417 ( registered
customers only) and have been assigned CVE identifiers CVE-2011-2563
and CVE-2011-2564, respectively. That
advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-ime.shtml
Note: An established TCP connection with a three-way handshake is
required to trigger the SAF vulnerabilities.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCtf97162 - CCM Application Restarts During TCP Flood
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCtc61990 - Coredump may be experienced when processing
certain SIP packets
CVSS Base Score - 7.1
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 5.9
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth43256 - Coredump may be experienced when processing
certain SIP packets
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth26669 - CUCM may experience a reload when receiving certain
UCM client msgs
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCth19417 - CUCM may experience a reload when receiving certain
UCM client msgs
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerabilities that are described in
this advisory could result in the interruption of voice services. In
certain instances, the affected Cisco Unified Communications Manager
processes will restart, but repeated attacks may result in a
sustained DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Cisco recommends upgrading to a release equal to or later than the
release in the Recommended Releases column of the table.
+---------------------------------------+
| Cisco Unified | Recommended |
| Communications Manager | Releases |
| Version | |
|-------------------------+-------------|
| 6.x | 6.1(5)SU3 |
|-------------------------+-------------|
| 7.x | 7.1(5b)SU4 |
|-------------------------+-------------|
| 8.0 | 8.0(3a)SU2 |
|-------------------------+-------------|
| 8.5 | 8.5(1)SU2, |
| | 8.6(1) |
+---------------------------------------+
Workarounds
===========
A workaround exists for the SIP DoS vulnerabilities. SIP processing is enabled by
default. Customers who do not require SIP processing can use the
following instructions to disable SIP processing:
* Step 1: Log into the Cisco Unified Communications Manager
Administration Interface.
* Step 3: Change the SIP Interoperability Enabled parameter to
False, and click Save.
Note: For a SIP processing change to take effect, the Cisco
CallManager service must be restarted. For information on how to
restart the service, refer to the "Restarting the Cisco CallManager
Service" section of the document at the following location:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124
It is possible to mitigate these vulnerabilities by implementing
filtering on screening devices and only permitting access to TCP
ports 5060 and 5061 and UDP ports 5060 and 5061 from networks that
require SIP access to Cisco Unified Communications Manager servers.
A workaround exists for the DoS vulnerabilities involving the Packet
Capture Service in Cisco Communications Manager version 4.x.
Customers who do not require the Packet Capture Service for
troubleshooting can use the following instructions to disable this
process:
* Step 1: Log into the Cisco Unified Communications Manager
Administration web interface.
* Step 3: Change the Packet Capture Enabled parameter to False, and
click Save.
Note: For the Packet Capture Service change to take effect, the Cisco
CallManager service must be restarted. For information on how to
restart the service, refer to the "Restarting the Cisco CallManager
Service" section of the document at the following location:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124
Additional mitigations that can be deployed on Cisco devices in the
network are available in the companion document "Cisco Applied
Mitigation Bulletin: Identifying and Mitigating Exploitation of the
Multiple Vulnerabilities in Cisco Unified Communications Manager"
which is available at the following location:
http://www.cisco.com/warp/public/707/cisco-amb-20110824-cucm-ime.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during internal testing and during
the troubleshooting of customer service requests.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2011-August-24 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
+--------------------------------------------------------------------
Copyright 2010-2011 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iFcDBQFOVFpYQXnnBKKRMNARCOCeAPwP66zH85V+OOW8YRl94JMDc+UpiRzqoqUl
6C0WGFrBJgD/eR7bXF71he/ByVHVpfpY3qaX8M45+MqcqzIDrM6hbCY=
=kz9x
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
There are no available workarounds to mitigate these vulnerabilities.
Details
=======
Cisco Intercompany Media Engine provides a technique for establishing
direct IP connectivity between enterprises by combining peer-to-peer
technologies with the existing public switched telephone network
(PSTN) infrastructure. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing
Find out more, take a free test drive, and share your opinion with us:
http://secunia.com/blog/242
----------------------------------------------------------------------
TITLE:
Cisco Unified Communications Manager Multiple Denial of Service
Vulnerabilities
SECUNIA ADVISORY ID:
SA45738
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45738/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45738
RELEASE DATE:
2011-08-25
DISCUSS ADVISORY:
http://secunia.com/advisories/45738/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45738/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45738
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco Unified
Communications Manager, which can be exploited by malicious people to
cause a DoS (Denial of Service).
Note: This vulnerability only affects version 7.0.x and later.
The vulnerabilities are reported in versions 6.x, 7.x, and 8.x.
SOLUTION:
Update to version 6.1(5)SU3, 7.1(5b)SU4, 8.0(3a)SU2, 8.5(1)SU2, or
8.6(1).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201108-0311 | No CVE | Citrix Access Gateway login page cross-site scripting vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Citrix Access Gateway is a universal SSL VPN device. Part of the input on the relevant login page is missing filtering before returning to the user, and the attacker can exploit the vulnerability for cross-site scripting attacks, executing arbitrary HTML and script code on the target user's browser. Get sensitive information or hijack user sessions. The Citrix Access Gateway is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Citrix Access Gateway Enterprise Edition versions 9.2-49.8 and prior are vulnerable. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing
Find out more, take a free test drive, and share your opinion with us:
http://secunia.com/blog/242
----------------------------------------------------------------------
TITLE:
Citrix Access Gateway Unspecified Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID:
SA45726
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45726/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45726
RELEASE DATE:
2011-08-25
DISCUSS ADVISORY:
http://secunia.com/advisories/45726/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45726/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45726
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Citrix Access Gateway, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Certain unspecified input related to the logon portal is not properly
sanitised before being returned to the user.
SOLUTION:
Apply update.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://support.citrix.com/article/CTX129971
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201108-0296 | No CVE | SAP Netweaver \"EPS_DELETE_FILE()\" Arbitrary File Removal Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SAP NetWeaver is a service-oriented application and integration platform. Provides a development and runtime environment for SAP applications, as well as custom development and integration with other applications and systems. SAP NetWeaver has any file deletion vulnerability in the implementation of EPS_DELETE_FILE(). This vulnerability can be exploited by remote attackers to delete any file on the affected computer or to steal the hash of the SAP server account in the Windows environment through SMBRelay attack. An attacker can use the default SAP account (such as TMSADM or SAPCPIC) to remotely execute the function EPS_DELETE_FILE to delete any file in the OS, or send a hash of the SAP account to the remote host or perform a smbrelay attack.
