VARIoT IoT vulnerabilities database
| VAR-200811-0316 | CVE-2008-4229 | Apple iPhone OS of Passcode Lock Race condition vulnerability |
CVSS V2: 3.7 CVSS V3: - Severity: LOW |
Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. Apple iPhone and iPod touch are prone to multiple vulnerabilities:
1. A denial-of-service vulnerability in the ImageIO module.
2. A weakness in Networking.
3. Two security-bypass vulnerabilities in the Passcode Lock functionality.
4. An information-disclosure vulnerability in the Passcode Lock functionality.
5. A memory-corruption vulnerability in Safari.
6. A spoofing vulnerability in Safari.
7. A security-bypass vulnerability in Safari.
Successfully exploiting these issues may allow attackers to execute arbitrary code, bypass security restrictions, obtain sensitive information, perform spoofing attacks, or cause denial-of-service conditions.
These issues affect the following:
iPhone OS 1.0 through 2.1
iPhone OS for iPod touch 1.1 through 2.1. The password lock function is used to prevent unauthorized startup of applications. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA32756
VERIFY ADVISORY:
http://secunia.com/advisories/32756/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple iPod touch
http://secunia.com/advisories/product/16074/
Apple iPhone
http://secunia.com/advisories/product/15128/
DESCRIPTION:
Some weaknesses, security issues, and vulnerabilities have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people to bypass certain security restrictions, disclose
potential sensitive information, conduct spoofing attacks, to cause a
DoS (Denial of Service), or potentially compromise a user's system.
1) A vulnerability in CoreGraphics can potentially be exploited to
compromise a vulnerable system.
For more information see vulnerability #3 in:
SA31326
2) Several vulnerabilities in the processing of TIFF images can
potentially be exploited to execute arbitrary code.
For more information:
SA31610
3) An error in the processing of TIFF images can cause a device
reset.
4) An unspecified error can result in the encryption level for PPTP
VPN connections to be lower than expected.
5) A signedness error in the Office Viewer component can potentially
be exploited to execute arbitrary code via a specially crafted
Microsoft Excel file.
8) A security issue can result in the content of an SMS message being
displayed when the message arrives while the emergency call screen is
shown.
9) An error in Safari when handling HTML table elements can be
exploited to cause a memory corruption and potentially execute
arbitrary code when a user visits a specially crafted web site.
10) An error in Safari when handling embedded iframe elements can be
exploited to spoof the user interface via content being displayed
outside its boundaries.
11) An error exists in Safari when launching an application while a
call approval dialog is shown. This can be exploited to call an
arbitrary number without user interaction. It is also possible to
block the user's ability to cancel the call.
12) An error in Webkit can be exploited to disclose potentially
sensitive data from form fields, although the "Autocomplete" feature
is disabled.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Michal Zalewski, Google
3) Sergio 'shadown' Alvarez, n.runs AG
4) Stephen Butler, University of Illinois
7) Nolen Scaife
9) Haifei Li of Fortinet's FortiGuard Global Security Research Team
10) John Resig, Mozilla Corporation
11) Collin Mulliner, Fraunhofer SIT
12) an anonymous researcher
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3318
OTHER REFERENCES:
SA31326:
http://secunia.com/advisories/31326/
SA31610:
http://secunia.com/advisories/31610/
SA32222:
http://secunia.com/advisories/32222/
SA32706:
http://secunia.com/advisories/32706/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0317 | CVE-2008-4230 | Apple iPhone OS of Passcode Lock In SMS Message displayed vulnerability |
CVSS V2: 1.9 CVSS V3: - Severity: LOW |
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593. Apple iPhone and iPod touch are prone to multiple vulnerabilities:
1. A denial-of-service vulnerability in the ImageIO module.
2. A weakness in Networking.
3. Two security-bypass vulnerabilities in the Passcode Lock functionality.
4. An information-disclosure vulnerability in the Passcode Lock functionality.
5. A memory-corruption vulnerability in Safari.
6. A spoofing vulnerability in Safari.
7. A security-bypass vulnerability in Safari.
Successfully exploiting these issues may allow attackers to execute arbitrary code, bypass security restrictions, obtain sensitive information, perform spoofing attacks, or cause denial-of-service conditions.
These issues affect the following:
iPhone OS 1.0 through 2.1
iPhone OS for iPod touch 1.1 through 2.1. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA32756
VERIFY ADVISORY:
http://secunia.com/advisories/32756/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple iPod touch
http://secunia.com/advisories/product/16074/
Apple iPhone
http://secunia.com/advisories/product/15128/
DESCRIPTION:
Some weaknesses, security issues, and vulnerabilities have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people to bypass certain security restrictions, disclose
potential sensitive information, conduct spoofing attacks, to cause a
DoS (Denial of Service), or potentially compromise a user's system.
1) A vulnerability in CoreGraphics can potentially be exploited to
compromise a vulnerable system.
For more information see vulnerability #3 in:
SA31326
2) Several vulnerabilities in the processing of TIFF images can
potentially be exploited to execute arbitrary code.
For more information:
SA31610
3) An error in the processing of TIFF images can cause a device
reset.
4) An unspecified error can result in the encryption level for PPTP
VPN connections to be lower than expected.
5) A signedness error in the Office Viewer component can potentially
be exploited to execute arbitrary code via a specially crafted
Microsoft Excel file.
This is related to vulnerability #10 in:
SA32222
6) A weakness exists in the handling of emergency calls, which can be
exploited to bypass the Passcode lock and call arbitrary numbers when
physical access to the device is provided.
9) An error in Safari when handling HTML table elements can be
exploited to cause a memory corruption and potentially execute
arbitrary code when a user visits a specially crafted web site.
10) An error in Safari when handling embedded iframe elements can be
exploited to spoof the user interface via content being displayed
outside its boundaries.
11) An error exists in Safari when launching an application while a
call approval dialog is shown. This can be exploited to call an
arbitrary number without user interaction. It is also possible to
block the user's ability to cancel the call.
12) An error in Webkit can be exploited to disclose potentially
sensitive data from form fields, although the "Autocomplete" feature
is disabled.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Michal Zalewski, Google
3) Sergio 'shadown' Alvarez, n.runs AG
4) Stephen Butler, University of Illinois
7) Nolen Scaife
9) Haifei Li of Fortinet's FortiGuard Global Security Research Team
10) John Resig, Mozilla Corporation
11) Collin Mulliner, Fraunhofer SIT
12) an anonymous researcher
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3318
OTHER REFERENCES:
SA31326:
http://secunia.com/advisories/31326/
SA31610:
http://secunia.com/advisories/31610/
SA32222:
http://secunia.com/advisories/32222/
SA32706:
http://secunia.com/advisories/32706/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0315 | CVE-2008-4228 | Apple iPhone OS of Passcode Lock Vulnerabilities that allow emergency calls to any number |
CVSS V2: 3.6 CVSS V3: - Severity: LOW |
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. Apple iPhone and iPod touch are prone to multiple vulnerabilities:
1. A denial-of-service vulnerability in the ImageIO module.
2. A weakness in Networking.
3. Two security-bypass vulnerabilities in the Passcode Lock functionality.
4. An information-disclosure vulnerability in the Passcode Lock functionality.
5. A memory-corruption vulnerability in Safari.
6. A spoofing vulnerability in Safari.
7. A security-bypass vulnerability in Safari.
Successfully exploiting these issues may allow attackers to execute arbitrary code, bypass security restrictions, obtain sensitive information, perform spoofing attacks, or cause denial-of-service conditions.
These issues affect the following:
iPhone OS 1.0 through 2.1
iPhone OS for iPod touch 1.1 through 2.1. The iPhone allows emergency calls while locked. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA32756
VERIFY ADVISORY:
http://secunia.com/advisories/32756/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple iPod touch
http://secunia.com/advisories/product/16074/
Apple iPhone
http://secunia.com/advisories/product/15128/
DESCRIPTION:
Some weaknesses, security issues, and vulnerabilities have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people to bypass certain security restrictions, disclose
potential sensitive information, conduct spoofing attacks, to cause a
DoS (Denial of Service), or potentially compromise a user's system.
1) A vulnerability in CoreGraphics can potentially be exploited to
compromise a vulnerable system.
For more information see vulnerability #3 in:
SA31326
2) Several vulnerabilities in the processing of TIFF images can
potentially be exploited to execute arbitrary code.
For more information:
SA31610
3) An error in the processing of TIFF images can cause a device
reset.
4) An unspecified error can result in the encryption level for PPTP
VPN connections to be lower than expected.
5) A signedness error in the Office Viewer component can potentially
be exploited to execute arbitrary code via a specially crafted
Microsoft Excel file.
8) A security issue can result in the content of an SMS message being
displayed when the message arrives while the emergency call screen is
shown.
9) An error in Safari when handling HTML table elements can be
exploited to cause a memory corruption and potentially execute
arbitrary code when a user visits a specially crafted web site.
10) An error in Safari when handling embedded iframe elements can be
exploited to spoof the user interface via content being displayed
outside its boundaries.
11) An error exists in Safari when launching an application while a
call approval dialog is shown. This can be exploited to call an
arbitrary number without user interaction. It is also possible to
block the user's ability to cancel the call.
12) An error in Webkit can be exploited to disclose potentially
sensitive data from form fields, although the "Autocomplete" feature
is disabled.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Michal Zalewski, Google
3) Sergio 'shadown' Alvarez, n.runs AG
4) Stephen Butler, University of Illinois
7) Nolen Scaife
9) Haifei Li of Fortinet's FortiGuard Global Security Research Team
10) John Resig, Mozilla Corporation
11) Collin Mulliner, Fraunhofer SIT
12) an anonymous researcher
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3318
OTHER REFERENCES:
SA31326:
http://secunia.com/advisories/31326/
SA31610:
http://secunia.com/advisories/31610/
SA32222:
http://secunia.com/advisories/32222/
SA32706:
http://secunia.com/advisories/32706/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0314 | CVE-2008-4227 | Apple iPhone OS In PPTP VPN Connection hijack vulnerability related to connection encryption |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. Apple iPhone and iPod touch are prone to multiple vulnerabilities:
1. A denial-of-service vulnerability in the ImageIO module.
2. A weakness in Networking.
3. Two security-bypass vulnerabilities in the Passcode Lock functionality.
4. An information-disclosure vulnerability in the Passcode Lock functionality.
5. A memory-corruption vulnerability in Safari.
6. A spoofing vulnerability in Safari.
7. A security-bypass vulnerability in Safari.
Successfully exploiting these issues may allow attackers to execute arbitrary code, bypass security restrictions, obtain sensitive information, perform spoofing attacks, or cause denial-of-service conditions.
