VARIoT IoT vulnerabilities database

Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string. RhinoSoft Serv-U FTP Server is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Serv-U 9.0.0.5 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: RhinoSoft Serv-U Cookie Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA37228 VERIFY ADVISORY: http://secunia.com/advisories/37228/ DESCRIPTION: Nikolas Rangos has discovered a vulnerability in Serv-U, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the included HTTP server when processing certain cookies. This can be exploited to cause a stack-based buffer overflow by sending a malicious HTTP request containing a specially crafted cookie to the server. The vulnerability is confirmed in version 9.0.0.5. SOLUTION: Filter malicious requests using a proxy. PROVIDED AND/OR DISCOVERED BY: Nikolaos Rangos, KC Security. ORIGINAL ADVISORY: http://www.rangos.de/ServU-ADV.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Citrix NetScaler and Access Gateway are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. The issue affects the appliance firmware 9.0 (prior to build 70.5) and 9.1 (prior to build 96.4). The following products are affected: Citrix NetScaler NetScaler Application Firewall Access Gateway Enterprise Edition

Buffer overflow in the URL filtering function in Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.40 through 2.51 allows remote attackers to execute arbitrary code via unspecified vectors. SEIL/X Series and SEIL/B1 contain a buffer overflow vulnerability. SEIL/X Series and SEIL/B1 are routers. The following devices are affected: SEIL/X1 2.40 to 2.51 SEIL/X2 2.40 to 2.51 SEIL/B1 2.40 to 2.51. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: SEIL Routers Denial of Service and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA37154 VERIFY ADVISORY: http://secunia.com/advisories/37154/ DESCRIPTION: Some vulnerabilities have been reported in the SEIL/X1, X2, and B1 routers, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) An error exists when processing of certain GRE packets. This can be exploited to cause the device to restart by sending certain specially crafted GRE packets. Note: Successful exploitation requires that the NAT functionality is enabled. 2) A buffer overflow error exists within the URL filtering functionality. Vulnerability #1 is reported in SEIL/X1, X2, and B1 version 2.30 to 2.51 and vulnerability #2 is reported in SEIL/X1, X2, and B1 version 2.40 to 2.51. SOLUTION: Update to version 2.52. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: 1) http://jvn.jp/jp/JVN13011682/index.html http://www.seil.jp/seilseries/security/2009/a00674.php 2) http://jvn.jp/jp/JVN06362164/index.html http://www.seil.jp/seilseries/security/2009/a00669.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 through 2.51, when NAT is enabled, allows remote attackers to cause a denial of service (system restart) via crafted GRE packets. SEIL/X Series and SEIL/B1 contain a denial of service (DoS) vulnerability. SEIL/X Series and SEIL/B1 are routers. Successfully exploiting these issues allows remote attackers to execute arbitrary code with administrative privileges or crash the affected device, denying service to legitimate users. The following devices are affected: SEIL/X1 2.40 to 2.51 SEIL/X2 2.40 to 2.51 SEIL/B1 2.40 to 2.51. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: SEIL Routers Denial of Service and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA37154 VERIFY ADVISORY: http://secunia.com/advisories/37154/ DESCRIPTION: Some vulnerabilities have been reported in the SEIL/X1, X2, and B1 routers, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) An error exists when processing of certain GRE packets. Note: Successful exploitation requires that the NAT functionality is enabled. 2) A buffer overflow error exists within the URL filtering functionality. This can be exploited to cause a buffer overflow and potentially execute arbitrary code by tricking a user into visiting a specially crafted website. Vulnerability #1 is reported in SEIL/X1, X2, and B1 version 2.30 to 2.51 and vulnerability #2 is reported in SEIL/X1, X2, and B1 version 2.40 to 2.51. SOLUTION: Update to version 2.52. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: 1) http://jvn.jp/jp/JVN13011682/index.html http://www.seil.jp/seilseries/security/2009/a00674.php 2) http://jvn.jp/jp/JVN06362164/index.html http://www.seil.jp/seilseries/security/2009/a00669.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The SEIL router has a denial of service attack. The attacker can send a specially constructed IPv6 packet to the router to trigger a denial of service attack condition. SEIL routers are prone to a denial-of-service vulnerability. The following versions are affected: SEIL/X1 version 1.00 to 1.22 SEIL/X2 version 1.00 to 1.22 SEIL/Turbo version 1.00 to 1.92 SEIL/neu 2FE Plus version 1.00 to 1.92 SEIL/neu 128, T1 version 1.00 to 2.43

Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535. Cisco IOS of H.323 Implementation gk_circuit_info_do_in_acf Function leaks memory and interferes with service operation (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID CSCsz72535 It is a problem.Denial of service by a large number of long-term calls by third parties (DoS) There is a possibility of being put into a state. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to consume an excessive amount of memory, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCsz72535. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. The 'nginx' program is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code. Background ========== nginx is a robust, small, and high performance HTTP and reverse proxy server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 1.0.14 >= 1.0.14 Description =========== Multiple vulnerabilities have been found in nginx: * The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555). * The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896). * nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898). * The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315). * nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180). Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the nginx process, cause a Denial of Service condition, create or overwrite arbitrary files, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14" References ========== [ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201203-22.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Gentoo update for nginx SECUNIA ADVISORY ID: SA48577 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48577/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48577 RELEASE DATE: 2012-03-28 DISCUSS ADVISORY: http://secunia.com/advisories/48577/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48577/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48577 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for nginx. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), manipulate certain data, and potentially compromise a vulnerable system. For more information: SA36751 SA36818 SA37291 SA46798 SA48366 SOLUTION: Update to "www-servers/nginx-1.0.14" or later. ORIGINAL ADVISORY: GLSA 201203-22: http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word. Cherokee Web Server is a flexible, fast, lightweight web server. An attacker could exploit this issue to crash the affected application, denying service to legitimate users. Cherokee Web Server 0.5.4 is vulnerable; other versions may also be affected NOTE: This BID is being retired because the vulnerability is caused by a problem in Microsoft Windows when handling DOS-style device names; it is not specific to this application

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. (DoS) A state vulnerability exists.Interfering with service operation by a third party (DoS) It may be in a state. CUPS is prone to a denial-of-service vulnerability. A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects CUPS 1.3.7; other versions may be vulnerable as well. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. The cupsdDoSelect() function in the scheduler/select.c file of CUPS has a use-after-free error in the way it handles references in its file descriptor processing interface. A remote attacker can query the current print job list of a specific printer in a special way to cause cupsd collapse. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:073-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : cups Date : April 14, 2010 Affected: 2010.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in cups: CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs (CVE-2009-2820). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553 (CVE-2010-0302). The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers (CVE-2010-0393). The updated packages have been patched to correct these issues. Update: Packages for Mandriva Linux 2010.0 was missing with MDVSA-2010:073. This advisory provides packages for 2010.0 as well. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2820 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0302 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0393 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: ba3d43f654fd15aea9f81eadb57c3022 2010.0/i586/cups-1.4.1-12.1mdv2010.0.i586.rpm b1f275796b029190380e40ae23ae8ed0 2010.0/i586/cups-common-1.4.1-12.1mdv2010.0.i586.rpm 296b30522aa7c008767c6b285aa4b715 2010.0/i586/cups-serial-1.4.1-12.1mdv2010.0.i586.rpm b3abb3c2299c1cb32848c0ee5954eed8 2010.0/i586/libcups2-1.4.1-12.1mdv2010.0.i586.rpm d91c255a1e42e5988f1d8d2d94ffd369 2010.0/i586/libcups2-devel-1.4.1-12.1mdv2010.0.i586.rpm ba336d918bbe9d03cf4fa823293bfb37 2010.0/i586/php-cups-1.4.1-12.1mdv2010.0.i586.rpm c3aee001d1629963053f475a49b7cd5d 2010.0/SRPMS/cups-1.4.1-12.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 7c089025f467e5b366e57a15e85857ce 2010.0/x86_64/cups-1.4.1-12.1mdv2010.0.x86_64.rpm 0e0e4ad3a4d42022d22a88ee8568f8bf 2010.0/x86_64/cups-common-1.4.1-12.1mdv2010.0.x86_64.rpm cb7b4cadce5a174bbd4027f478b38c26 2010.0/x86_64/cups-serial-1.4.1-12.1mdv2010.0.x86_64.rpm 653bd25375281b919c6438e71052359d 2010.0/x86_64/lib64cups2-1.4.1-12.1mdv2010.0.x86_64.rpm 7bebd27fa6ce2aa5667d28fd7b06702e 2010.0/x86_64/lib64cups2-devel-1.4.1-12.1mdv2010.0.x86_64.rpm 34452fc88d7a16591eb653a32c6daa28 2010.0/x86_64/php-cups-1.4.1-12.1mdv2010.0.x86_64.rpm c3aee001d1629963053f475a49b7cd5d 2010.0/SRPMS/cups-1.4.1-12.1mdv2010.