Attackers can exploit this issue with directory-traversal strings ('../') to delete arbitrary files; this may aid in launching further attacks
| VAR-201108-0291 | CVE-2011-2827 | Google Chrome Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching. Google Chrome Has a deficiency in processing related to text search. (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, perform spoofing attacks, and bypass the same-origin policy; other attacks may also be possible.
Versions prior to Chrome 13.0.782.215 are vulnerable. Google Chrome is a web browser developed by Google (Google). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-12-4 Safari 5.1.1
Safari 5.1.1 is now available and addresses the following:
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a malicious website may cause the execution of
arbitrary Javascript in the context of installed Safari Extensions
Description: A directory traversal issue existed in the handling of
safari-extension:// URLs. Visiting a malicious website may cause
execution of arbitrary Javascript in the context of installed Safari
Extensions, which may have context-dependent ramifications including
files from the user's system being sent to a remote server.
CVE-ID
CVE-2011-3229 : Aaron Sigel of vtty.com
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: A policy issue existed in the handling of file:// URLs.
This issue does not affect Windows systems.
CVE-ID
CVE-2011-3230 : Aaron Sigel of vtty.com
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: An uninitialized memory access issue existed in the
handling of SSL certificates. This issue does not affect OS X Lion
systems or Windows systems.
CVE-ID
CVE-2011-3231 : Jason Broccardo of Fermi National Accelerator
Laboratory
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2011-1440 : Jose A. Vazquez of spa-s3c.blogspot.com
CVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2339 : Cris Neckar of the Google Chrome Security Team
CVE-2011-2341 : Apple
CVE-2011-2351 : miaubiz
CVE-2011-2352 : Apple
CVE-2011-2354 : Apple
CVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome
Security Team using AddressSanitizer
CVE-2011-2359 : miaubiz
CVE-2011-2788 : Mikolaj Malecki of Samsung
CVE-2011-2790 : miaubiz
CVE-2011-2792 : miaubiz
CVE-2011-2797 : miaubiz
CVE-2011-2799 : miaubiz
CVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-2811 : Apple
CVE-2011-2813 : Cris Neckar of Google Chrome Security Team using
AddressSanitizer
CVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2815 : SkyLined of Google Chrome Security Team
CVE-2011-2816 : Apple
CVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2818 : Martin Barbella
CVE-2011-2820 : Raman Tenneti and Philip Rogers of Google
CVE-2011-2823 : SkyLined of Google Chrome Security Team
CVE-2011-2827 : miaubiz
CVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-3232 : Aki Helin of OUSPG
CVE-2011-3233 : Sadrul Habib Chowdhury of the Chromium development
community, Cris Neckar and Abhishek Arya (Inferno) of Google Chrome
Security Team
CVE-2011-3234 : miaubiz
CVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the
Chromium development community, and Abhishek Arya (Inferno) of Google
Chrome Security Team
CVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the
Chromium development community, and Abhishek Arya (Inferno) of Google
Chrome Security Team
CVE-2011-3238 : Martin Barbella
CVE-2011-3239 : Slawomir Blazek
CVE-2011-3241 : Apple
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: A maliciously crafted website may be able to track the URLs
that a user visits within a frame
Description: A cross-origin issue existed in the handling of the
beforeload event.
CVE-ID
CVE-2011-2800 : Juho Nurminen
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
window.open method.
CVE-ID
CVE-2011-2805 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
document.documentURI property.
CVE-ID
CVE-2011-2819 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of
inactive DOM windows.
CVE-ID
CVE-2011-3243 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2
Impact: In Private Browsing mode, cookies may be set even if "Block
cookies" is set to "Always"
Description: A logic issue existed in the handling of cookies in
Private Browsing mode. This issue does not affect Windows systems.
CVE-ID
CVE-2011-3242 : John Adamczyk
Safari 5.1.1 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari for OS X Lion v10.7.2
The download file is named: Safari5.1.1Lion.dmg
Its SHA-1 digest is: 368113397d35475a0a4d0b0dbf3b31f543cfb4c5
Safari for Mac OS X v10.6.8
The download file is named: Safari5.1.1SnowLeopard.dmg
Its SHA-1 digest is: 4c588d86032ab24984b721354748f028b559fb37
Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: 5a2d3e0c0e601938f1d64d517e6a8199cd563d10
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: f0094f19b7a6b0a96a4fe6407b0037223ae44b15
Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 3dbfe52e5be6409d0ad1fcb22e747963e10db218
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOlLv6AAoJEGnF2JsdZQeeqOUH/RWDBq5xXEegxI+N92+9lB42
J6ZBcO8rrigAhYz59ZJG0NF8VGZI0DSFI+dxC8XeoKfiamvkaZo1lYGLdqWiTkxz
6ODprWbfGVcwFd9rNeCbIc9E5FV0SRbS1xCv+JnrwR2i2raqgAEWc4CpAcH5mgqT
5G2cWhwS8EMUNXZz/C0IjkfNBAjQ2c9BHVHj0Wid5vyXutju3WOcBXwqcbTpNANI
NiVHf5ucaRep6110riIYazuCdFLCcwZDaySw2n2ZhelliTz1tpCa7uVoJfZjyeyw
xwY/QjLDBTSpUYDTPC//XG7ZswptKHFjrX4KtxD9XTltq5wNGJavJzKf2qa4jrM=
=ZXdu
-----END PGP SIGNATURE-----
| VAR-201108-0287 | CVE-2011-2823 | Google Chrome Denial of service in Japan (DoS) Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, perform spoofing attacks, and bypass the same-origin policy; other attacks may also be possible.
Versions prior to Chrome 13.0.782.215 are vulnerable. Google Chrome is a web browser developed by Google (Google). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-12-4 Safari 5.1.1
Safari 5.1.1 is now available and addresses the following:
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a malicious website may cause the execution of
arbitrary Javascript in the context of installed Safari Extensions
Description: A directory traversal issue existed in the handling of
safari-extension:// URLs. Visiting a malicious website may cause
execution of arbitrary Javascript in the context of installed Safari
Extensions, which may have context-dependent ramifications including
files from the user's system being sent to a remote server.