These issues affect the following:
iPhone OS 1.0 through 2.1
iPhone OS for iPod touch 1.1 through 2.1. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA32756
VERIFY ADVISORY:
http://secunia.com/advisories/32756/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple iPod touch
http://secunia.com/advisories/product/16074/
Apple iPhone
http://secunia.com/advisories/product/15128/
DESCRIPTION:
Some weaknesses, security issues, and vulnerabilities have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people to bypass certain security restrictions, disclose
potential sensitive information, conduct spoofing attacks, to cause a
DoS (Denial of Service), or potentially compromise a user's system.
1) A vulnerability in CoreGraphics can potentially be exploited to
compromise a vulnerable system.
For more information see vulnerability #3 in:
SA31326
2) Several vulnerabilities in the processing of TIFF images can
potentially be exploited to execute arbitrary code.
For more information:
SA31610
3) An error in the processing of TIFF images can cause a device
reset.
4) An unspecified error can result in the encryption level for PPTP
VPN connections to be lower than expected.
5) A signedness error in the Office Viewer component can potentially
be exploited to execute arbitrary code via a specially crafted
Microsoft Excel file.
This is related to vulnerability #10 in:
SA32222
6) A weakness exists in the handling of emergency calls, which can be
exploited to bypass the Passcode lock and call arbitrary numbers when
physical access to the device is provided.
8) A security issue can result in the content of an SMS message being
displayed when the message arrives while the emergency call screen is
shown.
9) An error in Safari when handling HTML table elements can be
exploited to cause a memory corruption and potentially execute
arbitrary code when a user visits a specially crafted web site.
10) An error in Safari when handling embedded iframe elements can be
exploited to spoof the user interface via content being displayed
outside its boundaries.
11) An error exists in Safari when launching an application while a
call approval dialog is shown. This can be exploited to call an
arbitrary number without user interaction. It is also possible to
block the user's ability to cancel the call.
12) An error in Webkit can be exploited to disclose potentially
sensitive data from form fields, although the "Autocomplete" feature
is disabled.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Michal Zalewski, Google
3) Sergio 'shadown' Alvarez, n.runs AG
4) Stephen Butler, University of Illinois
7) Nolen Scaife
9) Haifei Li of Fortinet's FortiGuard Global Security Research Team
10) John Resig, Mozilla Corporation
11) Collin Mulliner, Fraunhofer SIT
12) an anonymous researcher
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3318
OTHER REFERENCES:
SA31326:
http://secunia.com/advisories/31326/
SA31610:
http://secunia.com/advisories/31610/
SA32222:
http://secunia.com/advisories/32222/
SA32706:
http://secunia.com/advisories/32706/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0011 | CVE-2008-1586 | Apple iPhone OS of ImageIO In Service operation interruption (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image. Apple iPhone and iPod touch are prone to multiple vulnerabilities:
1. A denial-of-service vulnerability in the ImageIO module.
2. A weakness in Networking.
3. Two security-bypass vulnerabilities in the Passcode Lock functionality.
4. An information-disclosure vulnerability in the Passcode Lock functionality.
5. A memory-corruption vulnerability in Safari.
6. A spoofing vulnerability in Safari.
7. A security-bypass vulnerability in Safari.
Successfully exploiting these issues may allow attackers to execute arbitrary code, bypass security restrictions, obtain sensitive information, perform spoofing attacks, or cause denial-of-service conditions.
These issues affect the following:
iPhone OS 1.0 through 2.1
iPhone OS for iPod touch 1.1 through 2.1. A memory exhaustion vulnerability exists in the way TIFF graphics are handled, and viewing specially crafted TIFF graphics may cause the device to restart unexpectedly. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA32756
VERIFY ADVISORY:
http://secunia.com/advisories/32756/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information, DoS,
System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple iPod touch
http://secunia.com/advisories/product/16074/
Apple iPhone
http://secunia.com/advisories/product/15128/
DESCRIPTION:
Some weaknesses, security issues, and vulnerabilities have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people to bypass certain security restrictions, disclose
potential sensitive information, conduct spoofing attacks, to cause a
DoS (Denial of Service), or potentially compromise a user's system.
1) A vulnerability in CoreGraphics can potentially be exploited to
compromise a vulnerable system.
For more information see vulnerability #3 in:
SA31326
2) Several vulnerabilities in the processing of TIFF images can
potentially be exploited to execute arbitrary code.
For more information:
SA31610
3) An error in the processing of TIFF images can cause a device
reset.
4) An unspecified error can result in the encryption level for PPTP
VPN connections to be lower than expected.
5) A signedness error in the Office Viewer component can potentially
be exploited to execute arbitrary code via a specially crafted
Microsoft Excel file.
This is related to vulnerability #10 in:
SA32222
6) A weakness exists in the handling of emergency calls, which can be
exploited to bypass the Passcode lock and call arbitrary numbers when
physical access to the device is provided.
8) A security issue can result in the content of an SMS message being
displayed when the message arrives while the emergency call screen is
shown.
9) An error in Safari when handling HTML table elements can be
exploited to cause a memory corruption and potentially execute
arbitrary code when a user visits a specially crafted web site.
10) An error in Safari when handling embedded iframe elements can be
exploited to spoof the user interface via content being displayed
outside its boundaries.
11) An error exists in Safari when launching an application while a
call approval dialog is shown. This can be exploited to call an
arbitrary number without user interaction. It is also possible to
block the user's ability to cancel the call.
12) An error in Webkit can be exploited to disclose potentially
sensitive data from form fields, although the "Autocomplete" feature
is disabled.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Michal Zalewski, Google
3) Sergio 'shadown' Alvarez, n.runs AG
4) Stephen Butler, University of Illinois
7) Nolen Scaife
9) Haifei Li of Fortinet's FortiGuard Global Security Research Team
10) John Resig, Mozilla Corporation
11) Collin Mulliner, Fraunhofer SIT
12) an anonymous researcher
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3318
OTHER REFERENCES:
SA31326:
http://secunia.com/advisories/31326/
SA31610:
http://secunia.com/advisories/31610/
SA32222:
http://secunia.com/advisories/32222/
SA32706:
http://secunia.com/advisories/32706/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0451 | No CVE | 3Com AP 8760 bypasses authentication, leaking passwords, and SNMP injection vulnerabilities |
CVSS V2: 8.5 CVSS V3: - Severity: HIGH |
3Com Wireless 8760 Dual-Radio 11a/b/g PoE is a wireless access router for all types of businesses. The HTTP authentication mechanism of the 3Com AP 8760 is as follows: 1. The router checks whether the credentials submitted by the user are valid. 2. If valid, the router's web interface redirects the user to a URL that is only available to authenticated administrative users. Each time an authenticated URL is accessed, no authentication data is sent in the HTTP request, including the password or session ID. The AP simply uses the administrator's source IP address as the authentication data. That is to say, the authentication status only depends on the assumption that the attacker does not know the URL after authentication and the administrator does not share the same source IP address. As long as the administrator URL is accessed from a browser with the same IP address (such as by sharing the same proxy or NAT IP address), the authentication check can be completely bypassed. If you submit a malicious request to the 3Com AP 8760 router, you may also return sensitive data, including the administrator password, on some pages. When changing the system name via SNMP, if a cross-site scripting load is injected on a page such as a login page, the administrator password can be redirected to its own site by overwriting the operational properties of the login form.
Successfully exploiting these issues will allow an attacker to obtain administrative credentials, bypass security mechanisms, or run attacker-supplied HTML and script code in the context of the web administration interface. The attacker may then be able to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible
| VAR-200901-0056 | CVE-2008-5849 | Check Point VPN-1 Intranet IP Address disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264. Check Point VPN-1 is prone to an information-disclosure weakness.
An attacker can exploit this issue to learn the IP of devices on the internal network. This may aid in further attacks. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
Checkpoint VPN-1 Information Disclosure Vulnerability
SECUNIA ADVISORY ID:
SA32728
VERIFY ADVISORY:
http://secunia.com/advisories/32728/
CRITICAL:
Not critical
IMPACT:
Exposure of system information
WHERE:
>From remote
SOFTWARE:
Check Point VPN-1/FireWall-1 NGX
http://secunia.com/advisories/product/6010/
Check Point VPN-1 UTM NGX
http://secunia.com/advisories/product/13346/
Check Point VPN-1 Power NGX
http://secunia.com/advisories/product/13348/
DESCRIPTION:
Tim Brown and Mark Lowe have reported a vulnerability in Checkpoint
VPN-1 products, which can be exploited by malicious people to
disclose certain system information.
The vulnerability is caused due to an error in the port address
translation (PAT) feature when responding with ICMP time exceeded
messages. This can be exploited to disclose e.g.
SOLUTION:
The vendor recommends to block ICMP errors.
PROVIDED AND/OR DISCOVERED BY:
Tim Brown and Mark Lowe, Portcullis Computer Security
ORIGINAL ADVISORY:
CheckPoint (Solution ID: sk36321):
https://supportcenter.checkpoint.com/supportcenter/index.jsp
Portcullis Computer Security:
http://www.portcullis.co.uk/293.php
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200902-0395 | CVE-2008-6122 | Netgear WGR614 of Web Service disruption in the management interface (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?"). NETGEAR WGR614 is prone to a denial-of-service vulnerability that occurs in the administration web interface. NETGEAR WGR614 is a small wireless broadband router. WGR614 routers have loopholes when processing malformed requests. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Netgear WGR614 Web Interface Request Denial of Service
SECUNIA ADVISORY ID:
SA32716
VERIFY ADVISORY:
http://secunia.com/advisories/32716/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
OPERATING SYSTEM:
Netgear WGR614v9
http://secunia.com/advisories/product/20525/
DESCRIPTION:
sr. has reported a vulnerability in Netgear WGR614v9, which can be
exploited by malicious people to cause a DoS (Denial of Service).
SOLUTION:
Restrict access to the web interface.
PROVIDED AND/OR DISCOVERED BY:
sr.
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065619.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0218 | CVE-2008-5041 | Sweex RO002 Router Vulnerabilities that gain access |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Successful exploitation will allow attackers to gain access to the router's web configuration interface.
RO002 Router with firmware Ts03-072 is vulnerable; other versions may be affected as well. Sweex RO002 is a broadband router mainly used in Europe. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Sweex RO002 Router Undocumented Account Security Issue
SECUNIA ADVISORY ID:
SA32623
VERIFY ADVISORY:
http://secunia.com/advisories/32623/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
OPERATING SYSTEM:
Sweex RO002 Router
http://secunia.com/advisories/product/20462/
DESCRIPTION:
Rob Stout has reported a security issue in the Sweex RO002 Router,
which can be exploited by malicious people to bypass certain security
restrictions. modify the configuration.
The security issue is reported in firmware version Ts03-072.
