VARIoT IoT vulnerabilities database

Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote attackers to cause a denial of service (device reload) by establishing two SSH2 sessions, aka Bug ID CSCto62631. Cisco IOS is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCto62631. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a "narrow timing window," aka Bug ID CSCtf74999, a different vulnerability than CVE-2007-0199, CVE-2008-1152, and CVE-2009-0629. Cisco IOS Service disruption when the data link switching function is set ( Device crash ) There is a vulnerability that becomes a condition. The problem is Bug IDs CSCtf74999 It is a problem. Cisco IOS is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtf74999. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. The problem is CVE-2006-1168 and CVE-2011-2895 May be related toA third party could be put into an infinite loop and execute arbitrary code through a crafted compressed stream. The software enables a variety of image manipulations, including photo retouching, image compositing, and image creation. Description: The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Bugs fixed (http://bugzilla.redhat.com/): 727800 - CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow 839020 - CVE-2012-3403 gimp (CEL plug-in): heap buffer overflow when loading external palette files 847303 - CVE-2012-3481 Gimp (GIF plug-in): Heap-based buffer overflow by loading certain GIF images 6. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. ========================================================================== Ubuntu Security Notice USN-1214-1 September 22, 2011 gimp vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: GIMP could be made to run programs as your login if it opened a specially crafted GIF file. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: gimp 2.6.11-1ubuntu6.2 Ubuntu 10.10: gimp 2.6.10-1ubuntu3.4 Ubuntu 10.04 LTS: gimp 2.6.8-2ubuntu1.4 In general, a standard system update will make all the necessary changes. CVE-2011-1782 The correction for CVE-2010-4543 was incomplete. For the stable distribution (squeeze), these problems have been fixed in version 2.6.10-1+squeeze3. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 2.6.11-5. We recommend that you upgrade your gimp packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GIMP: Multiple vulnerabilities Date: September 28, 2012 Bugs: #293127, #350915, #372975, #379289, #418425, #432582 ID: 201209-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in GIMP, the worst of which allow execution of arbitrary code or Denial of Service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/gimp < 2.6.12-r2 >= 2.6.12-r2 Description =========== Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All GIMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.6.12-r2" References ========== [ 1 ] CVE-2009-1570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1570 [ 2 ] CVE-2009-3909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3909 [ 3 ] CVE-2010-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4540 [ 4 ] CVE-2010-4541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4541 [ 5 ] CVE-2010-4542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4542 [ 6 ] CVE-2010-4543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4543 [ 7 ] CVE-2011-1178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1178 [ 8 ] CVE-2011-2896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2896 [ 9 ] CVE-2012-2763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2763 [ 10 ] CVE-2012-3402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3402 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-23.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: cups security and bug fix update Advisory ID: RHSA-2011:1635-03 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1635.html Issue date: 2011-12-06 CVE Names: CVE-2011-2896 ===================================================================== 1. Summary: Updated cups packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the "lp" user. (CVE-2011-2896) These updated cups packages also provide fixes for the following bugs: * Previously CUPS was not correctly handling the language setting LANG=en_US.ASCII. As a consequence lpadmin, lpstat and lpinfo binaries were not displaying any output when the LANG=en_US.ASCII environment variable was used. As a result of this update the problem is fixed and the expected output is now displayed. (BZ#681836) * Previously the scheduler did not check for empty values of several configuration directives. As a consequence it was possible for the CUPS daemon (cupsd) to crash when a configuration file contained certain empty values. With this update the problem is fixed and cupsd no longer crashes when reading such a configuration file. (BZ#706673) * Previously when printing to a raw print queue, when using certain printer models, CUPS was incorrectly sending SNMP queries. As a consequence there was a noticeable 4-second delay between queueing the job and the start of printing. With this update the problem is fixed and CUPS no longer tries to collect SNMP supply and status information for raw print queues. (BZ#709896) * Previously when using the BrowsePoll directive it could happen that the CUPS printer polling daemon (cups-polld) began polling before the network interfaces were set up after a system boot. CUPS was then caching the failed hostname lookup. As a consequence no printers were found and the error, "Host name lookup failure", was logged. With this update the code that re-initializes the resolver after failure in cups-polld is fixed and as a result CUPS will obtain the correct network settings to use in printer discovery. (BZ#712430) * The MaxJobs directive controls the maximum number of print jobs that are kept in memory. Previously, once the number of jobs reached the limit, the CUPS system failed to automatically purge the data file associated with the oldest completed job from the system in order to make room for a new print job. This bug has been fixed, and the jobs beyond the set limit are now properly purged. (BZ#735505) * The cups init script (/etc/rc.d/init.d/cups) uses the daemon function (from /etc/rc.d/init.d/functions) to start the cups process, but previously it did not source a configuration file from the /etc/sysconfig/ directory. As a consequence, it was difficult to cleanly set the nice level or cgroup for the cups daemon by setting the NICELEVEL or CGROUP_DAEMON variables. With this update, the init script is fixed. (BZ#744791) All users of CUPS are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the cupsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 681836 - lpstat bug with ASCII encoding, LANG=en_US.ASCII lpstat -h localhost -s 706673 - Cups config parsing segfault 712430 - printers are not found after system boot 727800 - CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow 735505 - CUPS is not purging JobFiles when MaxJobs is reached in RHEL6.1 744791 - cups init script should source /etc/sysconfig/cups 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/cups-1.4.2-44.el6.src.rpm i386: cups-1.4.2-44.el6.i686.rpm cups-debuginfo-1.4.2-44.el6.i686.rpm cups-libs-1.4.2-44.el6.i686.rpm cups-lpd-1.4.2-44.el6.i686.rpm x86_64: cups-1.4.2-44.el6.x86_64.rpm cups-debuginfo-1.4.2-44.el6.i686.rpm cups-debuginfo-1.4.2-44.el6.x86_64.rpm cups-libs-1.4.2-44.el6.i686.rpm cups-libs-1.4.2-44.el6.x86_64.rpm cups-lpd-1.4.2-44.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/cups-1.4.2-44.el6.src.rpm i386: cups-debuginfo-1.4.2-44.el6.i686.rpm cups-devel-1.4.2-44.el6.i686.rpm cups-php-1.4.2-44.el6.i686.rpm x86_64: cups-debuginfo-1.4.2-44.el6.i686.rpm cups-debuginfo-1.4.2-44.el6.x86_64.rpm cups-devel-1.4.2-44.el6.i686.rpm cups-devel-1.4.2-44.el6.x86_64.rpm cups-php-1.4.2-44.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/cups-1.4.2-44.el6.src.rpm x86_64: cups-1.4.2-44.el6.x86_64.rpm cups-debuginfo-1.4.2-44.el6.i686.rpm cups-debuginfo-1.4.2-44.el6.x86_64.rpm cups-libs-1.4.2-44.el6.i686.rpm cups-libs-1.4.2-44.el6.x86_64.rpm cups-lpd-1.4.2-44.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/cups-1.4.2-44.el6.src.rpm x86_64: cups-debuginfo-1.4.2-44.el6.i686.rpm cups-debuginfo-1.4.2-44.el6.x86_64.rpm cups-devel-1.4.2-44.el6.i686.rpm cups-devel-1.4.2-44.el6.x86_64.rpm cups-php-1.4.2-44.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cups-1.4.2-44.el6.src.rpm i386: cups-1.4.2-44.el6.i686.rpm cups-debuginfo-1.4.2-44.el6.i686.rpm cups-devel-1.4.2-44.el6.i686.rpm cups-libs-1.4.2-44.el6.i686.rpm cups-lpd-1.4.2-44.el6.i686.rpm ppc64: cups-1.4.2-44.el6.ppc64.rpm cups-debuginfo-1.4.2-44.el6.ppc.rpm cups-debuginfo-1.4.2-44.el6.ppc64.rpm cups-devel-1.4.2-44.el6.ppc.rpm cups-devel-1.4.2-44.el6.ppc64.rpm cups-libs-1.4.2-44.el6.ppc.rpm cups-libs-1.4.2-44.el6.ppc64.rpm cups-lpd-1.4.2-44.el6.ppc64.rpm s390x: cups-1.4.2-44.el6.s390x.rpm cups-debuginfo-1.4.2-44.el6.s390.rpm cups-debuginfo-1.4.2-44.el6.s390x.rpm cups-devel-1.4.2-44.el6.s390.rpm cups-devel-1.4.2-44.el6.s390x.rpm cups-libs-1.4.2-44.el6.s390.rpm cups-libs-1.4.2-44.el6.s390x.rpm cups-lpd-1.4.2-44.el6.s390x.rpm x86_64: cups-1.4.2-44.el6.x86_64.rpm cups-debuginfo-1.4.2-44.el6.i686.rpm cups-debuginfo-1.4.2-44.el6.x86_64.rpm cups-devel-1.4.2-44.el6.i686.rpm cups-devel-1.4.2-44.el6.x86_64.rpm cups-libs-1.4.2-44.el6.i686.rpm cups-libs-1.4.2-44.el6.x86_64.rpm cups-lpd-1.4.2-44.