CVE-ID
CVE-2011-3229 : Aaron Sigel of vtty.com
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: A policy issue existed in the handling of file:// URLs.
This issue does not affect Windows systems.
CVE-ID
CVE-2011-3230 : Aaron Sigel of vtty.com
Safari
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: An uninitialized memory access issue existed in the
handling of SSL certificates. This issue does not affect OS X Lion
systems or Windows systems.
CVE-ID
CVE-2011-3231 : Jason Broccardo of Fermi National Accelerator
Laboratory
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2011-1440 : Jose A. Vazquez of spa-s3c.blogspot.com
CVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2339 : Cris Neckar of the Google Chrome Security Team
CVE-2011-2341 : Apple
CVE-2011-2351 : miaubiz
CVE-2011-2352 : Apple
CVE-2011-2354 : Apple
CVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome
Security Team using AddressSanitizer
CVE-2011-2359 : miaubiz
CVE-2011-2788 : Mikolaj Malecki of Samsung
CVE-2011-2790 : miaubiz
CVE-2011-2792 : miaubiz
CVE-2011-2797 : miaubiz
CVE-2011-2799 : miaubiz
CVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2011-2811 : Apple
CVE-2011-2813 : Cris Neckar of Google Chrome Security Team using
AddressSanitizer
CVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2815 : SkyLined of Google Chrome Security Team
CVE-2011-2816 : Apple
CVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2818 : Martin Barbella
CVE-2011-2820 : Raman Tenneti and Philip Rogers of Google
CVE-2011-2823 : SkyLined of Google Chrome Security Team
CVE-2011-2827 : miaubiz
CVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-3232 : Aki Helin of OUSPG
CVE-2011-3233 : Sadrul Habib Chowdhury of the Chromium development
community, Cris Neckar and Abhishek Arya (Inferno) of Google Chrome
Security Team
CVE-2011-3234 : miaubiz
CVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the
Chromium development community, and Abhishek Arya (Inferno) of Google
Chrome Security Team
CVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the
Chromium development community, and Abhishek Arya (Inferno) of Google
Chrome Security Team
CVE-2011-3238 : Martin Barbella
CVE-2011-3239 : Slawomir Blazek
CVE-2011-3241 : Apple
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: A maliciously crafted website may be able to track the URLs
that a user visits within a frame
Description: A cross-origin issue existed in the handling of the
beforeload event.
CVE-ID
CVE-2011-2800 : Juho Nurminen
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
window.open method.
CVE-ID
CVE-2011-2805 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of the
document.documentURI property.
CVE-ID
CVE-2011-2819 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista,
XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-origin issue existed in the handling of
inactive DOM windows.
CVE-ID
CVE-2011-3243 : Sergey Glazunov
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.2, OS X Lion Server v10.7.2
Impact: In Private Browsing mode, cookies may be set even if "Block
cookies" is set to "Always"
Description: A logic issue existed in the handling of cookies in
Private Browsing mode. This issue does not affect Windows systems.
CVE-ID
CVE-2011-3242 : John Adamczyk
Safari 5.1.1 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari for OS X Lion v10.7.2
The download file is named: Safari5.1.1Lion.dmg
Its SHA-1 digest is: 368113397d35475a0a4d0b0dbf3b31f543cfb4c5
Safari for Mac OS X v10.6.8
The download file is named: Safari5.1.1SnowLeopard.dmg
Its SHA-1 digest is: 4c588d86032ab24984b721354748f028b559fb37
Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: 5a2d3e0c0e601938f1d64d517e6a8199cd563d10
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: f0094f19b7a6b0a96a4fe6407b0037223ae44b15
Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 3dbfe52e5be6409d0ad1fcb22e747963e10db218
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOlLv6AAoJEGnF2JsdZQeeqOUH/RWDBq5xXEegxI+N92+9lB42
J6ZBcO8rrigAhYz59ZJG0NF8VGZI0DSFI+dxC8XeoKfiamvkaZo1lYGLdqWiTkxz
6ODprWbfGVcwFd9rNeCbIc9E5FV0SRbS1xCv+JnrwR2i2raqgAEWc4CpAcH5mgqT
5G2cWhwS8EMUNXZz/C0IjkfNBAjQ2c9BHVHj0Wid5vyXutju3WOcBXwqcbTpNANI
NiVHf5ucaRep6110riIYazuCdFLCcwZDaySw2n2ZhelliTz1tpCa7uVoJfZjyeyw
xwY/QjLDBTSpUYDTPC//XG7ZswptKHFjrX4KtxD9XTltq5wNGJavJzKf2qa4jrM=
=ZXdu
-----END PGP SIGNATURE-----
| VAR-201108-0289 | CVE-2011-2825 | Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts. Used in multiple products Webkit There is a service disruption (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing and utilization of font objects. When the code parses the @font-face CSS element it does not validate that the font-family is legitimate. Later, if the same font-family is applied within CSS the code will access an invalid element of its internal font object. This can be leveraged by a remote attacker to execute code under the context of the user running the browser. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, perform spoofing attacks, and bypass the same-origin policy; other attacks may also be possible.
Versions prior to Chrome 13.0.782.215 are vulnerable. Google Chrome is a web browser developed by Google (Google).
These could be used in a malicious web site to direct the user to a
spoofed site that visually appears to be a legitimate domain. This
issue is addressed through an improved domain name validity check.
This issue does not affect OS X systems.
CVE-ID
CVE-2012-0640 : nshah
WebKit
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.3, OS X Lion Server v10.7.3, Windows 7, Vista,
XP SP2 or later
Impact: HTTP authentication credentials may be inadvertently
disclosed to another site
Description: If a site uses HTTP authentication and redirects to
another site, the authentication credentials may be sent to the other
site. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
1) An error within the CFNetwork component when handling URLs can be
exploited to disclose sensitive information by tricking the user into
visiting a malicious website.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
9) A cross-origin error in the WebKit component can be exploited to
bypass the same-origin policy and disclose a cookie by tricking the
user into visiting a malicious website.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
11) Multiple unspecified errors within the WebKit component can be
exploited to conduct cross-site scripting attacks.
12) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-03-07-2 iOS 5.1 Software Update
iOS 5.1 Software Update is now available and addresses the following:
CFNetwork
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of malformed
URLs. When accessing a maliciously crafted URL, CFNetwork could send
unexpected request headers.
CVE-ID
CVE-2012-0641 : Erling Ellingsen of Facebook
HFS
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Mounting a maliciously crafted disk image may lead to a
device shutdown or arbitrary code execution
Description: An integer underflow existed with the handling of HFS
catalog files.
CVE-ID
CVE-2012-0642 : pod2g
Kernel
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A malicious program could bypass sandbox restrictions
Description: A logic issue existed in the handling of debug system
calls. This may allow a malicious program to gain code execution in
other programs with the same user privileges.
CVE-ID
CVE-2012-0643 : 2012 iOS Jailbreak Dream Team
libresolv
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Applications that use the libresolv library may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: An integer overflow existed in the handling of DNS
resource records, which may lead to heap memory corruption.
CVE-ID
CVE-2011-3453 : Ilja van Sprundel of IOActive
Passcode Lock
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A race condition issue existed in the handling of slide
to dial gestures. This may allow a person with physical access to the
device to bypass the Passcode Lock screen.
CVE-ID
CVE-2012-0644 : Roland Kohler of the German Federal Ministry of
Economics and Technology
Safari
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Web page visits may be recorded in browser history even when
Private Browsing is active
Description: Safari's Private Browsing is designed to prevent
recording of a browsing session. Pages visited as a result of a site
using the JavaScript methods pushState or replaceState were recorded
in the browser history even when Private Browsing mode was active.
This issue is addressed by not recording such visits when Private
Browsing is active.
CVE-ID
CVE-2012-0585 : Eric Melville of American Express
Siri
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: An attacker with physical access to a locked phone could get
access to frontmost email message
Description: A design issue existed in Siri's lock screen
restrictions. If Siri was enabled for use on the lock screen, and
Mail was open with a message selected behind the lock screen, a voice
command could be used to send that message to an arbitrary recipient.
This issue is addressed by disabling forwarding of active messages
from the lock screen.
CVE-ID
CVE-2012-0645
VPN
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A maliciously crafted system configuration file may lead to
arbitrary code execution with system privileges
Description: A format string vulnerability existed in the handling
of racoon configuration files.
CVE-ID
CVE-2012-0646 : pod2g
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of cookies
Description: A cross-origin issue existed in WebKit, which may allow
cookies to be disclosed across origins.
CVE-ID
CVE-2011-3887 : Sergey Glazunov
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website and dragging content
with the mouse may lead to a cross-site scripting attack
Description: A cross-origin issue existed in WebKit, which may allow
content to be dragged and dropped across origins.
CVE-ID
CVE-2012-0590 : Adam Barth of Google Chrome Security Team
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: Multiple cross-origin issues existed in WebKit.
CVE-ID
CVE-2011-3881 : Sergey Glazunov
CVE-2012-0586 : Sergey Glazunov
CVE-2012-0587 : Sergey Glazunov
CVE-2012-0588 : Jochen Eisinger of Google Chrome Team
CVE-2012-0589 : Alan Austin of polyvore.com
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2011-2825 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-2833 : Apple
CVE-2011-2846 : Arthur Gerkis, miaubiz
CVE-2011-2847 : miaubiz, Abhishek Arya (Inferno) of Google Chrome
Security Team using AddressSanitizer
CVE-2011-2854 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2855 : Arthur Gerkis, wushi of team509 working with iDefense
VCP
CVE-2011-2857 : miaubiz
CVE-2011-2860 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2867 : Dirk Schulze
CVE-2011-2868 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2869 : Cris Neckar of Google Chrome Security Team using
AddressSanitizer
CVE-2011-2870 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2871 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2872 : Abhishek Arya (Inferno) and Cris Neckar of Google
Chrome Security Team using AddressSanitizer
CVE-2011-2873 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2877 : miaubiz
CVE-2011-3885 : miaubiz
CVE-2011-3888 : miaubiz
CVE-2011-3897 : pa_kt working with TippingPoint's Zero Day Initiative
CVE-2011-3908 : Aki Helin of OUSPG
CVE-2011-3909 : Google Chrome Security Team (scarybeasts) and Chu
CVE-2011-3928 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2012-0591 : miaubiz, and Martin Barbella
CVE-2012-0592 : Alexander Gavrun working with TippingPoint's Zero Day
Initiative
CVE-2012-0593 : Lei Zhang of the Chromium development community
CVE-2012-0594 : Adam Klein of the Chromium development community
CVE-2012-0595 : Apple
CVE-2012-0596 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0597 : miaubiz
CVE-2012-0598 : Sergey Glazunov
CVE-2012-0599 : Dmytro Gorbunov of SaveSources.com
CVE-2012-0600 : Marshall Greenblatt, Dharani Govindan of Google
Chrome, miaubiz, Aki Helin of OUSPG, Apple
CVE-2012-0601 : Apple
CVE-2012-0602 : Apple
CVE-2012-0603 : Apple
CVE-2012-0604 : Apple
CVE-2012-0605 : Apple
CVE-2012-0606 : Apple
CVE-2012-0607 : Apple
CVE-2012-0608 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0609 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0610 : miaubiz, Martin Barbella using AddressSanitizer
CVE-2012-0611 : Martin Barbella using AddressSanitizer
CVE-2012-0612 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0613 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0614 : miaubiz, Martin Barbella using AddressSanitizer
CVE-2012-0615 : Martin Barbella using AddressSanitizer
CVE-2012-0616 : miaubiz
CVE-2012-0617 : Martin Barbella using AddressSanitizer
CVE-2012-0618 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0619 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0620 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0621 : Martin Barbella using AddressSanitizer
CVE-2012-0622 : Dave Levin and Abhishek Arya of the Google Chrome
Security Team
CVE-2012-0623 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0624 : Martin Barbella using AddressSanitizer
CVE-2012-0625 : Martin Barbella
CVE-2012-0626 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0627 : Apple
CVE-2012-0628 : Slawomir Blazek, miaubiz, Abhishek Arya (Inferno) of
Google Chrome Security Team using AddressSanitizer
CVE-2012-0629 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2012-0630 : Sergio Villar Senin of Igalia
CVE-2012-0631 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2012-0632 : Cris Neckar of the Google Chrome Security Team using
AddressSanitizer
CVE-2012-0633 : Apple
CVE-2012-0635 : Julien Chaffraix of the Chromium development
community, Martin Barbella using AddressSanitizer
Installation note:
This update is only available through iTunes, and will not appear
in your computer's Software Update application, or in the Apple
Downloads site. Make sure you have an Internet connection and have
installed the latest version of iTunes from www.apple.com/itunes/
iTunes will automatically check Apple's update server on its weekly
schedule. When an update is detected, it will download it. When
the iPhone, iPod touch or iPad is docked, iTunes will present the
user with the option to install the update. We recommend applying
the update immediately if possible. Selecting Don't Install will
present the option the next time you connect your iPhone, iPod touch,
or iPad.