Reportedly, the vendor is working on a fix.
PROVIDED AND/OR DISCOVERED BY:
Rob Stout
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200908-0021 | CVE-2008-6916 | NetPort Software Comes with Siemens SpeedStream 5200 Vulnerabilities that bypass authentication |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname. Siemens SpeedStream 5200 are prone to an authentication-bypass vulnerability that may allow attackers to gain unauthorized administrative access to a router's administration interface. SpeedStream 5200 is an ADSL router suitable for small and medium enterprises. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Siemens SpeedStream 5200 "Host" Header Authentication Bypass
SECUNIA ADVISORY ID:
SA32635
VERIFY ADVISORY:
http://secunia.com/advisories/32635/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
OPERATING SYSTEM:
Siemens SpeedStream 5200
http://secunia.com/advisories/product/20486/
DESCRIPTION:
hkm has reported a vulnerability in Siemens SpeedStream 5200, which
can be exploited by malicious people to bypass certain security
restrictions.
The vulnerability is caused due to an error in the authentication
process when processing HTTP "Host" headers. This can be exploited to
bypass authentication and e.g. download the router configuration via
an HTTP request containing a wrong "Host" header.
SOLUTION:
Restrict access to the affected device.
PROVIDED AND/OR DISCOVERED BY:
hkm
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/7055
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0453 | No CVE | Siemens SpeedStream 5200 Host Header Bypass Authentication Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
SpeedStream 5200 is an ADSL router for SMEs.
The authentication process of the SpeedStream 5200 router does not properly verify the HTTP Host header. A remote attacker can bypass the authentication by sending a malicious HTTP request to download the router information.
| VAR-200811-0201 | CVE-2008-4387 | SAP AG SAPgui 'mdrmsap.dll' ActiveX Control Remote Code Execution Vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer. SAP AG SAPgui is prone to a remote code-execution vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
SAP GUI MDrmSap ActiveX Control Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA32682
VERIFY ADVISORY:
http://secunia.com/advisories/32682/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
SAP GUI 6.x
http://secunia.com/advisories/product/3337/
SAP GUI 7.x
http://secunia.com/advisories/product/16959/
DESCRIPTION:
A vulnerability has been reported in SAPgui, which can be exploited
by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error in the
bundled MDrmSap ActiveX control (mdrmsap.dll). This can be exploited
to compromise a user's system by e.g. tricking the user into visiting
a malicious website.
SOLUTION:
The vendor has reportedly issued a patch via SAP Note 1142431.
http://service.sap.com/sap/support/notes/1142431
PROVIDED AND/OR DISCOVERED BY:
Will Dormann, CERT/CC.
ORIGINAL ADVISORY:
US-CERT VU#277313:
http://www.kb.cert.org/vuls/id/277313
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0398 | CVE-2008-5230 | Of unspecified Cisco products and other vendor products TKIP Packet decryption in / Impersonation and ARP Vulnerability such as performing poisoning |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng. Wi-Fi Protected Access (WPA) Encryption Standard is prone to an encryption-bypass vulnerability that affects the Temporal Key Integrity Protocol (TKIP) key.
Attackers can exploit this issue to overcome the WPA encryption algorithm and read encrypted data sent from a wireless router to a computer. This may allow attackers to obtain potentially sensitive information; other attacks are also possible. If a remote attacker sends a specially crafted playback message, it may be easier to crack the client's packets, and then perform ARP spoofing or other attacks. Please note that this attack is not a key recovery attack. The attacker can only recover the key used to authenticate the message but not the key used to encrypt and obfuscate data, and can only use the recovered key to forge captured packets. Wen, with a window of opportunity of up to 7 attempts. Each attack can only decrypt one message, and the time spent is about 12-15 minutes
| VAR-200904-0147 | CVE-2008-6720 |
DeltaScripts PHP Links of admin/adm_login.php In SQL Injection vulnerability
Related entries in the VARIoT exploits database: VAR-E-200801-0039, VAR-E-200811-0117 |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field). DeltaScripts PHP Links is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHP Links 1.3 is vulnerable; other versions may also be affected
| VAR-200811-0138 | CVE-2008-4963 |
Cisco IOS and CatOS In VTP Interfering with service operations related to packet processing (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200811-1138 |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface configured as a trunk port. Cisco IOS and CatOS are prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause affected devices to restart, effectively denying service to legitimate users.
This issue is being tracked by Cisco Bug IDs CSCsv05934 and CSCsv11741. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
Cisco IOS / CatOS VLAN Trunking Protocol Vulnerability
SECUNIA ADVISORY ID:
SA32573
VERIFY ADVISORY:
http://secunia.com/advisories/32573/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
OPERATING SYSTEM:
Cisco Catalyst 6500 Series 12.x
http://secunia.com/advisories/product/15864/
Cisco CATOS 5.x
http://secunia.com/advisories/product/526/
Cisco CATOS 6.x
http://secunia.com/advisories/product/527/
Cisco CATOS 7.x
http://secunia.com/advisories/product/185/
Cisco CATOS 8.x
http://secunia.com/advisories/product/3564/
Cisco IOS 10.x
http://secunia.com/advisories/product/184/
Cisco IOS 11.x
http://secunia.com/advisories/product/183/
Cisco IOS 12.x
http://secunia.com/advisories/product/182/
Cisco IOS R11.x
http://secunia.com/advisories/product/53/
Cisco IOS R12.x
http://secunia.com/advisories/product/50/
Cisco IOS XR 3.x
http://secunia.com/advisories/product/4907/
DESCRIPTION:
A vulnerability has been reported in Cisco IOS/CatOS, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error in the
handling of VLAN Trunking Protocol (VTP) packets.
Successful exploitation requires that "VTP Operating Mode" is set to
"server" or "client".
SOLUTION:
Apply configuration best practices to limit exposure to exploitation
(please see the vendor advisory for details).
PROVIDED AND/OR DISCOVERED BY:
The vendor credits showrun.lee.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20081105-vtp.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200811-0092 | CVE-2008-4956 | fwb_install in fwbuilder Vulnerable to overwriting arbitrary files |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent.##### temporary file. Fwbuilder is prone to a local security vulnerability. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201201-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Firewall Builder: Privilege escalation
Date: January 23, 2012
Bugs: #235809, #285861
ID: 201201-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Insecure temporary file usage in Firewall Builder could allow attackers
to overwrite arbitrary files.
Background
==========
Firewall Builder is a GUI for easy management of multiple firewall
platforms.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-firewall/fwbuilder < 3.0.7 >= 3.0.7
Description
===========
Two vulnerabilities in Firewall Builder allow the iptables and
fwb_install scripts to use temporary files insecurely.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Firewall Builder users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-firewall/fwbuilder-3.0.7"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since March 09, 2010. It is likely that your system is
already no longer affected by this issue.
References
==========
[ 1 ] CVE-2008-4956
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4956
[ 2 ] CVE-2009-4664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4664
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201201-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-200810-0643 | CVE-2008-4309 |
net-snmp of netsnmp_create_subtree_cache Integer overflow vulnerability in functions
Related entries in the VARIoT exploits database: VAR-E-200810-0809 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. net-snmp of netsnmp_create_subtree_cache Functions include SNMP GETBULK An integer overflow vulnerability exists due to a flaw in processing requests.Crafted by a third party SNMP GETBULK Service interruption due to request (DoS) There is a possibility of being put into a state. ------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-65 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2008-11-05
Severity: 2
Type: Remote
------------------------------------------------------------------------
Summary
=======
A bug in the getbulk handling code could let anyone with even minimal
access crash the agent.
Affected packages:
Pardus 2008:
net-snmp, all before 5.4.1-7-3
net-snmptrap, all before 5.4.1-7-3
Resolution
==========
There are update(s) for net-snmp, net-snmptrap. You can update them via
Package Manager or with a single command from console:
pisi up net-snmp net-snmptrap
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=8577
* http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4309
------------------------------------------------------------------------
--
Pardus Security Team
http://security.pardus.org.tr
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. Summary
Update for Service Console package net-snmp
2. Relevant releases
VMware ESX 3.5 without patch ESX350-201002401-SG
3. Problem Description
a. Service Console package net-snmp updated
This patch updates the service console package for net-snmp,
net-snmp-utils, and net-snmp-libs to version
net-snmp-5.0.9-2.30E.28. This net-snmp update fixes a divide-by-
zero flaw in the snmpd daemon. A remote attacker could issue a
specially crafted GETBULK request that could cause the snmpd daemon
to fail.
This vulnerability was introduced by an incorrect fix for
CVE-2008-4309.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has
assigned the name CVE-2009-1887 to this issue.
Note: After installing the previous patch for net-snmp
(ESX350-200901409-SG), running the snmpbulkwalk command with the
parameter -CnX results in no output, and the snmpd daemon stops.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX ESX350-201002401-SG
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX not affected
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX 3.5
-------
ESX350-201002401-SG
http://download3.vmware.com/software/vi/ESX350-201002401-SG.zip
md5sum: a91428cb6bc2da794f581aefd5eef010
http://kb.vmware.com/kb/1017660
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1887
- -------------------------------------------------------------------------
6. Change log
2010-02-16 VMSA-2010-0003
Initial security advisory after release of patches for ESX 3.5
on 2010-02-16.
- ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2010-12-16-1 Time Capsule and AirPort Base Station
(802.11n) Firmware 7.5.2
Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 is
now available and addresses the following:
CVE-ID: CVE-2008-4309
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: A remote attacker may terminate the operation of the SNMP
service
Description: An integer overflow exists in the
netsnmp_create_subtree_cache function. By sending a maliciously
crafted SNMPv3 packet, an attacker may cause the SNMP server to
terminate, denying service to legitimate clients. By default, the
'WAN SNMP' configuration option is disabled, and the SNMP service is
accessible only to other devices on the local network. This issue is
addressed by applying the Net-SNMP patches.
CVE-ID: CVE-2009-2189
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: Receiving a large number of IPv6 Router Advertisement (RA)
and Neighbor Discovery (ND) packets from a system on the local
network may cause the base station to restart
Description: A resource consumption issue exists in the base
station's handling of Router Advertisement (RA) and Neighbor
Discovery (ND) packets. A system on the local network may send a
large number of RA and ND packets that could exhaust the base
station's resources, causing it to restart unexpectedly. This issue
is addressed by rate limiting incoming ICMPv6 packets. Credit to
Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed
Co., Shirahata Shin and Rodney Van Meter of Keio University, and
Tatuya Jinmei of Internet Systems Consortium, Inc. for reporting this
issue.