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cups-1.4.2-44.el6.src.rpm i386: cups-debuginfo-1.4.2-44.el6.i686.rpm cups-php-1.4.2-44.el6.i686.rpm ppc64: cups-debuginfo-1.4.2-44.el6.ppc64.rpm cups-php-1.4.2-44.el6.ppc64.rpm s390x: cups-debuginfo-1.4.2-44.el6.s390x.rpm cups-php-1.4.2-44.el6.s390x.rpm x86_64: cups-debuginfo-1.4.2-44.el6.x86_64.rpm cups-php-1.4.2-44.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cups-1.4.2-44.el6.src.rpm i386: cups-1.4.2-44.el6.i686.rpm cups-debuginfo-1.4.2-44.el6.i686.rpm cups-devel-1.4.2-44.el6.i686.rpm cups-libs-1.4.2-44.el6.i686.rpm cups-lpd-1.4.2-44.el6.i686.rpm x86_64: cups-1.4.2-44.el6.x86_64.rpm cups-debuginfo-1.4.2-44.el6.i686.rpm cups-debuginfo-1.4.2-44.el6.x86_64.rpm cups-devel-1.4.2-44.el6.i686.rpm cups-devel-1.4.2-44.el6.x86_64.rpm cups-libs-1.4.2-44.el6.i686.rpm cups-libs-1.4.2-44.el6.x86_64.rpm cups-lpd-1.4.2-44.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cups-1.4.2-44.el6.src.rpm i386: cups-debuginfo-1.4.2-44.el6.i686.rpm cups-php-1.4.2-44.el6.i686.rpm x86_64: cups-debuginfo-1.4.2-44.el6.x86_64.rpm cups-php-1.4.2-44.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2896.html https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFO3jdAXlSAg2UNWIIRAuf9AJ40wZu4zvl7/JluD0pOAIRHpsC9WACfQlq4 m4F9XjZwY5c1UV+v9+pq1hs= =YoxJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Quicktime handles the 'trun' atom. Quicktime uses user supplied data in the 'sampleCount' field to calculate a buffer size. An integer wrap can occur that results in the allocation of a memory buffer that is smaller than intended. When Quicktime writes to this buffer it causes a memory corruption that can lead to remote code execution under the context of the current user. Apple Mac OS X is prone to an integer-overflow vulnerability that occurs in QuickTime. Failed exploit attempts will likely result in denial-of-service conditions. The following versions are affected: Mac OS X 10.6 through v10.6.7 Mac OS X Server 10.6 through v10.6.7. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. ZDI-11-254: Apple QuickTime 'trun' atom sampleCount Integer Overflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-254 August 16, 2011 -- CVE ID: CVE-2011-0256 -- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11582. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4826 -- Disclosure Timeline: 2011-06-03 - Vulnerability reported to vendor 2011-08-16 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypass LTPA token signature verification by leveraging lack of thread safety. IBM LTPA STS is prone to a security vulnerability related to the way it handles threads. The impact of this issue is currently unknown at the moment; however typical scenario may result in a denial-of-service condition or arbitrary data being overwritten. The following products are affected: IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 prior to 6.2.0.9 IBM Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 prior to 6.2.0.9. The product provides web and federated single sign-on (SSO) capabilities to users across multiple applications. Attackers can exploit the lack of thread safety to bypass the signature verification of LTPA tokens

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures.". Adobe Flash Player is prone to multiple remote memory-corruption vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45583 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45583/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45583 RELEASE DATE: 2011-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/45583/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45583/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45583 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. 4) An integer overflow error can be exploited to corrupt memory and potentially execute arbitrary code. 6) An integer overflow error can be exploited to corrupt memory and potentially execute arbitrary code. 7) An unspecified error can be exploited to disclose certain information from another domain. 11) An integer overflow error can be exploited to corrupt memory and potentially execute arbitrary code. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor The vendor credits: 2) Yang Dingning, NCNIPC, Graduate University of Chinese Academy of Sciences 3) Wushi, Team 509 via iDefense Labs 4, 11) Vitaliy Toropov via iDefense Labs 5) Alexander Zaitsev, Positive Technologies 6, 8) An anonymous person via ZDI 7) Brandon Hardy 9) Bo Qu, Palo Alto Networks 10) Bo Qu, Palo Alto Networks and Honggang Ren, FortiGuard Labs 12) Marc Schoenefeld (Dr. rer. nat.), Red Hat Security Response Team 13) Honggang Ren, FortiGuard Labs ORIGINAL ADVISORY: Adobe (APSB11-21): http://www.adobe.com/support/security/bulletins/apsb11-21.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Workaround ========== There is no known workaround at this time. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Adobe has released updates to address these vulnerabilities. Adobe has released updates to address these vulnerabilities. II. III. Please send email to <cert@cert.org> with "TA11-222A Feedback VU#628023" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2011 by US-CERT, a government organization. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2011:1434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1434.html Issue date: 2011-11-08 CVE Names: CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2424 CVE-2011-2425 CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430 CVE-2011-2431 CVE-2011-2432 CVE-2011-2433 CVE-2011-2434 CVE-2011-2435 CVE-2011-2436 CVE-2011-2437 CVE-2011-2438 CVE-2011-2439 CVE-2011-2440 CVE-2011-2442 CVE-2011-2444 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 729497 - CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425 flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) 740201 - CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 740204 - CVE-2011-2429 acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 740388 - CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2430 acroread, flash-plugin: critical flaws fixed in APSB11-26 749381 - acroread: multiple code execution flaws (APSB11-24) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: acroread-9.4.6-1.el4.i386.rpm acroread-plugin-9.4.6-1.el4.i386.rpm x86_64: acroread-9.4.6-1.el4.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm x86_64: acroread-9.4.6-1.el5.i386.rpm acroread-plugin-9.4.6-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm x86_64: acroread-9.4.6-1.el6.i686.rpm acroread-plugin-9.4.6-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2130.html https://www.redhat.com/security/data/cve/CVE-2011-2134.html https://www.redhat.com/security/data/cve/CVE-2011-2135.html https://www.redhat.com/security/data/cve/CVE-2011-2136.html https://www.redhat.com/security/data/cve/CVE-2011-2137.html https://www.redhat.com/security/data/cve/CVE-2011-2138.html https://www.redhat.com/security/data/cve/CVE-2011-2139.html https://www.redhat.com/security/data/cve/CVE-2011-2140.html https://www.redhat.com/security/data/cve/CVE-2011-2414.html https://www.redhat.com/security/data/cve/CVE-2011-2415.html https://www.redhat.com/security/data/cve/CVE-2011-2416.html https://www.redhat.com/security/data/cve/CVE-2011-2417.html https://www.redhat.com/security/data/cve/CVE-2011-2424.html https://www.redhat.com/security/data/cve/CVE-2011-2425.html https://www.redhat.com/security/data/cve/CVE-2011-2426.html https://www.redhat.com/security/data/cve/CVE-2011-2427.html https://www.redhat.com/security/data/cve/CVE-2011-2428.html https://www.redhat.com/security/data/cve/CVE-2011-2429.html https://www.redhat.com/security/data/cve/CVE-2011-2430.html https://www.redhat.com/security/data/cve/CVE-2011-2431.html https://www.redhat.com/security/data/cve/CVE-2011-2432.html https://www.redhat.com/security/data/cve/CVE-2011-2433.html https://www.redhat.com/security/data/cve/CVE-2011-2434.html https://www.redhat.com/security/data/cve/CVE-2011-2435.html https://www.redhat.com/security/data/cve/CVE-2011-2436.html https://www.redhat.com/security/data/cve/CVE-2011-2437.html https://www.redhat.com/security/data/cve/CVE-2011-2438.html https://www.redhat.com/security/data/cve/CVE-2011-2439.html https://www.redhat.com/security/data/cve/CVE-2011-2440.html https://www.redhat.com/security/data/cve/CVE-2011-2442.html https://www.redhat.com/security/data/cve/CVE-2011-2444.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.adobe.com/support/security/bulletins/apsb11-26.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuRkFXlSAg2UNWIIRAqaIAJoC3LKpTEj6IsfoUq9JqGuHAKt3bACfcz3q 0+KSTL2IByBwtP8+xfPmUNE= =qFq6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

JP1/Performance Management - Web Console contains a cross-site scripting vulnerability.A remote attacker could execute malicious script on the affected system.