The automatic update process may take up to a week depending on the
day that iTunes checks for updates. You may manually obtain the
update via the Check for Updates button within iTunes. After doing
this, the update can be applied when your iPhone, iPod touch, or iPad
is docked to your computer.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be "5.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJPV6M3AAoJEGnF2JsdZQeef/cIAKBSn0czLzJO9fu6ZyjLRvxq
4pIZgfyEVGBzpn+9IeiGFTkkVf+bOsA+Q3RlcsG5g0RlbyFgnuWu59HHsnkrElbM
bCfnnTF5eYZX/3fnLzxpX7BUsEona3nf1gHfR24OeEn36C8rZ6rZJfMLqCJNNZGY
RDSga1oeMN/AbgZuR9sYKudkE0GOmkLZfR2G4WXmrU+JncR6XoROUwoJBPhg8z90
HAxgDEbduuLLOSe7CHLS3apbh0L2tmxPCWpiBmEMg6PTlFF0HhJQJ0wusrUc8nX6
7TDsAho73wCOpChzBGQeemc6+UEN2uDmUgwVkN6n4D/qN1u6E+d3coUXOlb8hIY=
=qPeE
-----END PGP SIGNATURE-----
| VAR-201108-0285 | CVE-2011-2821 | libxml2 Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, perform spoofing attacks, and bypass the same-origin policy; other attacks may also be possible.
Versions prior to Chrome 13.0.782.215 are vulnerable. Google Chrome is a web browser developed by Google (Google). ==========================================================================
Ubuntu Security Notice USN-1334-1
January 19, 2012
libxml2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Applications using libxml2 could be made to crash or run programs as your
login if they opened a specially crafted file. (CVE-2011-3919)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libxml2 2.7.8.dfsg-4ubuntu0.1
Ubuntu 11.04:
libxml2 2.7.8.dfsg-2ubuntu0.2
Ubuntu 10.10:
libxml2 2.7.7.dfsg-4ubuntu0.3
Ubuntu 10.04 LTS:
libxml2 2.7.6.dfsg-1ubuntu1.3
Ubuntu 8.04 LTS:
libxml2 2.6.31.dfsg-2ubuntu1.7
After a standard system update you need to reboot your computer to make
all the necessary changes.
Packages for 2009.0 are provided as of the Extended Maintenance
Program. The verification
of md5 checksums and GPG signatures is performed automatically for you.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
CVE-2011-2821:
A memory corruption (double free) bug has been identified in libxml2's XPath
engine. This vulnerability does not
affect the oldstable distribution (lenny).
CVE-2011-2834:
Yang Dingning discovered a double free vulnerability related to XPath handling.
For the oldstable distribution (lenny), this problem has been fixed in
version 2.6.32.dfsg-5+lenny5.
For the stable distribution (squeeze), this problem has been fixed in
version 2.7.8.dfsg-2+squeeze2.
For the testing distribution (wheezy), this problem has been fixed in
version 2.7.8.dfsg-7.
For the unstable distribution (sid), this problem has been fixed in
version 2.7.8.dfsg-7.
We recommend that you upgrade your libxml2 packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-24-1 Apple TV 5.1
Apple TV 5.1 is now available and addresses the following:
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access existed in the handling
of Sorenson encoded movie files. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2012-3722 : Will Dormann of the CERT/CC
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A malicious Wi-Fi network may be able to determine networks
a device has previously accessed
Description: Upon connecting to a Wi-Fi network, iOS may broadcast
MAC addresses of previously accessed networks per the DNAv4
protocol. This issue was addressed by disabling DNAv4 on unencrypted
Wi-Fi networks
CVE-ID
CVE-2012-3725 : Mark Wuergler of Immunity, Inc.
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted TIFF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of
ThunderScan encoded TIFF images. This issue was addressed by updating
libtiff to version 3.9.5.
CVE-ID
CVE-2011-1167
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted PNG image may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libpng's
handling of PNG images. These issues were addressed through improved
validation of PNG images.
CVE-ID
CVE-2011-3026 : Juri Aedla
CVE-2011-3048
CVE-2011-3328
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted JPEG image may lead to an
unexpected application termination or arbitrary code execution
Description: A double free issue existed in ImageIO's handling of
JPEG images. This issue was addressed through improved memory
management.
CVE-ID
CVE-2012-3726 : Phil of PKJE Consulting
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in libTIFF's handling
of TIFF images. This issue was addressed through improved validation
of TIFF images. This issue does not affect OS X Mountain Lion
systems.
CVE-ID
CVE-2012-1173
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Applications that use ICU may be vulnerable to an unexpected
application termination or arbitrary code execution
Description: A stack buffer overflow existed in the handling of ICU
locale IDs. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2011-4599
Apple TV
Available for: Apple TV 2nd generation and later
Impact: An attacker with a privileged network position may cause an
unexpected application termination or arbitrary code execution
Description: Multiple vulnerabilities existed in libxml, the most
serious of which may lead to an unexpected application termination or
arbitrary code execution. These issues were addressed by applying the
relevant upstream patches.