CVE-ID: CVE-2010-0039
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: An attacker may be able to query services behind an AirPort
Base Station or Time Capsule's NAT from the source IP of the router,
if any system behind the NAT has a portmapped FTP server
Description: The AirPort Extreme Base Station and Time Capsule's
Application-Level Gateway (ALG) rewrites incoming FTP traffic,
including PORT commands, to appear as if it is the source. An
attacker with write access to an FTP server inside the NAT may issue
a malicious PORT command, causing the ALG to send attacker-supplied
data to an IP and port behind the NAT. As the data is resent from the
Base Station, it could potentially bypass any IP-based restrictions
for the service. This issue is addressed by not rewriting inbound
PORT commands via the ALG. Credit to Sabahattin Gucukoglu for
reporting this issue.
CVE-ID: CVE-2009-1574
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference in racoon's handling of
fragmented ISAKMP packets may allow a remote attacker to cause an
unexpected termination of the racoon daemon. This issue is addressed
through improved validation of fragmented ISAKMP packets.
CVE-ID: CVE-2010-1804
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: A remote attacker may cause the device to stop processing
network traffic
Description: An implementation issue exists in the network bridge.
Sending a maliciously crafted DHCP reply to the device may cause it
to stop responding to network traffic. This issue affects devices
that have been configured to act as a bridge, or are configured in
Network Address Translation (NAT) mode with a default host enabled.
By default, the device operates in NAT mode, and no default host is
configured. This update addresses the issue through improved handling
of DHCP packets on the network bridge. Credit to Stefan R. Filipek
for reporting this issue.
Installation note for Firmware version 7.5.2
Firmware version 7.5.2 is installed into Time Capsule or AirPort Base
Station with 802.11n via AirPort Utility, provided with the device.
It is recommended that AirPort Utility 5.5.2 be installed before
upgrading to Firmware version 7.5.2.
AirPort Utility 5.5.2 may be obtained through Apple's Software
Download site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJNCWXyAAoJEGnF2JsdZQeevTQH/0856gTUzzmL371/nSkhn3qq
MCPQVaEMe8O/jy96nlskwzp3X0X0QmXePok1enp6QhDhHm0YL3a4q7YHd4zjm6mM
JUoVR4JJRSKOb1bVdEXqo+qG/PH7/5ywfrGas+MjOshMa3gnhYVee39N7Xtz0pHD
3ZllZRwGwad1sQLL7DhJKZ92z6t2GfHoJyK4LZNemkQAL1HyUu7Hj9SlljcVB+Ub
xNnpmBXJcCZzp4nRQM+fbLf6bdZ1ua5DTc1pXC8vETtxyHc53G/vLCu8SKBnTBlK
JmkpGwG5fXNuYLL8ArFUuEu3zhE7kfdeftUrEez3YeL2DgU9iB8m8RkuuSrVJEY=
=WPH8
-----END PGP SIGNATURE-----
.
Please note that for this to be successfully exploited, an attacker
must have read access to the SNMP server. By default, the public
community name grants read-only access, however it is recommended
that the default community name be changed in production.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
63c576c59db3887c9ff46aea999af904 2008.0/i586/libnet-snmp15-5.4.1-1.2mdv2008.0.i586.rpm
208783bde426bc2994b25eac38a2f6f6 2008.0/i586/libnet-snmp-devel-5.4.1-1.2mdv2008.0.i586.rpm
68d9b48a792253fcb647cb44b024fc6a 2008.0/i586/libnet-snmp-static-devel-5.4.1-1.2mdv2008.0.i586.rpm
837f701fa84fbf24f866332d374baea0 2008.0/i586/net-snmp-5.4.1-1.2mdv2008.0.i586.rpm
6b8e3cde829e41e882a2bbde8f70e5c0 2008.0/i586/net-snmp-mibs-5.4.1-1.2mdv2008.0.i586.rpm
9c8d0a70cd23f49af617ebd950ab913b 2008.0/i586/net-snmp-trapd-5.4.1-1.2mdv2008.0.i586.rpm
27f9666d87ad5c63a170fa515c2cfb79 2008.0/i586/net-snmp-utils-5.4.1-1.2mdv2008.0.i586.rpm
fa774042539e5fa60662ea26cf5f79bb 2008.0/i586/perl-NetSNMP-5.4.1-1.2mdv2008.0.i586.rpm
62fd3d953786bb45cc442069a9dbae14 2008.0/SRPMS/net-snmp-5.4.1-1.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
7862778bf4b9262707dae0101a051e84 2008.0/x86_64/lib64net-snmp15-5.4.1-1.2mdv2008.0.x86_64.rpm
907423d895272503d6684a7f14618a97 2008.0/x86_64/lib64net-snmp-devel-5.4.1-1.2mdv2008.0.x86_64.rpm
ba8972ac3af0a41754d7d830237be4a8 2008.0/x86_64/lib64net-snmp-static-devel-5.4.1-1.2mdv2008.0.x86_64.rpm
2f8efd6d1db501439a1da8b205c3ba4b 2008.0/x86_64/net-snmp-5.4.1-1.2mdv2008.0.x86_64.rpm
bd431f5a0c11b796223911463216d236 2008.0/x86_64/net-snmp-mibs-5.4.1-1.2mdv2008.0.x86_64.rpm
929e4b2e24137d0aed30e012d2cbee25 2008.0/x86_64/net-snmp-trapd-5.4.1-1.2mdv2008.0.x86_64.rpm
80679956f6b8e3f8095f1767d34cf7c7 2008.0/x86_64/net-snmp-utils-5.4.1-1.2mdv2008.0.x86_64.rpm
f8c2af7b036a33dbadf22498933c90b5 2008.0/x86_64/perl-NetSNMP-5.4.1-1.2mdv2008.0.x86_64.rpm
62fd3d953786bb45cc442069a9dbae14 2008.0/SRPMS/net-snmp-5.4.1-1.2mdv2008.0.src.rpm
Mandriva Linux 2008.1:
aafe61f1aaaf2e13ef051fc1d7f5ab91 2008.1/i586/libnet-snmp15-5.4.1-5.2mdv2008.1.i586.rpm
c7f2b5e4d5955a12b4df0fbf82f38544 2008.1/i586/libnet-snmp-devel-5.4.1-5.2mdv2008.1.i586.rpm
f77c410069f938ae382fbee7012a349d 2008.1/i586/libnet-snmp-static-devel-5.4.1-5.2mdv2008.1.i586.rpm
941b90ef50005b50829419575ab80ec1 2008.1/i586/net-snmp-5.4.1-5.2mdv2008.1.i586.rpm
d8d459f3213cb97b2708c37c787a7035 2008.1/i586/net-snmp-mibs-5.4.1-5.2mdv2008.1.i586.rpm
c753c1d4694d7b8c81f517c0c019accf 2008.1/i586/net-snmp-tkmib-5.4.1-5.2mdv2008.1.i586.rpm
69a0f39e0366cda18fb3cb7440adf2c8 2008.1/i586/net-snmp-trapd-5.4.1-5.2mdv2008.1.i586.rpm
825fe8ac0059480495d5f9f92b41775a 2008.1/i586/net-snmp-utils-5.4.1-5.2mdv2008.1.i586.rpm
61b88005dba39bdad7c18c2774fab3ed 2008.1/i586/perl-NetSNMP-5.4.1-5.2mdv2008.1.i586.rpm
1f73d4a19a2a0a159cdf4d1058ce17f2 2008.1/SRPMS/net-snmp-5.4.1-5.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
c4ddb52926754e188afa827365a9402d 2008.1/x86_64/lib64net-snmp15-5.4.1-5.2mdv2008.1.x86_64.rpm
b71406ffbf1fddbe11d4e23636015043 2008.1/x86_64/lib64net-snmp-devel-5.4.1-5.2mdv2008.1.x86_64.rpm
fbed296540545616ff8f248b32e7edf2 2008.1/x86_64/lib64net-snmp-static-devel-5.4.1-5.2mdv2008.1.x86_64.rpm
7e4f56fe2433fd5a80b3ec09ca801755 2008.1/x86_64/net-snmp-5.4.1-5.2mdv2008.1.x86_64.rpm
6275046a91fd1aea967f893720348f88 2008.1/x86_64/net-snmp-mibs-5.4.1-5.2mdv2008.1.x86_64.rpm
c05711a0a2a0b69652c6d19e3c883e01 2008.1/x86_64/net-snmp-tkmib-5.4.1-5.2mdv2008.1.x86_64.rpm
012b8391c5c49432d270d247e39fa64a 2008.1/x86_64/net-snmp-trapd-5.4.1-5.2mdv2008.1.x86_64.rpm
d05bc5b73d566e16b76517fdd90f968d 2008.1/x86_64/net-snmp-utils-5.4.1-5.2mdv2008.1.x86_64.rpm
d37bc36bd7a861f71fce000319904387 2008.1/x86_64/perl-NetSNMP-5.4.1-5.2mdv2008.1.x86_64.rpm
1f73d4a19a2a0a159cdf4d1058ce17f2 2008.1/SRPMS/net-snmp-5.4.1-5.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
67a289261b50a6ec4bbb74503ff15860 2009.0/i586/libnet-snmp15-5.4.2-2.1mdv2009.0.i586.rpm
c0b057998d757e7988cac2276cc16d6a 2009.0/i586/libnet-snmp-devel-5.4.2-2.1mdv2009.0.i586.rpm
340271a223791169762e826744d1aab3 2009.0/i586/libnet-snmp-static-devel-5.4.2-2.1mdv2009.0.i586.rpm
4dad88af5b12b6001adc135e54a5f94c 2009.0/i586/net-snmp-5.4.2-2.1mdv2009.0.i586.rpm
41cc69981bd2dd2886f764f46a19c326 2009.0/i586/net-snmp-mibs-5.4.2-2.1mdv2009.0.i586.rpm
84ebcf44ee0d90e956d138ecafe7a9e0 2009.0/i586/net-snmp-tkmib-5.4.2-2.1mdv2009.0.i586.rpm
d9ff03f1bb268735f27d4e70e441675a 2009.0/i586/net-snmp-trapd-5.4.2-2.1mdv2009.0.i586.rpm
7d4891eb14e73c8f53cd7bee93dcab4b 2009.0/i586/net-snmp-utils-5.4.2-2.1mdv2009.0.i586.rpm
66d9db711d7064d6326c50414ffe945b 2009.0/i586/perl-NetSNMP-5.4.2-2.1mdv2009.0.i586.rpm
142a9d0f6b5b895e50c93f66dd112459 2009.0/SRPMS/net-snmp-5.4.2-2.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
d9b76860696183041c5431b28c133d79 2009.0/x86_64/lib64net-snmp15-5.4.2-2.1mdv2009.0.x86_64.rpm
3868b49eec570997ec1bce4603fdb5b1 2009.0/x86_64/lib64net-snmp-devel-5.4.2-2.1mdv2009.0.x86_64.rpm
fde92f379f3e6f5d8e3cd307e0d3866d 2009.0/x86_64/lib64net-snmp-static-devel-5.4.2-2.1mdv2009.0.x86_64.rpm
1265e20f1d23728a740ce3e23f6df279 2009.0/x86_64/net-snmp-5.4.2-2.1mdv2009.0.x86_64.rpm
e799c8dbd928539d2993f3a4268cf4fc 2009.0/x86_64/net-snmp-mibs-5.4.2-2.1mdv2009.0.x86_64.rpm
f34b37e106fe535c6262c0a20824cb71 2009.0/x86_64/net-snmp-tkmib-5.4.2-2.1mdv2009.0.x86_64.rpm
dc838be5485af308d3f560dd3dd23845 2009.0/x86_64/net-snmp-trapd-5.4.2-2.1mdv2009.0.x86_64.rpm
66be00a8327d9e0b9fcd4fb22829fd85 2009.0/x86_64/net-snmp-utils-5.4.2-2.1mdv2009.0.x86_64.rpm
b22b8c100f8b74be46f87cd9e33bdee3 2009.0/x86_64/perl-NetSNMP-5.4.2-2.1mdv2009.0.x86_64.rpm
142a9d0f6b5b895e50c93f66dd112459 2009.0/SRPMS/net-snmp-5.4.2-2.1mdv2009.0.src.rpm
Corporate 4.0:
e830fee5189a6d99235f8b5465cf1cf8 corporate/4.0/i586/libnet-snmp5-5.2.1.2-5.3.20060mlcs4.i586.rpm
a2b4e29f175d2f9cc0ad8709edbbbd87 corporate/4.0/i586/libnet-snmp5-devel-5.2.1.2-5.3.20060mlcs4.i586.rpm
741b5e8a9a8ecaf6f4a2d4849e45bd2f corporate/4.0/i586/libnet-snmp5-static-devel-5.2.1.2-5.3.20060mlcs4.i586.rpm
94da62fa6bdc660c23e308111f73665e corporate/4.0/i586/net-snmp-5.2.1.2-5.3.20060mlcs4.i586.rpm
373a8f3e0bffea791d866c35dab6f2fa corporate/4.0/i586/net-snmp-mibs-5.2.1.2-5.3.20060mlcs4.i586.rpm
002e256aa1c2b0179894f0df8e10e70e corporate/4.0/i586/net-snmp-trapd-5.2.1.2-5.3.20060mlcs4.i586.rpm
23ccf736576e9002e84c09db16953ee6 corporate/4.0/i586/net-snmp-utils-5.2.1.2-5.3.20060mlcs4.i586.rpm
13dc4a180a0be9c5afe36168278ffdf3 corporate/4.0/i586/perl-NetSNMP-5.2.1.2-5.3.20060mlcs4.i586.rpm
d9cfd05c0de2b6891761627579ccc1d8 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
7095df865e54764c051f10040b4de25d corporate/4.0/x86_64/lib64net-snmp5-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
96a8dbf8ec18e76e4fddf52b2d19b93d corporate/4.0/x86_64/lib64net-snmp5-devel-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
9af9807629580025cc1cdaba78826153 corporate/4.0/x86_64/lib64net-snmp5-static-devel-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
91d6d06059463804ae085bf42a702132 corporate/4.0/x86_64/net-snmp-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
47e44f0f67b04eae0c63ab9fc6636f10 corporate/4.0/x86_64/net-snmp-mibs-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
478577d14048824ef556371e43892f0e corporate/4.0/x86_64/net-snmp-trapd-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