The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware before 1.20 does not properly validate users, which allows remote attackers to cause a denial of service via unspecified vectors. A remote attacker may exploit this issue to incorrectly validate a user; this may aid in further attacks. HP ProLiant SL Advanced Power Manager versions 1.10 and 1.11 are affected. A remote attacker can cause a denial of service via an unknown vector. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: HP ProLiant SL Advanced Power Manager User Validation Security Bypass Vulnerability SECUNIA ADVISORY ID: SA45521 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45521/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45521 RELEASE DATE: 2011-08-10 DISCUSS ADVISORY: http://secunia.com/advisories/45521/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45521/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45521 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP ProLiant SL Advanced Power Manager, which can be exploited by malicious people to bypass certain security restrictions. Please see the vendor's advisory for a list of affected servers. SOLUTION: Update to firmware version 1.20 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBHF02699 SSRT100592: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02950841 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02950841 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02950841 Version: 2 HPSBHF02699 SSRT100592 rev.2 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. References: CVE-2011-2405 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The firmware update is available here: http://h20565.www2.hp.com/portal/site/hpsc/public/p si/swdHome/?sp4ts.oid=4144090 HISTORY Version:1 (rev.1) - 9 August 2011 Initial release Version:2 (rev.2) - 5 November 2012 Updated firmware download URL Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlCX9J8ACgkQ4B86/C0qfVkopgCfVm8m1n+qFnsmkdaBAbRmnMSs GGcAn3paRyVM2T8MC1Y3bbLAb5NduyZT =cho3 -----END PGP SIGNATURE-----

Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03050. Very few technical details are currently available. We will update this BID as more information emerges. The product provides web and federated single sign-on (SSO) capabilities to users across multiple applications. The vulnerability can cause unknown impact and attack vectors. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45555 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45555/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45555 RELEASE DATE: 2011-08-08 DISCUSS ADVISORY: http://secunia.com/advisories/45555/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45555/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45555 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway, where some have an unknown impact while one can be exploited by malicious people to cause a DoS (Denial of Service). 1) The application bundles a vulnerable version of IBM Java. For more information: SA43295 2) Two unspecified errors related to the management console exists. 3) An unspecified error related to the runtime exists. The vulnerabilities are reported in versions prior to 6.2.0 Fix Pack 9. SOLUTION: Apply Fix Pack 9. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IV03048, IV03050, IV03074): http://www.ibm.com/support/docview.wss?uid=swg24029497 http://www.ibm.com/support/docview.wss?uid=swg24029498 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03048. Very few technical details are currently available. We will update this BID as more information emerges. The product provides web and federated single sign-on (SSO) capabilities to users across multiple applications. The vulnerability can cause unknown impact and attack vectors. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45555 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45555/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45555 RELEASE DATE: 2011-08-08 DISCUSS ADVISORY: http://secunia.com/advisories/45555/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45555/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45555 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway, where some have an unknown impact while one can be exploited by malicious people to cause a DoS (Denial of Service). 1) The application bundles a vulnerable version of IBM Java. For more information: SA43295 2) Two unspecified errors related to the management console exists. 3) An unspecified error related to the runtime exists. The vulnerabilities are reported in versions prior to 6.2.0 Fix Pack 9. SOLUTION: Apply Fix Pack 9. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IV03048, IV03050, IV03074): http://www.ibm.com/support/docview.wss?uid=swg24029497 http://www.ibm.com/support/docview.wss?uid=swg24029498 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors. Very few technical details are currently available. We will update this BID as more information emerges. The product provides web and federated single sign-on (SSO) capabilities to users across multiple applications. The vulnerability can cause unknown impact and attack vectors. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45555 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45555/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45555 RELEASE DATE: 2011-08-08 DISCUSS ADVISORY: http://secunia.com/advisories/45555/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45555/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45555 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway, where some have an unknown impact while one can be exploited by malicious people to cause a DoS (Denial of Service). 1) The application bundles a vulnerable version of IBM Java. For more information: SA43295 2) Two unspecified errors related to the management console exists. 3) An unspecified error related to the runtime exists. The vulnerabilities are reported in versions prior to 6.2.0 Fix Pack 9. SOLUTION: Apply Fix Pack 9. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IV03048, IV03050, IV03074): http://www.ibm.com/support/docview.wss?uid=swg24029497 http://www.ibm.com/support/docview.wss?uid=swg24029498 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Quicktime handles the PnSize PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit value. This value is later used as the size parameter for a memory copy function that copies from the file onto the stack. The results in a stack based buffer overflow that allows for remote code execution under the context of the current user. Apple QuickTime is prone to a stack-based buffer-overflow vulnerability because of a failure to properly bounds check user-supplied data. Successful exploits will allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts may cause denial-of-service conditions. Versions prior to QuickTime 7.7 are vulnerable. Apple QuickTime is a popular multimedia player. Apple QuickTime's handling of PnSize PICT codes is flawed. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4826 -- Disclosure Timeline: 2011-04-11 - Vulnerability reported to vendor 2011-08-08 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Matt "j00ru" Jurczyk -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing. Bugzilla is prone to the following vulnerabilities: 1. A security-bypass vulnerability. 2. An email header-injection vulnerability. 3. Multiple information-disclosure vulnerabilities. 4. Multiple cross-site scripting vulnerabilities. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, obtain sensitive information, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform actions in the vulnerable application in the context of the victim. Bugzilla is an open source defect tracking system developed by the Mozilla Foundation in the United States. It can manage the entire life cycle of defects in software development, such as submitting (new), repairing (resolve), and closing (close). Bugzilla 2.4 to 2.22.7, 3.0.x to 3.3.x, 3.4.x prior to 3.4.12, 3.5.x, 3.6.x prior to 3.6.6, 3.7.x, 4.0 prior to 4.0.2. x version, and 4.1.x versions prior to 4.1.3 have a cross-site scripting vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2322-1 security@debian.org http://www.debian.org/security/ Jonathan Wiltshire October 10, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bugzilla Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-201-2979 CVE-2010-4567 CVE-2010-4568 CVE-2010-4572 CVE-2011-0046 CVE-2011-0048 CVE-2011-2379 CVE-2011-2380 CVE-2011-2381 CVE-2011-2978 Several vulnerabilities were discovered in Bugzilla, a web-based bug tracking system. CVE-2010-4572 By inserting particular strings into certain URLs, it was possible to inject both headers and content to any browser. CVE-2010-4567, CVE-2011-0048 Bugzilla has a "URL" field that can contain several types of URL, including "javascript:" and "data:" URLs. However, it does not make "javascript:" and "data:" URLs into clickable links, to protect against cross-site scripting attacks or other attacks. It was possible to bypass this protection by adding spaces into the URL in places that Bugzilla did not expect them. Also, "javascript:" and "data:" links were *always* shown as clickable to logged-out users. CVE-2010-4568 It was possible for a user to gain unauthorized access to any Bugzilla account in a very short amount of time (short enough that the attack is highly effective). CVE-2011-0046 Various pages were vulnerable to Cross-Site Request Forgery attacks. CVE-2011-2978 When a user changes his email address, Bugzilla trusts a user-modifiable field for obtaining the current e-mail address to send a confirmation message to. If an attacker has access to the session of another user (for example, if that user left their browser window open in a public place), the attacker could