CVE-ID
CVE-2011-1944 : Chris Evans of Google Chrome Security Team
CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences
CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences
CVE-2011-3919 : Juri Aedla
Apple TV
Available for: Apple TV 2nd generation and later
Impact: An attacker with a privileged network position may cause an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in
JavaScriptCore. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".
To check the current version of software, select
"Settings -> General -> About". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: libxml2: Multiple vulnerabilities
Date: October 26, 2011
Bugs: #345555, #370715, #386985
ID: 201110-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities were found in libxml2 which could lead to
execution of arbitrary code or a Denial of Service.
Background
==========
libxml2 is the XML C parser and toolkit developed for the Gnome
project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxml2 < 2.7.8-r3 >= 2.7.8-r3
Description
===========
Multiple vulnerabilities have been discovered in libxml2. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All libxml2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.8-r3"
References
==========
[ 1 ] CVE-2010-4008
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4008
[ 2 ] CVE-2010-4494
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4494
[ 3 ] CVE-2011-1944
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1944
[ 4 ] CVE-2011-2821
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2821
[ 5 ] CVE-2011-2834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2834
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-26.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. Relevant releases
ESX 5.0 without patch ESXi500-201207101-SG
3. Problem Description
a. ESXi update to third party component libxml2
The libxml2 third party library has been updated which addresses
multiple security issues
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-4008, CVE-2010-4494, CVE-2011-0216,
CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905,
CVE-2011-3919 and CVE-2012-0841 to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
========== ======== ======== =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 5.0 any ESXi500-201207101-SG
ESXi 4.1 any patch pending
ESXi 4.0 any patch pending
ESXi 3.5 any patch pending
ESX any any not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
Note: "patch pending" means that the product is affected,
but no patch is currently available. The advisory will be
updated when a patch is available. Solution
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.
ESXi 5.0
--------
ESXi500-201207001
md5sum: 01196c5c1635756ff177c262cb69a848
sha1sum: 85936f5439100cd5fb55c7add574b5b3b937fe86
http://kb.vmware.com/kb/2020571
ESXi500-201207001 contains ESXi500-201207101-SG
5. Change log
2012-07-12 VMSA-2012-0012
Initial security advisory in conjunction with the release of a patch
for ESXi 5.0 on 2012-07-12. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2012 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: mingw32-libxml2 security update
Advisory ID: RHSA-2013:0217-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0217.html
Issue date: 2013-01-31
CVE Names: CVE-2010-4008 CVE-2010-4494 CVE-2011-0216
CVE-2011-1944 CVE-2011-2821 CVE-2011-2834
CVE-2011-3102 CVE-2011-3905 CVE-2011-3919
CVE-2012-0841 CVE-2012-5134
=====================================================================
1. Summary:
Updated mingw32-libxml2 packages that fix several security issues are now
available for Red Hat Enterprise Linux 6. This advisory also contains
information about future updates for the mingw32 packages, as well as the
deprecation of the packages with the release of Red Hat
Enterprise Linux 6.4.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch
Red Hat Enterprise Linux Server Optional (v. 6) - noarch
Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch
3. Description:
These packages provide the libxml2 library, a development toolbox providing
the implementation of various XML standards, for users of MinGW (Minimalist
GNU for Windows).
IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no
longer be updated proactively and will be deprecated with the release of
Red Hat Enterprise Linux 6.4. These packages were provided to support other
capabilities in Red Hat Enterprise Linux and were not intended for direct
customer use. Customers are advised to not use these packages with
immediate effect. Future updates to these packages will be at Red Hat's
discretion and these packages may be removed in a future minor release.
A heap-based buffer overflow flaw was found in the way libxml2 decoded
entity references with long names. A remote attacker could provide a
specially-crafted XML file that, when opened in an application linked
against libxml2, would cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2011-3919)
A heap-based buffer underflow flaw was found in the way libxml2 decoded
certain entities. A remote attacker could provide a specially-crafted XML
file that, when opened in an application linked against libxml2, would
cause the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application. (CVE-2012-5134)
It was found that the hashing routine used by libxml2 arrays was
susceptible to predictable hash collisions. Sending a specially-crafted
message to an XML service could result in longer processing time, which
could lead to a denial of service. To mitigate this issue, randomization
has been added to the hashing function to reduce the chance of an attacker
successfully causing intentional collisions. (CVE-2012-0841)
Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path
Language) expressions. (CVE-2010-4008, CVE-2010-4494,
CVE-2011-2821, CVE-2011-2834)
Two heap-based buffer overflow flaws were found in the way libxml2 decoded
certain XML files. A remote attacker could provide a specially-crafted XML
file that, when opened in an application linked against libxml2, would
cause the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application. (CVE-2011-0216,
CVE-2011-3102)
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way libxml2 parsed certain XPath expressions. (CVE-2011-1944)
An out-of-bounds memory read flaw was found in libxml2. A remote attacker
could provide a specially-crafted XML file that, when opened in an
application linked against libxml2, would cause the application to crash.
(CVE-2011-3905)
Red Hat would like to thank the Google Security Team for reporting the
CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the
original reporter of CVE-2010-4008.
All users of mingw32-libxml2 are advised to upgrade to these updated
packages, which contain backported patches to correct these issues.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis
665963 - CVE-2010-4494 libxml2: double-free in XPath processing code
709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets
724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding
735712 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT
735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT
767387 - CVE-2011-3905 libxml2 out of bounds read
771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name
787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS
822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation
880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
6. Package List:
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch:
mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch:
mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch:
mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch:
mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2010-4008.html
https://www.redhat.com/security/data/cve/CVE-2010-4494.html
https://www.redhat.com/security/data/cve/CVE-2011-0216.html
https://www.redhat.com/security/data/cve/CVE-2011-1944.html
https://www.redhat.com/security/data/cve/CVE-2011-2821.html
https://www.redhat.com/security/data/cve/CVE-2011-2834.html
https://www.redhat.com/security/data/cve/CVE-2011-3102.html
https://www.redhat.com/security/data/cve/CVE-2011-3905.html
https://www.redhat.com/security/data/cve/CVE-2011-3919.html
https://www.redhat.com/security/data/cve/CVE-2012-0841.html
https://www.redhat.com/security/data/cve/CVE-2012-5134.html
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRCujqXlSAg2UNWIIRAq0HAJ41YXDqlCpJkg97YuQmaF2MqKDIpACgn5j7
sLTqWGtUMTYIUvLH8YXGFX4=
=rOjB
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201108-0358 | No CVE | Inductive Automation Ignition Remote Information Disclosure Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Ignition is prone to an information-disclosure vulnerability.