2766c681f5366ac9e9bfa74ff7388bd5 corporate/4.0/x86_64/net-snmp-utils-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
4ea12420b159bcecc5d7b2cef2bdeb8b corporate/4.0/x86_64/perl-NetSNMP-5.2.1.2-5.3.20060mlcs4.x86_64.rpm
d9cfd05c0de2b6891761627579ccc1d8 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01820968
Version: 1
HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux (ICE-LX) Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS), and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-08-12
Last Updated: 2009-08-12
Potential Security Impact: Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS), and Other Vulnerabilities.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with Insight Control Suite For Linux (ICE-LX). The vulnerabilities could be remotely exploited to allow Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS) and other vulnerabilities.
References: CVE-2009-2677, CVE-2009-0590, CVE-2009-1272, CVE-2008-5161, CVE-2008-4309, CVE-2008-1720
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Insight Control Suite For Linux (ICE-LX) v2.10 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-2677 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.4
CVE-2009-0590 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2009-1272 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2008-5161 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6
CVE-2008-4309 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2008-1720 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following updated product kit available to resolve the vulnerabilities. The HP ICE-LX v2.11 kit is available as described below.
The update file is HP_ICE_LX_V2.11_511708_004.iso which can be downloaded from here: https://h20392.www2.hp.com/portal/swdepot/try.do?productNumber=HPICELX
The kit can also be obtained by going to http://www.hp.com/go/ice-lx
Open Source packages updated in this version (v2.11) of ICE-LX
net-snmp-5.4.2.1
php 5.2.9
rsync 3.0.5
openssh 5.2 p1
openssl-0.9.8k
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) 12 August 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (HP-UX)
iEYEARECAAYFAkqDHSwACgkQ4B86/C0qfVmS0QCg0h5MSGfJD8lU0FMxByIbcrjY
KQIAn1cPRhsjlq9Ilp0pQvrO7uPbyMVH
=zsBZ
-----END PGP SIGNATURE-----
. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0960
Wes Hardaker reported that the SNMPv3 HMAC verification relies on
the client to specify the HMAC length, which allows spoofing of
authenticated SNMPv3 packets.
CVE-2008-2292
John Kortink reported a buffer overflow in the __snprint_value
function in snmp_get causing a denial of service and potentially
allowing the execution of arbitrary code via a large OCTETSTRING
in an attribute value pair (AVP).
For the stable distribution (etch), these problems has been fixed in
version 5.2.3-7etch4.
For the testing distribution (lenny) and unstable distribution (sid)
these problems have been fixed in version 5.4.1~dfsg-11.
We recommend that you upgrade your net-snmp package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.diff.gz
Size/MD5 checksum: 94030 2ccd6191c3212980956c30de392825ec
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.dsc
Size/MD5 checksum: 1046 8018cc23033178515298d5583a74f9ff
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3.orig.tar.gz
Size/MD5 checksum: 4006389 ba4bc583413f90618228d0f196da8181
Architecture independent packages:
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.2.3-7etch4_all.deb
Size/MD5 checksum: 1214368 d579d8f28f3d704b6c09b2b480425086
http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.2.3-7etch4_all.deb
Size/MD5 checksum: 855594 b5ccd827adbcefcca3557fa9ae28cc08
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 2169470 265835564ef2b0e2e86a08000461c53b
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 944098 5b903886ee4740842715797e3231602c
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 1901802 5486eb1f2a5b076e5342b1dd9cbb12e2
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 933202 e3210ba1641079e0c3aaf4a50e89aedd
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 835584 b14db8c5e5b5e2d34799952975f903fb
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 932008 fc79672bf64eaabd41ed1c2f4a42c7da
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 1890766 ae3832515a97a79b31e0e7f0316356ee
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 835088 62867e9ba9dfca3c7e8ae575d5a478f5
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 918844 d2d1bc5f555bc9dba153e2a9a964ffbf
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 1557924 5c2a33a015dd44708a9cc7602ca2525c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 909974 4c1cef835efc0b7ff3fea54a618eabee
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 835284 3ac835d926481c9e0f589b578455ddee
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 928252 b98e98b58c61be02e477185293427d5c
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 1778292 b903adf3d1fa6e7a26f7cafb7bffdd6b
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 1344158 78b6cf6b2974983e8e3670468da73cd1
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 835940 9eeaf116e386dd7733ab2106c662dfa9
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 1809132 78bb5f1c12b004d32fa265e6bd99ffa1
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 1926116 71c7f3095ffe1bb22e84ade21f32b3a4
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 935434 85deac8531b02a0fdf3c9baa21d8e4bd
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 935640 958cb158264f75772864cd5d5c0bf251
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 1423294 f05c7491a8100684c5085588738f05b5
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 833970 cb705c9fe9418cc9348ac935ea7b0ba2
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 920070 3df41a0c99c41d1bccf6801011cf8ed5
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 925914 159b4244ef701edbe0fb8c9685b5b477
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 1838900 3b7ac7b8fe0da1a3909ee56aba46d464
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 2205680 6868a56b1db04627e6921bf7237939a2
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 970440 783f0cccabfbcc63590730b3803d164d
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 2281114 fd04b505755a3aed0fe4c9baaac84500
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 842690 9f9ca89c3d3ba7c46481e9cd39c242a6
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 962854 c8a32f808d719357a5b6350e2b60794e
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 895414 5dd919d188291cb3727d39b5e06c9e26
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 927342 28c245db4d8ea82ba4075b27d674d72a
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 833182 0e0b21e13d77de82bed7a38d30f65e4b
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 1769524 24bdc73a3d20c4046c7741957442c713
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 1717562 977ae5c34a127d32d8f2bf222de9a431
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 1755032 cab5c112911465a9ce23a0d2ea44ded9
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 926616 2bf14a3fe74d9f2a523aacc8b04f5282
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 895194 b7c9ed37bf83ad92371f5472ac5d917b
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 833098 08b63ba6c3becf25ba2f941a532a7b71
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 1720642 1ff7568eb478edee923edb76cf42e9ac
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 941434 bbac9384bd7f88339e2b86fa665208c1
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 835212 4790d79f8de7f1bee7aabf0473f25268
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 1657890 b91fcf52e80c7196cea0c13df9ac79ef
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 1803262 4d298c9509941390c7b2eb68320ad211
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 928170 b17966a6a61313344ac827b58f32eeef
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 1409718 2a128cbdce2522ef49604255cff41af2
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 931452 d3bb7c3a849cd2b35fa6e4acb19c318d
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 1834914 67e5b946df18b06b41b3e108d5ddc4e3
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 836102 7a4b85e8ea0e50d7213997b5f7d6309f
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 903864 3f80e78e4e2672aacf3da0690ff24b79
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 925336 5824ea607689f3f1bd62a9e6e28f95ae
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 1548630 1378d1cf730d3026bc1f01a4ab2ccedb
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 918592 28a086f6aa2ee8d510b38c1a177843fc
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 834186 068cbf2b4774ecf9504b820db26e6f1d
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 1782014 d39fae5fe0d1397a2a1bd7397d6e850a
These files will probably be moved into the stable distribution on
its next update. ===========================================================
Ubuntu Security Notice USN-685-1 December 03, 2008
net-snmp vulnerabilities
CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libsnmp-perl 5.2.1.2-4ubuntu2.3
libsnmp9 5.2.1.2-4ubuntu2.3
Ubuntu 7.10:
libsnmp-perl 5.3.1-6ubuntu2.2
libsnmp10 5.3.1-6ubuntu2.2
Ubuntu 8.04 LTS:
libsnmp-perl 5.4.1~dfsg-4ubuntu4.2
libsnmp15 5.4.1~dfsg-4ubuntu4.2
Ubuntu 8.10:
libsnmp15 5.4.1~dfsg-7.1ubuntu6.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Wes Hardaker discovered that the SNMP service did not correctly validate
HMAC authentication requests. An unauthenticated remote attacker
could send specially crafted SNMPv3 traffic with a valid username
and gain access to the user's views without a valid authentication
passphrase. (CVE-2008-0960)
John Kortink discovered that the Net-SNMP Perl module did not correctly
check the size of returned values. If a user or automated system were
tricked into querying a malicious SNMP server, the application using
the Perl module could be made to crash, leading to a denial of service.