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLxclfmqjQ0CJFipgRAmhmAJ4qtZ7GxqbmNOSfJeozcsqRCBvAsACg2vG+ NRt/ytxq5LWHwOAGFnOKnIw= =ayqT -----END PGP SIGNATURE----- . CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. CVE-2010-1748 Information disclosure in the web interface. CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. CVE-2010-2432 Denial of service in the authentication code. CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny9. The stable distribution (squeeze) and the unstable distribution (sid) had already been fixed prior to the initial Squeeze release. We recommend that you upgrade your cups packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-906-1 March 03, 2010 cups, cupsys vulnerabilities CVE-2009-3553, CVE-2010-0302, CVE-2010-0393 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.17 cupsys-client 1.2.2-0ubuntu0.6.06.17 Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.8 cupsys-client 1.3.7-1ubuntu3.8 Ubuntu 8.10: cups 1.3.9-2ubuntu9.5 cups-client 1.3.9-2ubuntu9.5 Ubuntu 9.04: cups 1.3.9-17ubuntu3.6 cups-client 1.3.9-17ubuntu3.6 Ubuntu 9.10: cups 1.4.1-5ubuntu2.4 cups-client 1.4.1-5ubuntu2.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the CUPS scheduler did not properly handle certain network operations. A local attacker could exploit this with a format-string vulnerability leading to a root privilege escalation. The default compiler options for Ubuntu 8.10, 9.04 and 9.10 should reduce this vulnerability to a denial of service. (CVE-2010-0393) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17.diff.gz Size/MD5: 106482 26e1af0359723f0fe887019ea8973a7e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17.dsc Size/MD5: 1061 400968d3ecf83db01f0a427f10f2998e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.17_all.deb Size/MD5: 998 776cbf76de0fa4da83fa66cac2a2ee9c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.17_amd64.deb Size/MD5: 36220 1a0b165edf4aaff4b063ef5ffb44aec3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.17_amd64.deb Size/MD5: 81834 6fc3613d660d8193ef5bc8820a7241d9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17_amd64.deb Size/MD5: 2289018 87d64d2f3a97289ad6b6db57d090ca2d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.17_amd64.deb Size/MD5: 6090 85aeada029ad3c01ff7f1e18f9ea9cc2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.17_amd64.deb Size/MD5: 77908 96e28918fdf830eb12336aadedf9f281 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.17_amd64.deb Size/MD5: 25740 85b73ffa3c93b1cca0f9421fdaa01cc3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.17_amd64.deb Size/MD5: 130734 938995599b4be32a725528c80981fa78 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.17_i386.deb Size/MD5: 34766 47d4bdcf450f6d8d30206c35192f1b7d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.17_i386.deb Size/MD5: 77930 e830a9300772160fb0a6748da948f246 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17_i386.deb Size/MD5: 2256104 bcfa53bda3ed0c1e50636e804af11055 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.17_i386.deb Size/MD5: 6094 34a470a2aaff3e3ab10eea29a1bd8200 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.17_i386.deb Size/MD5: 77022 ab3b5c283d4ec643297685c034f1073c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.17_i386.deb Size/MD5: 25748 d5904841e833850731621090c1b88c8c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.17_i386.deb Size/MD5: 122908 eb39cde640458c67403c00cfd65ea312 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.17_powerpc.deb Size/MD5: 40474 a47c9a5aad3feee3c9218d32e3f03f85 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.17_powerpc.deb Size/MD5: 89482 81e3f9ad6e8fe3cb3096b133bfb4fb5b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17_powerpc.deb Size/MD5: 2303712 fffb516669489cf38ce5f410b58112af http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.17_powerpc.deb Size/MD5: 6092 8c6d3af926e6729378b1ba23508e3c6b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.17_powerpc.deb Size/MD5: 79548 169e4c3351cf2ef0c99e478d8e2a3a46 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.17_powerpc.deb Size/MD5: 25740 f0d21ba1ea537495d3953a22999d1dd4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.17_powerpc.deb Size/MD5: 128662 98b0c1483cc7021fff335da8d79c67c2 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.17_sparc.deb Size/MD5: 35388 1128a347e119ca9525784ed50da5d0ab http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.17_sparc.deb Size/MD5: 78684 596751675fee6063e59dab02e7b44543 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17_sparc.deb Size/MD5: 2289934 9bd77e6533b77678840172bcf285c157 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.17_sparc.deb Size/MD5: 6096 a11d49069913645b3a947d2dfa6f5f84 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.17_sparc.deb Size/MD5: 76832 c1049c92d30205b8032648dfbd90299c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.17_sparc.deb Size/MD5: 25744 d2d1088e3744d305b6c90aca7eda4be0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.17_sparc.deb Size/MD5: 124486 60a22b1cccb08eaab9847b9e87c59032 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8.diff.gz Size/MD5: 141577 5cb2a7055c83f2535e6704212c06ea0c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8.dsc Size/MD5: 1442 d42e1f9c2424210f66acfaeb4ecf293a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz Size/MD5: 4700333 383e556d9841475847da6076c88da467 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.8_all.deb Size/MD5: 1144392 72c2295be929ac91622921b866586810 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_amd64.deb Size/MD5: 37522 606cf4d3db841e5c7699af8e6063d28a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_amd64.deb Size/MD5: 90020 5494f76c3c0aff50e61b0e7065d4fc45 