Exploiting this issue could allow an attacker to gain access to potentially sensitive information. Information obtained may aid in further attacks.
Versions prior to Ignition 7.2.8.178 are vulnerable. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing
Find out more, take a free test drive, and share your opinion with us:
http://secunia.com/blog/242
----------------------------------------------------------------------
TITLE:
Inductive Automation Ignition File Disclosure Vulnerability
SECUNIA ADVISORY ID:
SA45896
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45896/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45896
RELEASE DATE:
2011-09-06
DISCUSS ADVISORY:
http://secunia.com/advisories/45896/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45896/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45896
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Inductive Automation Ignition,
which can be exploited by malicious people to disclose potentially
sensitive information.
Certain unspecified input passed via the URL is not properly verified
before being used to display files. This can be exploited to disclose
the contents of files.
SOLUTION:
Update to version 7.2.8.178.
PROVIDED AND/OR DISCOVERED BY:
Rub\xe9n Santamarta via ICS-CERT.
ORIGINAL ADVISORY:
http://www.us-cert.gov/control_systems/pdf/ICSA-11-231-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201302-0006 | CVE-2011-5263 | SAP Netweaver 'server' Parameter Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP Netweaver is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing
Find out more, take a free test drive, and share your opinion with us:
http://secunia.com/blog/242
----------------------------------------------------------------------
TITLE:
SAP NetWeaver "server" Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID:
SA45708
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45708/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45708
RELEASE DATE:
2011-08-23
DISCUSS ADVISORY:
http://secunia.com/advisories/45708/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/45708/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45708
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Dmitriy Evdokimov has reported a vulnerability in SAP NetWeaver,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Input passed via the "server" parameter to the RetrieveMailExamples
servlet is not properly sanitised before being returned to the user.
SOLUTION:
Apply fixes. Please see the vendor's advisory for details.
PROVIDED AND/OR DISCOVERED BY:
Dmitriy Evdokimov, Digital Security Research Group (DSecRG).
ORIGINAL ADVISORY:
SAP:
https://service.sap.com/sap/support/notes/1553292
Digital Security Research Group:
http://dsecrg.com/pages/vul/show.php?id=330
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201108-0130 | CVE-2011-3170 | CUPS of gif_read_lzw Heap-based buffer overflow vulnerability in functions |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. CUPS is prone to a heap-based buffer-overflow vulnerability because of a failure to properly bounds-check user-supplied data.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected application; failed exploit attempts may cause denial-of-service conditions.
CUPS 1.4.8 is vulnerable. Other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:146
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cups
Date : October 11, 2011
Affected: 2009.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in cups:
The cupsDoAuthentication function in auth.c in the client in CUPS
before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a
demand for authorization, which allows remote CUPS servers to cause
a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses
(CVE-2010-2432).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3170
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
451f5c217b5607e6ae8e2c091b7ecc75 2009.0/i586/cups-1.3.10-0.5mdv2009.0.i586.rpm
0c7f78718f376f9df426aa4dc1b6f93e 2009.0/i586/cups-common-1.3.10-0.5mdv2009.0.i586.rpm
deefb9a51325690a9f4fe8fe519faf9f 2009.0/i586/cups-serial-1.3.10-0.5mdv2009.0.i586.rpm
bdea2daf7c44f8a5250df2d548a9e030 2009.0/i586/libcups2-1.3.10-0.5mdv2009.0.i586.rpm
dd60444ba124fa9c024375b9356848d6 2009.0/i586/libcups2-devel-1.3.10-0.5mdv2009.0.i586.rpm
680ac463439bb2332229a52fb1d8a4c4 2009.0/i586/php-cups-1.3.10-0.5mdv2009.0.i586.rpm
67417654d026df854d35370724c1565b 2009.0/SRPMS/cups-1.3.10-0.5mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
557d87c9d241ae39c785c6373dd8b70f 2009.0/x86_64/cups-1.3.10-0.5mdv2009.0.x86_64.rpm
f68379827c3e1dd18601fff8dd19621f 2009.0/x86_64/cups-common-1.3.10-0.5mdv2009.0.x86_64.rpm
5439dfb021e198212a04698d95ddb5f2 2009.0/x86_64/cups-serial-1.3.10-0.5mdv2009.0.x86_64.rpm
6567d318f829bafaa625262159589806 2009.0/x86_64/lib64cups2-1.3.10-0.5mdv2009.0.x86_64.rpm
17f56ba710371a2297d13880fc7676d7 2009.0/x86_64/lib64cups2-devel-1.3.10-0.5mdv2009.0.x86_64.rpm
8d29304cb6f1bbb89682bf852a2da6ed 2009.0/x86_64/php-cups-1.3.10-0.5mdv2009.0.x86_64.rpm
67417654d026df854d35370724c1565b 2009.0/SRPMS/cups-1.3.10-0.5mdv2009.0.src.rpm
Mandriva Linux 2010.1:
333f2b8f389a7210be1123ce092bbb8b 2010.1/i586/cups-1.4.3-3.2mdv2010.2.i586.rpm
2f753bd61e2726d1099d2dd3d57f2eca 2010.1/i586/cups-common-1.4.3-3.2mdv2010.2.i586.rpm
2d9ae53f0a159618391ef18c94561408 2010.1/i586/cups-serial-1.4.3-3.2mdv2010.2.i586.rpm
9fbb242780d33b802667d5babdeff105 2010.1/i586/libcups2-1.4.3-3.2mdv2010.2.i586.rpm