This did not affect Ubuntu 8.10. (CVE-2008-2292)
It was discovered that the SNMP service did not correctly handle large
GETBULK requests. (CVE-2008-4309)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.3.diff.gz
Size/MD5: 75402 9655d984a47cec8e27efa4db0b227870
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.3.dsc
Size/MD5: 838 17a17230a005c1acfd0569757e728fad
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2.orig.tar.gz
Size/MD5: 3869893 34159770a7fe418d99fdd416a75358b1
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.2.1.2-4ubuntu2.3_all.deb
Size/MD5: 1152306 f7647cee4df8db87ab48c0d05635a973
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.2.1.2-4ubuntu2.3_all.deb
Size/MD5: 822946 b9b852c188937d1fffc06d4da01325d5
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 896620 a78012b3f0f13667081f97dc1a4d62e8
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 1497194 7d55b8d1e4ae0c45753bedcf536a1a5a
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 1826252 0550c1401f9bbe5f345fd96484ed369c
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 889330 5ad0ddb2c610973166e4dd07769ba3d3
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 797086 18cf4210342b683d3ee24fe995329b55
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 896880 298d27ea1ece6e80bb8931b9a5e61961
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 1268472 acbca43ab7ea747fa3e4636d15ef997c
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 1710342 bd27290685bcf1d6a23eb8705d3367e7
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 881838 58121bd9e4c845da7df4e540645e0e13
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 794672 221d1c554bd89f50dc3ac9108a6cef6b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 913064 45a033b01c4b31ef90a92988bb5fb229
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 1590124 b62aa5477d9307d311c811298b7ec3d9
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 1728094 5214ce9aebe3a8d7a28a1746a81ce8ea
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 898580 86e6c1b5dfb5bf91f63d7c6786b7abae
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 796092 1bab28407224f782b2c3ae04b4647333
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 896832 3d233db9682d5654fdad6bc6b5a649ba
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 1485268 064304ead0ca4653136376e8e9039e74
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 1706490 cb76027eb8167e0866a81b93a4da28ed
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 883182 d1ffc12427d92be51efdba3349e74f9a
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 796374 0f3f749ebe4af6111fe49316639004e4
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1-6ubuntu2.2.diff.gz
Size/MD5: 94646 8b6f9380d9f8c5514a1d4db729c6df04
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1-6ubuntu2.2.dsc
Size/MD5: 1287 f53866efd3ae4f3c939a77b1005e1f11
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1.orig.tar.gz
Size/MD5: 4210843 360a9783dbc853bab6bda90d961daee5
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.3.1-6ubuntu2.2_all.deb
Size/MD5: 484306 f2d03276d1cdcef7e8b276ad8ca9595d
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.3.1-6ubuntu2.2_all.deb
Size/MD5: 901284 6889b371d4de92eb61bf83b89d8a8c37
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 2541692 1e6de4bd3c3baa444a2e1980a593a40e
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 968940 7efe4bdcb99f311f1c4bb2c3b9d24a4e
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 1200930 821861c24499cfdfa2a82c329c610c16
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 996572 00cc1a4c8c7924124984e666563e73d0
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 908792 a40763280a3bdbe60eca5e07c5d6c30c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 2321524 59d44616802197e1227cf88abddefe36
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 967106 a6e5b308d889bdf6f5abe454e35ba474
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 1124462 ec99daa26d0fafba6e9f0b874a23bf3d
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 991956 cb20b6a4d68a858ffa0846431169d411
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 907546 1ab5119e23a16e99203c113d49fc2723
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 2305548 da57690a3327196e0c3684735be23f2e
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 968984 8da336a5fd871be10e6b8d66d3b9c9d3
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 1074500 e4d6690a6a6a543fc0244a29cd350c9b
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 989566 2d2f4b1662e6a2dffafe8e98f00a15e7
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 907596 4274e006754ebc836132166e0f0429a0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 2641202 9b2ec56463ee715752b780aa332d8cd0
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 985722 a2fca8426b7b51e98c39b91a468bf71f
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 1154496 6073239f7ffead2a5b9c3357ada1602c
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 1018596 af12cc55597a0d2d3a92b4b5d683bb14
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 911866 57e2246930e712bdc1b039840d43af48
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 2527568 19b1a0971259a9b99f9c0386f5935bfc
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 970264 d8ae7f0bb10375ad487b14ba031cd013
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 1078842 2401fc4c40352b8c8013e8c5de3b0ecd
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 995228 16b230d3c718d8eb4a023126bd09d7f5
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 908708 1e410a8ddac41ad9faec901c5a638f29
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-4ubuntu4.2.diff.gz
Size/MD5: 78642 b4acf50e47be498e579b934f32081d25
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-4ubuntu4.2.dsc
Size/MD5: 1447 0abcea5df87851df2aae7ebd1fc00e7a
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg.orig.tar.gz
Size/MD5: 4618308 0ef987c41d3414f2048c94d187a2baeb
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-4ubuntu4.2_all.deb
Size/MD5: 526864 f3a131bf5a4f5c547573430cb66d410c
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.4.1~dfsg-4ubuntu4.2_all.deb
Size/MD5: 102072 2f276f50efdb7e34f7e61f132f7f7cd7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 1796950 283c5a95206ab74062e0e30eba4e0890
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 142522 9fff294368a7eac39e37fa478ac6609d
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 1296694 d0646a1543c51f14a93b40f972bc1569
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 163178 0378a25e3b2a0bc80ddb8ec720b5557d
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 75960 fcba461f2e2376cad515329791e04a17
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 38512 21d9ecbc86a8e5965047d027e94fd324
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 1556806 39e4f63b841c4b36c022017d66c12f58
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 179478 5f08596ae997792920e238ff8cd2a7ba
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 1098794 38bc61a5b403fb4f626a641a5f13e681
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 157954 66e38c37639f3c68e7e4a933fa953ff3
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 74116 50b3a4d0cfd38585d2711d30cf725e9d
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 75038 98cdeec4b1014568b00107a82fc74418
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 1552018 d9dcab084f3b9bf3e8c36cb5db8f141e
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 141508 96061180809cccc975e0d7079e07ed3e
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 1171530 2d91048fe0a2ac9e3a4fddb84c67513e
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 155564 c67ba3aeb2535ee3e7fc4c89e90ba36a
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 74274 db05202893f516398bbe4e2153ef2d6e
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 35552 a75caf212ffb5a0eafe4ba2656c9aae1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 1874428 0ed8b5f4e6bad74d506d73447de00bd2
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 158374 dfcd7c4455b4bbd3f746368058d09a59
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 1238226 b5b3a81e956cdb14674d571694d1b6d0
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 185314 5e9d8bd56493f75ae8a8691c530aa420
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 83106 75dea32ec7152b7868fabf09d9d5a198
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 42928 214fe703fced2e387b48b51dcbb1d6b7
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 1760062 ade4c08289d947d092a5b2ab06517cc7
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 143860 62b7260d618531b0ed5e7871ab7b99a9
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 1159702 28ea81660bbdd9d7982be58d225e8814
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 160236 196e493ce73905446a3764e73b99f332
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 75518 f24e4b0e3e4a7d97c28da99cdc0a47a5
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 38240 873f5e820e381ec2254ed520bcd09af0
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1ubuntu6.1.diff.gz
Size/MD5: 82260 85fb58aa81933f142bd937bca2e18341
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1ubuntu6.1.dsc
Size/MD5: 1956 1ee06f6b731eae435af6a2d438ef909b
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg.orig.tar.gz
Size/MD5: 4618308 0ef987c41d3414f2048c94d187a2baeb
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-7.1ubuntu6.1_all.deb
Size/MD5: 527650 9c56f3d70018b714895a61c0daba9498
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.4.1~dfsg-7.1ubuntu6.1_all.deb
Size/MD5: 103060 108eb50387ca46b4ee38ebb8722ced88
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 1815638 82385081fe2d4eeb1a6c94f9dae672ad
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 146154 1b6249e02e89213f2f4d2aa9c9123420
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 1315628 8443e091f2c63485a422236ad23e55cd
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 165522 154a05824b98e041ceac60ac83709ef4
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 77914 8d6e328f309e78bf1fcf21c2633d82ec
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 39930 6b7a1a67ca63b5c843ce66f3547b3c89
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 1569568 dd0599b150eccee9889325d17a7b0769
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 184264 52a54aebef81648164a5bc90f27b0cc5
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 1119072 10c81fe283b25e7ad31fcfd88a2325f0
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 156112 6296f0836bc9797ff48810c79965c3a5
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 74476 bd96a6915eb97fed083aac4daa5f07cf
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 77652 3e30e51c362dfa982a3b3197be081328
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 1557614 065f4575c7a2d257fa6b5b9d0cee454f
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 144292 b55f2c4aff8a86499d7f38fd6e773f44
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 1184272 84116fefdce279ce338ffc9614384c06
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 154444 ffe9e765a01695355bdb58008a2910f5
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 73746 762e75672fbd395d2d159513f5d572b0
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 36530 0a98b51b94a5f75d4131d657aa766579
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 1884632 a3ad023841ee605efa1e055712b44d9a
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 161074 5586adea8200d2d5bf81f288b5bf7be2
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 1249636 48ec688499fea1dc0ccb3091c0158fb8
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 181952 8ef5f6b9b6c6b8e4fcd5cb37147304a2
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 81802 965218126fb5a49cfcd9e20afeb49782
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 43048 09f2f9ed9f519ca5723411802e46d48b
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 1759316 46455cc355c1b808243eada0f134d00b
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 145164 2cdb5b35db853c7c184a44022fc23cd8
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 1159834 cfff424e5bff38bb3ef9419f03465388
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 163042 354f7a5423a34c411c5f8620c66d3e58
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 76994 ca11bcf9a411f618e35e1d6b6ab8c8f9
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 38526 172493ec5df1866e2633e074c7f38775
| VAR-200811-0097 | CVE-2008-4918 | SonicWALL Pro 2040 Used in SonicWALL SonicOS Enhanced Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking.". This vulnerability allows remote attackers to execute a script injection attack on arbitrary sites through vulnerable installations of SonicWALL. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious web link.The specific flaw exists in the default error page displayed when a user requests access to a web site that is blocked based on the devices content-filtering rules. Insufficient sanity checks allow an attacker to craft a URL that will trigger an error and simultaneously inject a malicious script. As the browser is unable to differentiate between content delivered from the original top level site requested and the inline device, the script injection occurs under the context of the target domain. This can result in various further compromise. SonicWALL Content Filtering is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input when displaying URI address data in a blocked-site error page.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of an arbitrary site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to SonicWALL Content Filtering on SonicOS Enhanced 4.0.1.1 are vulnerable. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
SonicWALL Products Content Filtering Service Cross-Site Scripting
SECUNIA ADVISORY ID:
SA32498
VERIFY ADVISORY:
http://secunia.com/advisories/32498/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
OPERATING SYSTEM:
SonicWALL TZ Series
http://secunia.com/advisories/product/4882/
SonicWALL Pro Series
http://secunia.com/advisories/product/232/
DESCRIPTION:
A vulnerability has been reported in various SonicWALL products,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Input passed via a URL is not properly sanitised before being
returned in a Content Filtering Service message that a site is
blocked.