alter this field to cause the email-change notification to go to their own address. This means that the user would not be notified that his account had its email address changed by the attacker. CVE-2011-2381 For flagmails only, attachment descriptions with a newline in them could lead to the injection of crafted headers in email notifications when an attachment flag is edited. CVE-2011-2379 Bugzilla uses an alternate host for attachments when viewing them in raw format to prevent cross-site scripting attacks. CVE-2011-2380 CVE-201-2979 Normally, a group name is confidential and is only visible to members of the group, and to non-members if the group is used in bugs. By crafting the URL when creating or editing a bug, it was possible to guess if a group existed or not, even for groups which weren't used in bugs and so which were supposed to remain confidential. For the oldstable distribution (lenny), it has not been practical to backport patches to fix these bugs. Users of bugzilla on lenny are strongly advised to upgrade to the version in the squeeze distribution. For the stable distribution (squeeze), these problems have been fixed in version 3.6.2.0-4.4. For the testing distribution (wheezy) and the unstable distribution (sid), the bugzilla packages have been removed. We recommend that you upgrade your bugzilla packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6TGQMACgkQXm3vHE4uylrKoACgpP8nXm2Nj6cmEPNLL5n4VVqQ cMsAoNuj8KxXmA437xUP1NZqnJrbWwFD =kZIo -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Bugzilla Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45501 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45501/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45501 RELEASE DATE: 2011-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/45501/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45501/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45501 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Bugzilla, which can be exploited by malicious, local users to gain access to potentially sensitive information and by malicious users to disclose potentially sensitive information, conduct script insertion and spoofing attacks. 1) Input passed via patch attachments is not properly sanitised before being viewed in "Raw Unified" mode. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of this vulnerability requires the victim to use Internet Explorer or Safari browsers. SOLUTION: Update to version 3.4.12, 3.6.6, or 4.1.3 (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor provides a bundled list of credits: Fr\xe9d\xe9ric Buclin Byron Jones Max Kanat-Alexander Reed Loden Neal Poole Neil Rashbrook David Lawrence ORIGINAL ADVISORY: http://www.bugzilla.org/security/3.4.11/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Background ========== Bugzilla is the bug-tracking system from the Mozilla project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/bugzilla < 3.6.6 >= 3.6.6 Description =========== Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could conduct cross-site scripting attacks, conduct script insertion and spoofing attacks, hijack the authentication of arbitrary users, inject arbitrary HTTP headers, obtain access to arbitrary accounts, disclose the existence of confidential groups and its names, or inject arbitrary e-mail headers. A local attacker could disclose the contents of temporarfy files for uploaded attachments. Workaround ========== There is no known workaround at this time. Resolution ========== All Bugzilla users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-3.6.6" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 27, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2010-2761 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2761 [ 2 ] CVE-2010-3172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3172 [ 3 ] CVE-2010-3764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3764 [ 4 ] CVE-2010-4411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4411 [ 5 ] CVE-2010-4567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4567 [ 6 ] CVE-2010-4568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4568 [ 7 ] CVE-2010-4569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4569 [ 8 ] CVE-2010-4570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4570 [ 9 ] CVE-2010-4572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4572 [ 10 ] CVE-2011-0046 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0046 [ 11 ] CVE-2011-0048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0048 [ 12 ] CVE-2011-2379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2379 [ 13 ] CVE-2011-2380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2380 [ 14 ] CVE-2011-2381 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2381 [ 15 ] CVE-2011-2976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2976 [ 16 ] CVE-2011-2977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2977 [ 17 ] CVE-2011-2978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2978 [ 18 ] CVE-2011-2979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2979 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-21f5d5f72.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers. The 'system-config-printer' package is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Successful exploits may aid in the compromise of affected computers. A vulnerability exists in pysmb.py of system-config-printer. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Red Hat update for system-config-printer SECUNIA ADVISORY ID: SA45744 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45744/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45744 RELEASE DATE: 2011-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/45744/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45744/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45744 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for system-config-printer. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1196-1: https://rhn.redhat.com/errata/RHSA-2011-1196.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: system-config-printer security update Advisory ID: RHSA-2011:1196-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1196.html Issue date: 2011-08-23 CVE Names: CVE-2011-2899 ===================================================================== 1. Summary: Updated system-config-printer packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: system-config-printer is a print queue configuration tool with a graphical user interface. It was found that system-config-printer did not properly sanitize NetBIOS and workgroup names when searching for network printers. (CVE-2011-2899) All users of system-config-printer are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Running instances of system-config-printer must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 728348 - CVE-2011-2899 system-config-printer: possible arbitrary code execution in pysmb.py due to improper escaping of hostnames 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/system-config-printer-0.6.116.10-1.6.el4.src.rpm i386: system-config-printer-0.6.116.10-1.6.el4.i386.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.i386.rpm system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm ia64: system-config-printer-0.6.116.10-1.6.el4.ia64.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.ia64.rpm system-config-printer-gui-0.6.116.10-1.6.el4.ia64.rpm ppc: system-config-printer-0.6.116.10-1.6.el4.ppc.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.ppc.rpm system-config-printer-gui-0.6.116.10-1.6.el4.ppc.rpm s390: system-config-printer-0.6.116.10-1.6.el4.s390.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.s390.rpm system-config-printer-gui-0.6.116.10-1.6.el4.s390.rpm s390x: system-config-printer-0.6.116.10-1.6.el4.s390x.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.s390x.rpm system-config-printer-gui-0.6.116.10-1.6.el4.s390x.rpm x86_64: system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/system-config-printer-0.6.116.10-1.6.el4.src.rpm i386: system-config-printer-0.6.116.10-1.6.el4.i386.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.i386.rpm system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm x86_64: system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/system-config-printer-0.6.116.10-1.6.el4.src.rpm i386: system-config-printer-0.6.116.10-1.6.el4.i386.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.i386.rpm system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm ia64: system-config-printer-0.6.116.10-1.6.el4.ia64.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.ia64.rpm system-config-printer-gui-0.6.116.10-1.6.el4.ia64.rpm x86_64: system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/system-config-printer-0.6.116.10-1.6.el4.src.rpm i386: system-config-printer-0.6.116.10-1.6.el4.i386.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.i386.rpm system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm ia64: system-config-printer-0.6.116.10-1.6.el4.ia64.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.ia64.rpm system-config-printer-gui-0.6.116.10-1.6.el4.ia64.rpm x86_64: system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-debuginfo-0.6.116.10-1.6.el4.x86_64.rpm system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/system-config-printer-0.7.32.10-1.el5_7.1.src.rpm i386: system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm system-config-printer-debuginfo-0.7.32.10-1.el5_7.1.i386.rpm system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm x86_64: system-config-printer-0.7.32.10-1.el5_7.1.x86_64.rpm system-config-printer-debuginfo-0.7.32.10-1.el5_7.1.x86_64.rpm system-config-printer-libs-0.7.32.10-1.