461913f016aa628f81379e1a4e67151b 2010.1/i586/libcups2-devel-1.4.3-3.2mdv2010.2.i586.rpm
3b907ebc975bbf2d700edd64d44e5e79 2010.1/i586/php-cups-1.4.3-3.2mdv2010.2.i586.rpm
d079c755b005a0336eef88cdaf7124a4 2010.1/SRPMS/cups-1.4.3-3.2mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
0eb77a9809fcd349c3fa223781f7794e 2010.1/x86_64/cups-1.4.3-3.2mdv2010.2.x86_64.rpm
e5e69d444efa6344cff81af4278c9755 2010.1/x86_64/cups-common-1.4.3-3.2mdv2010.2.x86_64.rpm
6c0a637a71baa5c5a58ce5c4b28d0137 2010.1/x86_64/cups-serial-1.4.3-3.2mdv2010.2.x86_64.rpm
b34fcde9ed6ef29b76e816f800d11237 2010.1/x86_64/lib64cups2-1.4.3-3.2mdv2010.2.x86_64.rpm
ebc1a568d6dee5bf1d88bdceded2a716 2010.1/x86_64/lib64cups2-devel-1.4.3-3.2mdv2010.2.x86_64.rpm
98f1846e79b75e9e0a3e98b15385d80d 2010.1/x86_64/php-cups-1.4.3-3.2mdv2010.2.x86_64.rpm
d079c755b005a0336eef88cdaf7124a4 2010.1/SRPMS/cups-1.4.3-3.2mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
776e12f8d570445f63c0a9437fcddd2e mes5/i586/cups-1.3.10-0.5mdvmes5.2.i586.rpm
ad33a9c8115cc83c1008028bcb0e29c7 mes5/i586/cups-common-1.3.10-0.5mdvmes5.2.i586.rpm
21b795c7736553fd6a825598976c866b mes5/i586/cups-serial-1.3.10-0.5mdvmes5.2.i586.rpm
c3fd62dd50d3ce0b96ef0b3c2520ff89 mes5/i586/libcups2-1.3.10-0.5mdvmes5.2.i586.rpm
34b4518819bfac3d5ea9d6e925b7945b mes5/i586/libcups2-devel-1.3.10-0.5mdvmes5.2.i586.rpm
5403247140449d963d791c54df419b18 mes5/i586/php-cups-1.3.10-0.5mdvmes5.2.i586.rpm
ad71fafb07ed353fa7addfad6049cf8b mes5/SRPMS/cups-1.3.10-0.5mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
7f11915d7803d01df1840d891882e6ba mes5/x86_64/cups-1.3.10-0.5mdvmes5.2.x86_64.rpm
1a364126747bf4f24987c184344c4ec4 mes5/x86_64/cups-common-1.3.10-0.5mdvmes5.2.x86_64.rpm
3d728c0528cc1ad0d23b1a511c122f68 mes5/x86_64/cups-serial-1.3.10-0.5mdvmes5.2.x86_64.rpm
1abee6673d58115557b11c5fded196d2 mes5/x86_64/lib64cups2-1.3.10-0.5mdvmes5.2.x86_64.rpm
dab5b4d9ef8442301b180e21fc003b45 mes5/x86_64/lib64cups2-devel-1.3.10-0.5mdvmes5.2.x86_64.rpm
91955cdd36674dc12ba5bb716c2bee36 mes5/x86_64/php-cups-1.3.10-0.5mdvmes5.2.x86_64.rpm
ad71fafb07ed353fa7addfad6049cf8b mes5/SRPMS/cups-1.3.10-0.5mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFOktgPmqjQ0CJFipgRAhG2AKCAuUZh2rvZdtbjtd0ycVemOY39TQCgn0jF
Ee6oHfd4+Nq17qNb0y7s7Nc=
=lZgy
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.8-1+lenny10.
For the stable distribution (squeeze), this problem has been fixed in
version 1.4.4-7+squeeze1.
For the testing and unstable distribution (sid), this problem has been
fixed in version 1.5.0-8.
We recommend that you upgrade your cups packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201207-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: CUPS: Multiple vulnerabilities
Date: July 09, 2012
Bugs: #295256, #308045, #325551, #380771
ID: 201207-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in CUPS, some of which may
allow execution of arbitrary code or local privilege escalation.
Background
==========
CUPS, the Common Unix Printing System, is a full-featured print server.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-print/cups < 1.4.8-r1 >= 1.4.8-r1
Description
===========
Multiple vulnerabilities have been discovered in CUPS. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker may be able to execute arbitrary code using specially
crafted streams, IPP requests or files, or cause a Denial of Service
(daemon crash or hang). A local attacker may be able to gain escalated
privileges or overwrite arbitrary files. Furthermore, a remote attacker
may be able to obtain sensitive information from the CUPS process or
hijack a CUPS administrator authentication request.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All CUPS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since September 03, 2011. It is likely that your system is
already no longer affected by this issue.
References
==========
[ 1 ] CVE-2009-3553
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553
[ 2 ] CVE-2010-0302
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302
[ 3 ] CVE-2010-0393
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393
[ 4 ] CVE-2010-0540
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540
[ 5 ] CVE-2010-0542
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542
[ 6 ] CVE-2010-1748
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748
[ 7 ] CVE-2010-2431
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431
[ 8 ] CVE-2010-2432
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432
[ 9 ] CVE-2010-2941
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941
[ 10 ] CVE-2011-3170
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201207-10.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ==========================================================================
Ubuntu Security Notice USN-1207-1
September 14, 2011
cups, cupsys vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
An attacker could send crafted print jobs to CUPS and cause it to crash or
run programs.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
libcupsimage2 1.4.6-5ubuntu1.4
Ubuntu 10.10:
libcupsimage2 1.4.4-6ubuntu2.4
Ubuntu 10.04 LTS:
libcupsimage2 1.4.3-1ubuntu1.5
Ubuntu 8.04 LTS:
libcupsimage2 1.3.7-1ubuntu3.13
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1207-1
CVE-2011-2896, CVE-2011-3170
Package Information:
https://launchpad.net/ubuntu/+source/cups/1.4.6-5ubuntu1.4
https://launchpad.net/ubuntu/+source/cups/1.4.4-6ubuntu2.4
https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.5
https://launchpad.net/ubuntu/+source/cupsys/1.3.7-1ubuntu3.13