SOLUTION:
Update to SonicOS version 4.0.1.1 or later.
PROVIDED AND/OR DISCOVERED BY:
Adrian Pastor, reported via ZDI
ORIGINAL ADVISORY:
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-070/
SonicWALL:
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ZDI-08-070: SonicWALL Content-Filtering Universal Script Injection
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-070
October 30, 2008
-- Affected Vendors:
SonicWALL
-- Affected Products:
SonicWALL Pro 2040
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 2023, 3886.
-- Vendor Response:
SonicWALL has issued an update to correct this vulnerability. More
details can be found at:
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
-- Disclosure Timeline:
2008-06-25 - Vulnerability reported to vendor
2008-10-30 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Adrian 'pagvac' Pastor | GNUCITIZEN | www.gnucitizen.org
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is being sent by 3Com for the sole use of the intended recipient(s) and
may contain confidential, proprietary and/or privileged information.
Any unauthorized review, use, disclosure and/or distribution by any
recipient is prohibited. If you are not the intended recipient, please
delete and/or destroy all copies of this message regardless of form and
any included attachments and notify 3Com immediately by contacting the
sender via reply e-mail or forwarding to 3Com at postmaster@3com.com
| VAR-200810-0196 | CVE-2008-3815 | Cisco PIX/ASA In VPN Vulnerability that bypasses authentication |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. Cisco PIX and ASA is prone to an authentication-bypass vulnerability.
Remote attackers can exploit this issue to gain unauthorized access to the affected devices. Successfully exploiting this issue will lead to other attacks.
This issue is being monitored by Cisco Bug ID CSCsj25896. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services.
SOLUTION:
Update to fixed versions (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. This security
advisory outlines details of these vulnerabilities:
* Windows NT Domain Authentication Bypass Vulnerability
* IPv6 Denial of Service Vulnerability
* Crypto Accelerator Memory Leak Vulnerability
Note: These vulnerabilities are independent of each other. A device may
be affected by one vulnerability and not affected by another.
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml.
Affected Products
=================
Vulnerable Products
+------------------
The following are the details about each vulnerability described within
this advisory. Devices that are
using any other type of external authentication (that is, LDAP, RADIUS,
TACACS+, SDI, or local database) are not affected by this vulnerability.
The following example demonstrates how Windows NT domain authentication
is configured using the command line interface (CLI) on the Cisco ASA:
aaa-server NTAuth protocol nt
aaa-server NTAuth (inside) host 10.1.1.4
nt-auth-domain-controller primary1
Alternatively, to see if a device is configured for Windows NT Domain
authentication use the
"show running-config | include nt-auth-domain-controller"
command.
This vulnerability does not affect devices configured only for IPv4.
Note: IPv6 functionality is turned off by default.
IPv6 is enabled on the Cisco ASA and Cisco PIX security appliance
using the "ipv6 address" interface command. To verify if a device
is configured for IPv6 use the "show running-config | include ipv6"
command.
Alternatively, you can display the status of interfaces configured for
IPv6 using the show ipv6 interface command in privileged EXEC mode, as
shown in the following example:
hostname# show ipv6 interface brief
outside [up/up]
unassigned
inside [up/up]
fe80::20d:29ff:fe1d:69f0
fec0::a:0:0:a0a:a70
dmz [up/up]
unassigned
In this example, the "outside" and "dmz" interfaces are not configured
for IPv6.
Crypto Accelerator Memory Leak Vulnerability
+-------------------------------------------
Cisco ASA security appliances may experience a memory leak that can be
triggered by a series of crafted packets. This memory leak occurs in the
initialization code for the hardware crypto accelerator. Devices that
are running software versions in the 8.0.x release are vulnerable.
Note: Cisco ASA appliances that are running software versions in the
7.0, 7.1, and 7.2 releases are not vulnerable.
Determination of Software Versions
+---------------------------------
The "show version" command-line interface (CLI) command can be used to
determine whether a vulnerable version of the Cisco PIX or Cisco ASA
software is running. The following example shows a Cisco ASA Security
Appliance that runs software release 8.0(4):
ASA# show version
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.0(1)
[...]
Customers who use the Cisco Adaptive Security Device Manager (ASDM) to
manage their devices can find the version of the software displayed in
the table in the login window or in the upper left corner of the ASDM
window.
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco Firewall Services Module (FWSM) is not affected by any of
these vulnerabilities. Cisco PIX security appliances running versions
6.x are not vulnerable. No other Cisco products are currently known to
be affected by these vulnerabilities.
Details
=======
This Security Advisory describes multiple distinct vulnerabilities.
These vulnerabilities are independent of each other. NT Domain authentication is supported only for remote
access VPNs. Devices that are running software version
7.2(4)9 or 7.2(4)10 and configured for IPv6 may be vulnerable. This
vulnerability does not affect devices that are configured only for IPv4.
Note: Devices that are running software versions in the 7.0, 7.1, 8.0,
and 8.1 releases are not vulnerable.
To configure IPv6 on a Cisco ASA or Cisco PIX security appliance, at a
minimum, each interface needs to be configured with an IPv6 link-local
address. Additionally, you can add a global address to the interface.
Note: Only packets that are destined to the device (not transiting the
device) may trigger the effects of this vulnerability. These packets
must be destined to an interface configured for IPv6.
Crypto Accelerator Memory Leak Vulnerability
+-------------------------------------------
The Cisco ASA security appliances may experience a memory leak triggered
by a series of packets. This memory leak occurs in the initialization
code for the hardware crypto accelerator.
Note: Only packets destined to the device (not transiting the device)
may trigger this vulnerability.
The following Cisco ASA features use the services the crypto accelerator
provides, and therefore may be affected by this vulnerability:
* Clientless WebVPN, SSL VPN Client, and AnyConnect Connections
* ASDM (HTTPS) Management Sessions
* Cut-Through Proxy for Network Access
* TLS Proxy for Encrypted Voice Inspection
* IP Security (IPsec) Remote Access and Site-to-site VPNs
* Secure Shell (SSH) Access
This vulnerability is documented in Cisco Bug ID CSCsj25896 and has
been assigned the Common Vulnerabilities and Exposures (CVE) identifier
CVE-2008-3817.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerabilities in this advisory based
on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in
this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of the
vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
* Windows NT Domain Authentication Bypass Vulnerability (CSCsu65735)
CVSS Base Score - 4.3
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 3.7
Exploitability - High
Remediation Level - Official-Fix
Report Confidence - Confirmed
* Cisco ASA may reload after receiving certain IPv6 packets (CSCsu11575)
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* Crypto Accelerator Memory Leak (CSCsj25896)
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the VPN Authentication Bypass Vulnerability
may allow an attacker to successfully connect to the Cisco ASA via
remote access IPSec or SSL-based VPN. The Denial of Service (DoS)
vulnerabilities may cause a reload of the affected device. Repeated
exploitation could result in a sustained DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
The following list contains the first fixed software release of each
vulnerability:
+----------------------------------------+
| | Affected | First |
| Vulnerability | Release | Fixed |
| | | Version |
|----------------+----------+------------|
| | 7.0 | 7.0(8)3 |
| |----------+------------|
| Windows NT | 7.1 | 7.1(2)78 |
|Domain |----------+------------|
| Authentication | 7.2 | 7.2(4)16 |
|Bypass |----------+------------|
| Vulnerability | 8.0 | 8.0(4)6 |
| |----------+------------|
| | 8.1 | 8.1(1)13 |
|----------------+----------+------------|
| | 7.0 | Not |
| | | Vulnerable |
| |----------+------------|
| | 7.1 | Not |
| | | Vulnerable |
|IPv6 Denial of |----------+------------|
| Service | 7.2 | 7.2(4)11 |
|Vulnerability |----------+------------|
| | 8.0 | Not |
| | | Vulnerable |
| |----------+------------|
| | 8.1 | Not |
| | | Vulnerable |
|----------------+----------+------------|
| | 7.0 | Not |
| | | Vulnerable |
| |----------+------------|
| | 7.1 | Not |
| Crypto | | Vulnerable |
|Accelerator |----------+------------|
| Memory Leak | 7.2 | Not |
| Vulnerability | | Vulnerable |
| |----------+------------|
| | 8.0 | 8.0(4) |
| |----------+------------|
| | 8.1 | 8.1(2) |
+----------------------------------------+
The following maintenance software releases are the first software
releases that contain the fixes for the vulnerabilities mentioned in
this Security Advisory:
Fixed PIX software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2
Fix ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2
For the "Windows NT Domain Authentication Bypass Vulnerability", only
interim fixed software is currently available. Customers wishing to
upgrade to a fixed version instead of applying a workaround may download
PIX and ASA interim versions from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT?psrtdcat20e2
Workarounds
===========
This Security Advisory describes multiple distinct vulnerabilities.
These vulnerabilities and their respective workarounds are independent
of each other.
Windows NT Domain Authentication Bypass Vulnerability
+----------------------------------------------------
LDAP authentication is not affected by this vulnerability.