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/system-config-printer-0.7.32.10-1.el5_7.1.src.rpm i386: system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm system-config-printer-debuginfo-0.7.32.10-1.el5_7.1.i386.rpm system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm ia64: system-config-printer-0.7.32.10-1.el5_7.1.ia64.rpm system-config-printer-debuginfo-0.7.32.10-1.el5_7.1.ia64.rpm system-config-printer-libs-0.7.32.10-1.el5_7.1.ia64.rpm ppc: system-config-printer-0.7.32.10-1.el5_7.1.ppc.rpm system-config-printer-debuginfo-0.7.32.10-1.el5_7.1.ppc.rpm system-config-printer-libs-0.7.32.10-1.el5_7.1.ppc.rpm s390x: system-config-printer-0.7.32.10-1.el5_7.1.s390x.rpm system-config-printer-debuginfo-0.7.32.10-1.el5_7.1.s390x.rpm system-config-printer-libs-0.7.32.10-1.el5_7.1.s390x.rpm x86_64: system-config-printer-0.7.32.10-1.el5_7.1.x86_64.rpm system-config-printer-debuginfo-0.7.32.10-1.el5_7.1.x86_64.rpm system-config-printer-libs-0.7.32.10-1.el5_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2899.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOU73QXlSAg2UNWIIRAtaOAJ4oVWJE3+Im60upiHPtmPVeJkRb0QCfc8tF stTz73xLpDfC+ZVI/tlNOsA= =up1e -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Siemens SIMATIC S7 series PLC Used in various industrial fields, including energy, water conservancy, oil, natural gas, chemical, building automation, and manufacturing. Attackers can use PLC Credentials to implement a command shell, the shell in some older versions of firmware S7-300 PLC Ability to access internal diagnostic functions. These ones PLC Including following integration 2009 year 10 Months ago Profinet Interface S7-300 PLC with IM15x Profinet PLC .

Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Quicktime parses Quicktime Media Link (.qtl) files. The code which parses the .qtl parameter files fails to properly validate the size of the src parameter before copying it into a fixed length stack buffer. By supplying an overly long value for the src parameter, an attacker can leverage this flaw to execute malicious code within the context of the browser. Versions prior to QuickTime 7.7 are vulnerable. These issues arise when the application handles specially crafted pict, GIF, H.264, QTL, and QuickTime files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. This BID is being retired. The following individual records exist to better document the issues: 49028 Apple QuickTime CVE-2011-0245 Pict File Buffer Overflow Vulnerability 49029 Apple QuickTime CVE-2011-0246 GIF Image Heap Buffer Overflow Vulnerability 49030 Apple QuickTime CVE-2011-0247 H.264 Movie Files Multiple Buffer Overflow Vulnerabilities 49031 Apple QuickTime ActiveX QTL File CVE-2011-0248 Stack Buffer Overflow Vulnerability 49034 Apple QuickTime CVE-2011-0249 STSC Atoms Heap Buffer Overflow Vulnerability 49035 Apple QuickTime CVE-2011-0250 STSS Atoms Heap Buffer Overflow Vulnerability 49036 Apple QuickTime CVE-2011-0251 STSZ Atoms Heap Buffer Overflow Vulnerability 49038 Apple QuickTime CVE-2011-0252 STTS Atoms Heap Buffer Overflow Vulnerability. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-08-03-1 QuickTime 7.7 QuickTime 7.7 is now available and addresses the following: QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of pict files. Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0245 : Subreption LLC working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime's handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect Mac OS X v10.7 systems. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross- site redirects. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of RIFF WAV files. Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0209 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in QuickTime's handling of sample tables in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0210 : Honggang Ren of Fortinet's FortiGuard Labs QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of audio channels in movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0211 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of JPEG files. Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0213 : Luigi Auriemma working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0246 : an anonymous contributor working with Beyond Security's SecuriTeam Secure Disclosure program QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple stack buffer overflows existed in the handling of H.264 encoded movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. These issues do not affect Mac OS X systems. Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0248 : Chkr_d591 working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime 7.7 may be obtained from the Software Update application, or from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ For Mac OS X v10.5.8 The download file is named: "QuickTime77Leopard.dmg" Its SHA-1 digest is: 0deb99cc44015af7c396750d2c9dd4cbd59fb355 For Windows 7 / Vista / XP SP3 The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: a99f61d67be6a6b42e11d17b0b4f25cd88b74dc9 QuickTime is incorporated into Mac OS X v10.6 and later. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJOOZuHAAoJEGnF2JsdZQeeNWIH/A+KRxzYTBC5nCZQ6m/sRdU0 OrauYjVbXIj1LUgMS9+I0wW4Zg7xtGBEjYBnqiuNuajP5W2+Ts8mNe75ZlEFlNto KFQI7NS/OsTrjCTR1m1sF2zvsyMKDOjviIy90+PDGKejC8c3Zu/Y8GSdZ++I4aEf J2g7BqhBDW/RFOemPGrcvr/iwu3twdkiAHeLXFCcecNCKjSUfoxXDuPd/Ege/kS7 95wsNkLjypSEuLpcmjATSXp5X58nzbUCsrQ2doPzLy1/8oWiG9XsiZznmcYlLhHg trYm+KIMdqBOQWI3uhG+3dG6l2xkJxdYNxHRHXFh78QH0NblHg9u3PmhELUBeXU= =H+iO -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45516 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45516/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45516 RELEASE DATE: 2011-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/45516/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45516/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45516 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. For more information: SA43814 SA45054 1) An error within the processing of GIF files can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted GIF file. 2) Multiple errors within the processing of H.264 files can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted file. SOLUTION: Update to version 7.7. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) An anonymous person via Beyond Security's SecuriTeam Secure Disclosure 2) Roi Mallo and Sherab Giovannini via ZDI 3) Chkr_d591 via ZDI 4 - 7) Matt 'j00ru' Jurczyk via ZDI ORIGINAL ADVISORY: http://support.apple.com/kb/HT4826 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-11-256: Apple QuickTime Media Link src Parameter Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-256 August 16, 2011 -- CVE ID: CVE-2011-0248 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11565. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4826 -- Disclosure Timeline: 2011-04-11 - Vulnerability reported to vendor 2011-08-16 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Chkr_d591 -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pict file. Versions prior to QuickTime 7.7 are vulnerable. These issues arise when the application handles specially crafted pict, GIF, H.264, QTL, and QuickTime files. Versions prior to QuickTime 7.7 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. This BID is being retired. The following individual records exist to better document the issues: 49028 Apple QuickTime CVE-2011-0245 Pict File Buffer Overflow Vulnerability 49029 Apple QuickTime CVE-2011-0246 GIF Image Heap Buffer Overflow Vulnerability 49030 Apple QuickTime CVE-2011-0247 H.264 Movie Files Multiple Buffer Overflow Vulnerabilities 49031 Apple QuickTime ActiveX QTL File CVE-2011-0248 Stack Buffer Overflow Vulnerability 49034 Apple QuickTime CVE-2011-0249 STSC Atoms Heap Buffer Overflow Vulnerability 49035 Apple QuickTime CVE-2011-0250 STSS Atoms Heap Buffer Overflow Vulnerability 49036 Apple QuickTime CVE-2011-0251 STSZ Atoms Heap Buffer Overflow Vulnerability 49038 Apple QuickTime CVE-2011-0252 STTS Atoms Heap Buffer Overflow Vulnerability. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-08-03-1 QuickTime 7.7 QuickTime 7.7 is now available and addresses the following: QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of pict files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0245 : Subreption LLC working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime's handling of JPEG2000 images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect Mac OS X v10.7 systems. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross- site redirects. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of RIFF WAV files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0209 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in QuickTime's handling of sample tables in QuickTime movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0210 : Honggang Ren of Fortinet's FortiGuard Labs QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of audio channels in movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0211 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of JPEG files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0213 : Luigi Auriemma working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0246 : an anonymous contributor working with Beyond Security's SecuriTeam Secure Disclosure program QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple stack buffer overflows existed in the handling of H.264 encoded movie files. These issues do not affect Mac OS X systems. CVE-ID CVE-2011-0247 : Roi Mallo and Sherab Giovannini working with TippingPoint's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the QuickTime ActiveX control's handling of QTL files. Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0248 : Chkr_d591 working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime 7.7 may be obtained from the Software Update application, or from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ For Mac OS X v10.5.8 The download file is named: "QuickTime77Leopard.dmg" Its SHA-1 digest is: 0deb99cc44015af7c396750d2c9dd4cbd59fb355 For Windows 7 / Vista / XP SP3 The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: a99f61d67be6a6b42e11d17b0b4f25cd88b74dc9 QuickTime is incorporated into Mac OS X v10.6 and later. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJOOZuHAAoJEGnF2JsdZQeeNWIH/A+KRxzYTBC5nCZQ6m/sRdU0 OrauYjVbXIj1LUgMS9+I0wW4Zg7xtGBEjYBnqiuNuajP5W2+Ts8mNe75ZlEFlNto KFQI7NS/OsTrjCTR1m1sF2zvsyMKDOjviIy90+PDGKejC8c3Zu/Y8GSdZ++I4aEf J2g7BqhBDW/RFOemPGrcvr/iwu3twdkiAHeLXFCcecNCKjSUfoxXDuPd/Ege/kS7 95wsNkLjypSEuLpcmjATSXp5X58nzbUCsrQ2doPzLy1/8oWiG9XsiZznmcYlLhHg trYm+KIMdqBOQWI3uhG+3dG6l2xkJxdYNxHRHXFh78QH0NblHg9u3PmhELUBeXU= =H+iO -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45516 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45516/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45516 RELEASE DATE: 2011-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/45516/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45516/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45516 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 2) Multiple errors within the processing of H.264 files can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted file. 3) An error within the QuickTime ActiveX control when processing QTL files can be exploited to cause a stack-based buffer overflow by tricking a user into visiting a malicious website. SOLUTION: Update to version 7.7. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) An anonymous person via Beyond Security's SecuriTeam Secure Disclosure 2) Roi Mallo and Sherab Giovannini via ZDI 3) Chkr_d591 via ZDI 4 - 7) Matt 'j00ru' Jurczyk via ZDI ORIGINAL ADVISORY: http://support.apple.com/kb/HT4826 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within how the application parses a frame within an H.264 encoded movie. When processing a particular set of flags of a structure, the application will use a length that is defined within the structure to copy data into a statically sized buffer on the stack. Due to the application failing to check the bounds of this length, the application will write outside the bounds of the buffer which can lead to code execution under the context of the application. Versions prior to QuickTime 7.7 are vulnerable. These issues arise when the application handles specially crafted pict, GIF, H.264, QTL, and QuickTime files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. This BID is being retired. The following individual records exist to better document the issues: 49028 Apple QuickTime CVE-2011-0245 Pict File Buffer Overflow Vulnerability 49029 Apple QuickTime CVE-2011-0246 GIF Image Heap Buffer Overflow Vulnerability 49030 Apple QuickTime CVE-2011-0247 H.264 Movie Files Multiple Buffer Overflow Vulnerabilities 49031 Apple QuickTime ActiveX QTL File CVE-2011-0248 Stack Buffer Overflow Vulnerability 49034 Apple QuickTime CVE-2011-0249 STSC Atoms Heap Buffer Overflow Vulnerability 49035 Apple QuickTime CVE-2011-0250 STSS Atoms Heap Buffer Overflow Vulnerability 49036 Apple QuickTime CVE-2011-0251 STSZ Atoms Heap Buffer Overflow Vulnerability 49038 Apple QuickTime CVE-2011-0252 STTS Atoms Heap Buffer Overflow Vulnerability. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-08-03-1 QuickTime 7.7 QuickTime 7.7 is now available and addresses the following: QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of pict files. Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0245 : Subreption LLC working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime's handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect Mac OS X v10.7 systems. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross- site redirects. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of RIFF WAV files. Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0209 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in QuickTime's handling of sample tables in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0210 : Honggang Ren of Fortinet's FortiGuard Labs QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of audio channels in movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0211 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of JPEG files. Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0213 : Luigi Auriemma working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems. These issues do not affect Mac OS X systems. CVE-ID CVE-2011-0247 : Roi Mallo and Sherab Giovannini working with TippingPoint's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the QuickTime ActiveX control's handling of QTL files. Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0248 : Chkr_d591 working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime 7.7 may be obtained from the Software Update application, or from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ For Mac OS X v10.5.8 The download file is named: "QuickTime77Leopard.dmg" Its SHA-1 digest is: 0deb99cc44015af7c396750d2c9dd4cbd59fb355 For Windows 7 / Vista / XP SP3 The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: a99f61d67be6a6b42e11d17b0b4f25cd88b74dc9 QuickTime is incorporated into Mac OS X v10.6 and later. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJOOZuHAAoJEGnF2JsdZQeeNWIH/A+KRxzYTBC5nCZQ6m/sRdU0 OrauYjVbXIj1LUgMS9+I0wW4Zg7xtGBEjYBnqiuNuajP5W2+Ts8mNe75ZlEFlNto KFQI7NS/OsTrjCTR1m1sF2zvsyMKDOjviIy90+PDGKejC8c3Zu/Y8GSdZ++I4aEf J2g7BqhBDW/RFOemPGrcvr/iwu3twdkiAHeLXFCcecNCKjSUfoxXDuPd/Ege/kS7 95wsNkLjypSEuLpcmjATSXp5X58nzbUCsrQ2doPzLy1/8oWiG9XsiZznmcYlLhHg trYm+KIMdqBOQWI3uhG+3dG6l2xkJxdYNxHRHXFh78QH0NblHg9u3PmhELUBeXU= =H+iO -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45516 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45516/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45516 RELEASE DATE: 2011-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/45516/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45516/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45516 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. For more information: SA43814 SA45054 1) An error within the processing of GIF files can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted GIF file. 3) An error within the QuickTime ActiveX control when processing QTL files can be exploited to cause a stack-based buffer overflow by tricking a user into visiting a malicious website. SOLUTION: Update to version 7.7. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) An anonymous person via Beyond Security's SecuriTeam Secure Disclosure 2) Roi Mallo and Sherab Giovannini via ZDI 3) Chkr_d591 via ZDI 4 - 7) Matt 'j00ru' Jurczyk via ZDI ORIGINAL ADVISORY: http://support.apple.com/kb/HT4826 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4826 -- Disclosure Timeline: 2011-05-12 - Vulnerability reported to vendor 2011-08-16 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Roi Mallo &amp; Sherab Giovannini -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. Versions prior to QuickTime 7.7 are vulnerable. These issues arise when the application handles specially crafted pict, GIF, H.264, QTL, and QuickTime files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. This BID is being retired. The following individual records exist to better document the issues: 49028 Apple QuickTime CVE-2011-0245 Pict File Buffer Overflow Vulnerability 49029 Apple QuickTime CVE-2011-0246 GIF Image Heap Buffer Overflow Vulnerability 49030 Apple QuickTime CVE-2011-0247 H.264 Movie Files Multiple Buffer Overflow Vulnerabilities 49031 Apple QuickTime ActiveX QTL File CVE-2011-0248 Stack Buffer Overflow Vulnerability 49034 Apple QuickTime CVE-2011-0249 STSC Atoms Heap Buffer Overflow Vulnerability 49035 Apple QuickTime CVE-2011-0250 STSS Atoms Heap Buffer Overflow Vulnerability 49036 Apple QuickTime CVE-2011-0251 STSZ Atoms Heap Buffer Overflow Vulnerability 49038 Apple QuickTime CVE-2011-0252 STTS Atoms Heap Buffer Overflow Vulnerability. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-08-03-1 QuickTime 7.7 QuickTime 7.7 is now available and addresses the following: QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of pict files. Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0245 : Subreption LLC working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime's handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect Mac OS X v10.7 systems. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross- site redirects. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of RIFF WAV files. Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0209 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in QuickTime's handling of sample tables in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0210 : Honggang Ren of Fortinet's FortiGuard Labs QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of audio channels in movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0211 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of JPEG files. Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0246 : an anonymous contributor working with Beyond Security's SecuriTeam Secure Disclosure program QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple stack buffer overflows existed in the handling of H.264 encoded movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. These issues do not affect Mac OS X systems. CVE-ID CVE-2011-0247 : Roi Mallo and Sherab Giovannini working with TippingPoint's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the QuickTime ActiveX control's handling of QTL files. Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0248 : Chkr_d591 working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems. CVE-ID CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime 7.7 may be obtained from the Software Update application, or from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ For Mac OS X v10.5.8 The download file is named: "QuickTime77Leopard.dmg" Its SHA-1 digest is: 0deb99cc44015af7c396750d2c9dd4cbd59fb355 For Windows 7 / Vista / XP SP3 The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: a99f61d67be6a6b42e11d17b0b4f25cd88b74dc9 QuickTime is incorporated into Mac OS X v10.6 and later. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJOOZuHAAoJEGnF2JsdZQeeNWIH/A+KRxzYTBC5nCZQ6m/sRdU0 OrauYjVbXIj1LUgMS9+I0wW4Zg7xtGBEjYBnqiuNuajP5W2+Ts8mNe75ZlEFlNto KFQI7NS/OsTrjCTR1m1sF2zvsyMKDOjviIy90+PDGKejC8c3Zu/Y8GSdZ++I4aEf J2g7BqhBDW/RFOemPGrcvr/iwu3twdkiAHeLXFCcecNCKjSUfoxXDuPd/Ege/kS7 95wsNkLjypSEuLpcmjATSXp5X58nzbUCsrQ2doPzLy1/8oWiG9XsiZznmcYlLhHg trYm+KIMdqBOQWI3uhG+3dG6l2xkJxdYNxHRHXFh78QH0NblHg9u3PmhELUBeXU= =H+iO -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45516 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45516/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45516 RELEASE DATE: 2011-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/45516/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45516/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45516 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 2) Multiple errors within the processing of H.264 files can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted file. 3) An error within the QuickTime ActiveX control when processing QTL files can be exploited to cause a stack-based buffer overflow by tricking a user into visiting a malicious website. SOLUTION: Update to version 7.7. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) An anonymous person via Beyond Security's SecuriTeam Secure Disclosure 2) Roi Mallo and Sherab Giovannini via ZDI 3) Chkr_d591 via ZDI 4 - 7) Matt 'j00ru' Jurczyk via ZDI ORIGINAL ADVISORY: http://support.apple.com/kb/HT4826 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSZ atoms in a QuickTime movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Quicktime handles corrupt Sample Size atoms. When the value for 'Number of Entries' in this atom differs from the 'Number of Entries' in the Time-To-Sample atom, Quicktime will fill the Atom Sample Table with uninitialized data read from memory. This can later on result in a heap overflow when the data is used to calculate a loop counter to fill a heap buffer. These issues arise when the application handles specially crafted pict, GIF, H.264, QTL, and QuickTime files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. This BID is being retired. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45516 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45516/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45516 RELEASE DATE: 2011-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/45516/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45516/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45516 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 2) Multiple errors within the processing of H.264 files can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted file. 3) An error within the QuickTime ActiveX control when processing QTL files can be exploited to cause a stack-based buffer overflow by tricking a user into visiting a malicious website. SOLUTION: Update to version 7.7. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) An anonymous person via Beyond Security's SecuriTeam Secure Disclosure 2) Roi Mallo and Sherab Giovannini via ZDI 3) Chkr_d591 via ZDI 4 - 7) Matt 'j00ru' Jurczyk via ZDI ORIGINAL ADVISORY: http://support.apple.com/kb/HT4826 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4826 -- Disclosure Timeline: 2011-04-11 - Vulnerability reported to vendor 2011-08-16 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Matt "j00ru" Jurczyk -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006 OS X Lion v10.7.2 and Security Update 2011-006 is now available and addresses the following: Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.20 to address several vulnerabilities, the most serious of which may lead to a denial of service. CVE-2011-0419 does not affect OS X Lion systems. Further information is available via the Apache web site at http://httpd.apache.org/ CVE-ID CVE-2011-0419 CVE-2011-3192 Application Firewall Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Executing a binary with a maliciously crafted name may lead to arbitrary code execution with elevated privileges Description: A format string vulnerability existed in Application Firewall's debug logging. CVE-ID CVE-2011-0185 : an anonymous reporter ATS Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: A signedness issue existed in ATS' handling of Type 1 fonts. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3437 ATS Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: An out of bounds memory access issue existed in ATS' handling of Type 1 fonts. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0229 : Will Dormann of the CERT/CC ATS Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Applications which use the ATSFontDeactivate API may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in the ATSFontDeactivate API. CVE-ID CVE-2011-0230 : Steven Michaud of Mozilla BIND Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in BIND 9.7.3 Description: Multiple denial of service issues existed in BIND 9.7.3. These issues are addressed by updating BIND to version 9.7.3-P3. CVE-ID CVE-2011-1910 CVE-2011-2464 BIND Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in BIND Description: Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3. CVE-ID CVE-2009-4022 CVE-2010-0097 CVE-2010-3613 CVE-2010-3614 CVE-2011-1910 CVE-2011-2464 Certificate Trust Policy Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1. Impact: Root certificates have been updated Description: Several trusted certificates were added to the list of system roots. Several existing certificates were updated to their most recent version. The complete list of recognized system roots may be viewed via the Keychain Access application. CFNetwork Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Safari may store cookies it is not configured to accept Description: A synchronization issue existed in CFNetwork's handling of cookie policies. Safari's cookie preferences may not be honored, allowing websites to set cookies that would be blocked were the preference enforced. This update addresses the issue through improved handling of cookie storage. CVE-ID CVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin C. Walker, and Stephen Creswell CFNetwork Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of HTTP cookies. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could incorrectly send the cookies for a domain to a server outside that domain. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook CoreFoundation Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in CoreFoundation's handling of string tokenization. This issue does not affect OS X Lion systems. This update addresses the issue through improved bounds checking. CVE-ID CVE-2011-0259 : Apple CoreMedia Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site Description: A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking. CVE-ID CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) CoreMedia Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of QuickTime movie files. These issues do not affect OS X Lion systems. CVE-ID CVE-2011-0224 : Apple CoreProcesses Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A person with physical access to a system may partially bypass the screen lock Description: A system window, such as a VPN password prompt, that appeared while the screen was locked may have accepted keystrokes while the screen was locked. This issue is addressed by preventing system windows from requesting keystrokes while the screen is locked. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-0260 : Clint Tseng of the University of Washington, Michael Kobb, and Adam Kemp CoreStorage Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Converting to FileVault does not erase all existing data Description: After enabling FileVault, approximately 250MB at the start of the volume was left unencrypted on the disk in an unused area. Only data which was present on the volume before FileVault was enabled was left unencrypted. This issue is addressed by erasing this area when enabling FileVault, and on the first use of an encrypted volume affected by this issue. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3212 : Judson Powers of ATC-NY File Systems Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information Description: An issue existed in the handling of WebDAV volumes on HTTPS servers. If the server presented a certificate chain that could not be automatically verified, a warning was displayed and the connection was closed. If the user clicked the "Continue" button in the warning dialog, any certificate was accepted on the following connection to that server. An attacker in a privileged network position may have manipulated the connection to obtain sensitive information or take action on the server on the user's behalf. This update addresses the issue by validating that the certificate received on the second connection is the same certificate originally presented to the user. CVE-ID CVE-2011-3213 : Apple IOGraphics Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: A person with physical access may be able to bypass the screen lock Description: An issue existed with the screen lock when used with Apple Cinema Displays. When a password is required to wake from sleep, a person with physical access may be able to access the system without entering a password if the system is in display sleep mode. This update addresses the issue by ensuring that the lock screen is correctly activated in display sleep mode. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3214 : Apple iChat Server Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A remote attacker may cause the Jabber server to consume system resources disproportionately Description: An issue existed in the handling of XML external entities in jabberd2, a server for the Extensible Messaging and Presence Protocol (XMPP). jabberd2 expands external entities in incoming requests. This allows an attacker to consume system resources very quickly, denying service to legitimate users of the server. This update addresses the issue by disabling entity expansion in incoming requests. CVE-ID CVE-2011-1755 Kernel Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A person with physical access may be able to access the user's password Description: A logic error in the kernel's DMA protection permitted firewire DMA at loginwindow, boot, and shutdown, although not at screen lock. This update addresses the issue by preventing firewire DMA at all states where the user is not logged in. CVE-ID CVE-2011-3215 : Passware, Inc. Kernel Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An unprivileged user may be able to delete another user's files in a shared directory Description: A logic error existed in the kernel's handling of file deletions in directories with the sticky bit. CVE-ID CVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer, and Allan Schmid and Oliver Jeckel of brainworks Training libsecurity Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: An error handling issue existed when parsing a nonstandard certificate revocation list extension. CVE-ID CVE-2011-3227 : Richard Godbee of Virginia Tech Mailman Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Mailman 2.1.14 Description: Multiple cross-site scripting issues existed in Mailman 2.1.14. These issues are addressed by improved encoding of characters in HTML output. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman- announce/2011-February/000158.html This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0707 MediaKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of disk images. These issues do not affect OS X Lion systems. CVE-ID CVE-2011-3217 : Apple Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Any user may read another local user's password data Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and Patrick Dunstan at defenseindepth.net Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An authenticated user may change that account's password without providing the current password Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3436 : Patrick Dunstan at defenceindepth.net Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A user may be able to log in without a password Description: When Open Directory is bound to an LDAPv3 server using RFC2307 or custom mappings, such that there is no AuthenticationAuthority attribute for a user, an LDAP user may be allowed to log in without a password. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin, Steven Eppler of Colorado Mesa University, Hugh Cole-Baker, and Frederic Metoz of Institut de Biologie Structurale PHP Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.6. This issue does not affect systems prior to OS X Lion. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-0226 PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in libpng 1.4.3 Description: libpng is updated to version 1.5.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in PHP 5.3.4 Description: PHP is updated to version 5.3.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. This issues do not affect OS X Lion systems. Further information is available via the PHP website at http://www.php.net/ CVE-ID CVE-2010-3436 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1466 CVE-2011-1467 CVE-2011-1468 CVE-2011-1469 CVE-2011-1470 CVE-2011-1471 postfix Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may manipulate mail sessions, resulting in the disclosure of sensitive information Description: A logic issue existed in Postfix in the handling of the STARTTLS command. After receiving a STARTTLS command, Postfix may process other plain-text commands. An attacker in a privileged network position may manipulate the mail session to obtain sensitive information from the encrypted traffic. This update addresses the issue by clearing the command queue after processing a STARTTLS command. This issue does not affect OS X Lion systems. Further information is available via the Postfix site at http://www.postfix.org/announcements/postfix-2.7.3.html CVE-ID CVE-2011-0411 python Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in python Description: Multiple vulnerabilities existed in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project. Further information is available via the python site at http://www.python.org/download/releases/ CVE-ID CVE-2010-1634 CVE-2010-2089 CVE-2011-1521 QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime's handling of movie files. This issue does not affect OS X Lion systems. This issue does not affect OS X Lion systems. This issue does not affect OS X Lion systems. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may inject script in the local domain when viewing template HTML Description: A cross-site scripting issue existed in QuickTime Player's "Save for Web" export. The template HTML files generated by this feature referenced a script file from a non-encrypted origin. An attacker in a privileged network position may be able to inject malicious scripts in the local domain if the user views a template file locally. This issue is resolved by removing the reference to an online script. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3218 : Aaron Sigel of vtty.com QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of H.264 encoded movie files. CVE-ID CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in QuickTime's handling of URL data handlers within movie files. CVE-ID CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An implementation issue existed in QuickTime's handling of the atom hierarchy within a movie file. CVE-ID CVE-2011-3221 : an anonymous researcher working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of FlashPix files. CVE-ID CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of FLIC files. CVE-ID CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative SMB File Server Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A guest user may browse shared folders Description: An access control issue existed in the SMB File Server. Disallowing guest access to the share point record for a folder prevented the '_unknown' user from browsing the share point but not guests (user 'nobody'). This issue is addressed by applying the access control to the guest user. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3225 Tomcat Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Tomcat 6.0.24 Description: Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/ CVE-ID CVE-2010-1157 CVE-2010-2227 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 CVE-2011-0534 User Documentation Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may manipulate App Store help content, leading to arbitrary code execution Description: App Store help content was updated over HTTP. This update addresses the issue by updating App Store help content over HTTPS. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3224 : Aaron Sigel of vtty.com Web Server Available for: Mac OS X Server v10.6.8 Impact: Clients may be unable to access web services that require digest authentication Description: An issue in the handling of HTTP Digest authentication was addressed. Users may be denied access to the server's resources, when the server configuration should have allowed the access. This issue does not represent a security risk, and was addressed to facilitate the use of stronger authentication mechanisms. Systems running OS X Lion Server are not affected by this issue. X11 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in libpng Description: Multiple vulnerabilities existed in libpng, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating libpng to version 1.5.4 on OS Lion systems, and to 1.2.46 on Mac OS X v10.6 systems. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 OS X Lion v10.7.2 also includes Safari 5.1.1. For information on the security content of Safari 5.1.1, please visit: http://support.apple.com/kb/HT5000 OS X Lion v10.7.2 and Security Update 2011-006 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2011-006 or OS X v10.7.2. For OS X Lion v10.7.1 The download file is named: MacOSXUpd10.7.2.dmg Its SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229 For OS X Lion v10.7 The download file is named: MacOSXUpdCombo10.7.2.dmg Its SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb For OS X Lion Server v10.7.1 The download file is named: MacOSXServerUpd10.7.2.dmg Its SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da For OS X Lion Server v10.7 The download file is named: MacOSXServerUpdCombo10.7.2.dmg Its SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a For Mac OS X v10.6.8 The download file is named: SecUpd2011-006Snow.dmg Its SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2011-006.dmg Its SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3 TFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md /BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U ZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4 sTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG 69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU= =gsvn -----END PGP SIGNATURE-----