Note: For more information about support for a specific AAA server
type, refer to the following link:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/aaa.html#wp1069492
IPv6 Denial of Service Vulnerability
+-----------------------------------
Customers that do not require IPv6 functionality on their devices can
use the "no ipv6 address" interface sub-command to disable processing of
IPv6 packets and eliminate their exposure
Crypto Accelerator Memory Leak Vulnerability
+-------------------------------------------
There are no workarounds for this vulnerability.
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for software
upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through their
regular update channels. For most customers, this means that upgrades
should be obtained through the Software Center on Cisco's worldwide
website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through prior
or existing agreements with third-party support organizations, such
as Cisco Partners, authorized resellers, or service providers should
contact that support organization for guidance and assistance with the
appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or fix
is the most appropriate for use in the intended network before it is
deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service
contract, and customers who purchase through third-party vendors but are
unsuccessful in obtaining fixed software through their point of sale
should acquire upgrades by contacting the Cisco Technical Assistance
Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to a
free upgrade. Free upgrades for non-contract customers must be requested
through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during internal testing and during the
resolution of a technical support service request.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY
ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits
the distribution URL in the following section is an uncontrolled copy,
and may lack important information or contain factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml
In addition to worldwide web posting, a text version of this notice is
clear-signed with the Cisco PSIRT PGP key and is posted to the following
e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on mailing
lists or newsgroups. Users concerned about this problem are encouraged
to check the above URL for any updates.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2008-October-22 | Initial public release |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
+--------------------------------------------------------------------
Copyright 2007-2008 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
Updated: Oct 22, 2008 Document ID: 108009
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkj/S+kACgkQ86n/Gc8U/uAw4gCePvCNEXPlmyKTJaXsjCs6lJHp
tGIAnR507Su0d3whQe31Igigg3xQjC1z
=4yFl
-----END PGP SIGNATURE-----
| VAR-200810-0197 | CVE-2008-3816 | Cisco PIX/ASA In IPv6 Service disruption related to packet processing (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet.
An attacker can exploit this issue to cause the affected devices to reload, denying service to legitimate users. This issue is documented in Cisco Bug ID CSCsu11575.
NOTE: IPv6 is not configured by default on the devices listed above. Devices that do not support the TTL decrement feature are not vulnerable.
The vulnerability is reported in version 7.2(4)9 and 7.2(4)10.
NOTE: 7.0, 7.1, 8.0, and 8.1 releases are reportedly not affected.
SOLUTION:
Update to version 7.2(4)11.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. This security
advisory outlines details of these vulnerabilities:
* Windows NT Domain Authentication Bypass Vulnerability
* IPv6 Denial of Service Vulnerability
* Crypto Accelerator Memory Leak Vulnerability
Note: These vulnerabilities are independent of each other. A device may
be affected by one vulnerability and not affected by another.
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml.
Affected Products
=================
Vulnerable Products
+------------------
The following are the details about each vulnerability described within
this advisory.
Windows NT Domain Authentication Bypass Vulnerability
+----------------------------------------------------
Because of a Microsoft Windows NT Domain authentication issue the Cisco
ASA and Cisco PIX devices may be susceptible to a VPN authentication
bypass vulnerability. Devices that are
using any other type of external authentication (that is, LDAP, RADIUS,
TACACS+, SDI, or local database) are not affected by this vulnerability.
The following example demonstrates how Windows NT domain authentication
is configured using the command line interface (CLI) on the Cisco ASA:
aaa-server NTAuth protocol nt
aaa-server NTAuth (inside) host 10.1.1.4
nt-auth-domain-controller primary1
Alternatively, to see if a device is configured for Windows NT Domain
authentication use the
"show running-config | include nt-auth-domain-controller"
command.
Alternatively, you can display the status of interfaces configured for
IPv6 using the show ipv6 interface command in privileged EXEC mode, as
shown in the following example:
hostname# show ipv6 interface brief
outside [up/up]
unassigned
inside [up/up]
fe80::20d:29ff:fe1d:69f0
fec0::a:0:0:a0a:a70
dmz [up/up]
unassigned
In this example, the "outside" and "dmz" interfaces are not configured
for IPv6. This memory leak occurs in the
initialization code for the hardware crypto accelerator. Devices that
are running software versions in the 8.0.x release are vulnerable.
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco Firewall Services Module (FWSM) is not affected by any of
these vulnerabilities. No other Cisco products are currently known to
be affected by these vulnerabilities.
Details
=======
This Security Advisory describes multiple distinct vulnerabilities.
These vulnerabilities are independent of each other.
Windows NT Domain Authentication Bypass Vulnerability
+----------------------------------------------------
Because of a Microsoft Windows NT Domain authentication issue the Cisco
ASA and Cisco PIX devices may be susceptible to a VPN authentication
bypass vulnerability.
The Cisco ASA security appliance supports Microsoft Windows server
operating systems that support NTLM version 1, collectively referred to
as "NT servers". NT Domain authentication is supported only for remote
access VPNs.
Note: Devices that are running software versions in the 7.0, 7.1, 8.0,
and 8.1 releases are not vulnerable. Additionally, you can add a global address to the interface.
Note: Only packets that are destined to the device (not transiting the
device) may trigger the effects of this vulnerability. This memory leak occurs in the initialization
code for the hardware crypto accelerator.
Note: Only packets destined to the device (not transiting the device)
may trigger this vulnerability.
The following Cisco ASA features use the services the crypto accelerator
provides, and therefore may be affected by this vulnerability:
* Clientless WebVPN, SSL VPN Client, and AnyConnect Connections
* ASDM (HTTPS) Management Sessions
* Cut-Through Proxy for Network Access
* TLS Proxy for Encrypted Voice Inspection
* IP Security (IPsec) Remote Access and Site-to-site VPNs
* Secure Shell (SSH) Access
This vulnerability is documented in Cisco Bug ID CSCsj25896 and has
been assigned the Common Vulnerabilities and Exposures (CVE) identifier
CVE-2008-3817.
Vulnerability Scoring Details
+----------------------------
Cisco has provided scores for the vulnerabilities in this advisory based
on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in
this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of the
vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
* Windows NT Domain Authentication Bypass Vulnerability (CSCsu65735)
CVSS Base Score - 4.3
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 3.7
Exploitability - High
Remediation Level - Official-Fix
Report Confidence - Confirmed
* Cisco ASA may reload after receiving certain IPv6 packets (CSCsu11575)
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* Crypto Accelerator Memory Leak (CSCsj25896)
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the VPN Authentication Bypass Vulnerability
may allow an attacker to successfully connect to the Cisco ASA via
remote access IPSec or SSL-based VPN. Repeated
exploitation could result in a sustained DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
The following list contains the first fixed software release of each
vulnerability:
+----------------------------------------+
| | Affected | First |
| Vulnerability | Release | Fixed |
| | | Version |
|----------------+----------+------------|
| | 7.0 | 7.0(8)3 |
| |----------+------------|
| Windows NT | 7.1 | 7.1(2)78 |
|Domain |----------+------------|
| Authentication | 7.2 | 7.2(4)16 |
|Bypass |----------+------------|
| Vulnerability | 8.0 | 8.0(4)6 |
| |----------+------------|
| | 8.1 | 8.1(1)13 |
|----------------+----------+------------|
| | 7.0 | Not |
| | | Vulnerable |
| |----------+------------|
| | 7.1 | Not |
| | | Vulnerable |
|IPv6 Denial of |----------+------------|
| Service | 7.2 | 7.2(4)11 |
|Vulnerability |----------+------------|
| | 8.0 | Not |
| | | Vulnerable |
| |----------+------------|
| | 8.1 | Not |
| | | Vulnerable |
|----------------+----------+------------|
| | 7.0 | Not |
| | | Vulnerable |
| |----------+------------|
| | 7.1 | Not |
| Crypto | | Vulnerable |
|Accelerator |----------+------------|
| Memory Leak | 7.2 | Not |
| Vulnerability | | Vulnerable |
| |----------+------------|
| | 8.0 | 8.0(4) |
| |----------+------------|
| | 8.1 | 8.1(2) |
+----------------------------------------+
The following maintenance software releases are the first software
releases that contain the fixes for the vulnerabilities mentioned in
this Security Advisory:
Fixed PIX software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2
Fix ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2
For the "Windows NT Domain Authentication Bypass Vulnerability", only
interim fixed software is currently available. Customers wishing to
upgrade to a fixed version instead of applying a workaround may download
PIX and ASA interim versions from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT?psrtdcat20e2
Workarounds
===========
This Security Advisory describes multiple distinct vulnerabilities.
These vulnerabilities and their respective workarounds are independent
of each other.
Windows NT Domain Authentication Bypass Vulnerability
+----------------------------------------------------
LDAP authentication is not affected by this vulnerability. As a
workaround, you can enable a different type of external authentication
for Remote Access VPN instead of Windows NT Domain authentication.
Note: For more information about support for a specific AAA server
type, refer to the following link:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/aaa.html#wp1069492
IPv6 Denial of Service Vulnerability
+-----------------------------------
Customers that do not require IPv6 functionality on their devices can
use the "no ipv6 address" interface sub-command to disable processing of
IPv6 packets and eliminate their exposure
Crypto Accelerator Memory Leak Vulnerability
+-------------------------------------------
There are no workarounds for this vulnerability.
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for software
upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through their
regular update channels. For most customers, this means that upgrades
should be obtained through the Software Center on Cisco's worldwide
website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through prior
or existing agreements with third-party support organizations, such
as Cisco Partners, authorized resellers, or service providers should
contact that support organization for guidance and assistance with the
appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or fix
is the most appropriate for use in the intended network before it is
deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service
contract, and customers who purchase through third-party vendors but are
unsuccessful in obtaining fixed software through their point of sale
should acquire upgrades by contacting the Cisco Technical Assistance
Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to a
free upgrade. Free upgrades for non-contract customers must be requested
through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerabilities described in this advisory.
These vulnerabilities were found during internal testing and during the
resolution of a technical support service request.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY
ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits
the distribution URL in the following section is an uncontrolled copy,
and may lack important information or contain factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml
In addition to worldwide web posting, a text version of this notice is
clear-signed with the Cisco PSIRT PGP key and is posted to the following
e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on mailing
lists or newsgroups. Users concerned about this problem are encouraged
to check the above URL for any updates.
Revision History
================
+------------------------------------------------------------+
| Revision 1.0 | 2008-October-22 | Initial public release |
+------------------------------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
+--------------------------------------------------------------------
Copyright 2007-2008 Cisco Systems, Inc. All rights reserved.
+--------------------------------------------------------------------
Updated: Oct 22, 2008 Document ID: 108009
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkj/S+kACgkQ86n/Gc8U/uAw4gCePvCNEXPlmyKTJaXsjCs6lJHp
tGIAnR507Su0d3whQe31Igigg3xQjC1z
=4yFl
-----END PGP SIGNATURE-----