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_amd64.deb Size/MD5: 1882420 fbf517a3c599b99d5ea8936c09f4a6d6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_amd64.deb Size/MD5: 60800 2b3dd2ab96e425ab134602608f0d3530 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_amd64.deb Size/MD5: 50216 27fb4f492cc7bf62c01a275741d37011 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_amd64.deb Size/MD5: 345048 0525be5bc4dd045cd78a1b284f98398a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_amd64.deb Size/MD5: 178536 a044522e561b9b3be73617a175cc399d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_i386.deb Size/MD5: 36956 0507d5e834e622f33412109dcb260037 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_i386.deb Size/MD5: 88530 244e700f4596074b37c4b7acb984dacc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_i386.deb Size/MD5: 1864902 b6f438dea33b89a9f268d732d670faf1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_i386.deb Size/MD5: 60090 e83c89c8fe55e2f2e79d424e4231f8a1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_i386.deb Size/MD5: 49862 97abed0edb9dfbd42e8ba975c424e6d8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_i386.deb Size/MD5: 339414 1e4250fd6c379296cfba76f67ab97465 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_i386.deb Size/MD5: 175410 efdf295f468c419fd957e69f98fd715a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_lpia.deb Size/MD5: 36660 58ce4787d4d5b43fdc762f21f06bb6bf http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_lpia.deb Size/MD5: 88834 ea87ff5e386e37ddcd2a3678e85764e5 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_lpia.deb Size/MD5: 1867016 ba1534fcc9263b70868c4ed449529e25 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_lpia.deb Size/MD5: 60492 e06a5a3660f9967ec6e0040a486d7362 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_lpia.deb Size/MD5: 50808 ca0c034e3beff76b902c6471afbd7268 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_lpia.deb Size/MD5: 337072 bfaa21b082ce3052922a179d522213d4 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_lpia.deb Size/MD5: 174440 8e2dd41e1e07942ee0f53e05c608206a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_powerpc.deb Size/MD5: 46932 a5d83468e8e0269a483c914230768ea3 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_powerpc.deb Size/MD5: 110654 ec3d80099ccbaeb3f0929644f45bbd75 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_powerpc.deb Size/MD5: 1951280 f475ae7f5ae8ad00bc1ebd7c4634c3ae http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_powerpc.deb Size/MD5: 59922 cb7e8e802dfbe515260578f585ee4427 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_powerpc.deb Size/MD5: 54924 234a155df73c7ef047ac3c5c8b2e132a http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_powerpc.deb Size/MD5: 341760 1ada03ee442854916b34f267b1301407 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_powerpc.deb Size/MD5: 184292 e080a077141436e9837682cf5c6e56e1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_sparc.deb Size/MD5: 38038 15aef403a65149edb1b6e3c87bbcf1e3 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_sparc.deb Size/MD5: 91026 a4ade2e1d03f94b36122a5788f37cc97 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_sparc.deb Size/MD5: 1899806 de0f0a1899697c7add1960031257c51e http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_sparc.deb Size/MD5: 57822 c2af4acac6a11e98f72703a25b2ebdfc http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_sparc.deb Size/MD5: 48224 cf486639b2c6b6247afe109eb73e30d7 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_sparc.deb Size/MD5: 341494 8c21fd99687d9fd49fa97e6c4638338e http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_sparc.deb Size/MD5: 174130 9c878b37d2afd35ee0b50c077490112e Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.5.diff.gz Size/MD5: 331097 6adf07d4858d39e6047a97c0a312901e http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.5.dsc Size/MD5: 2044 d77dce1f6e35cabbd18e84a7c7031b0d http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-2ubuntu9.5_all.deb Size/MD5: 1163190 5c0dee3c7fd7541494ff7dc348be8728 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-bsd_1.3.9-2ubuntu9.5_all.deb Size/MD5: 58560 74c932189d98c843872876adc83c989e http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-client_1.3.9-2ubuntu9.5_all.deb Size/MD5: 58568 0666bac83bfb1edcc37931ad25588204 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-2ubuntu9.5_all.deb Size/MD5: 58562 f524010f0aea453b001b084250bb7063 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys_1.3.9-2ubuntu9.5_all.deb Size/MD5: 58552 a55ec8b8772c680a7413afb1b069ee3e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-2ubuntu9.5_all.deb Size/MD5: 58574 420d72079939829054f9bb7978375ecd http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-2ubuntu9.5_all.deb Size/MD5: 4536 660fc4e6b26c050504a674aec5e0b8cd http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-2ubuntu9.5_all.deb Size/MD5: 58560 919055c4a196d7cfa5e93a3e73de24f9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 37296 0640e7fff6aa2dbbc93a839f641e1da0 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 119772 fc950280a6a56b99486a29868c65bf9a http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 1688940 84c0da9c505411cd3cbee063687215fa http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 2174144 1bff27592c202999f0fd2705eeb8282e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 352308 bcdc4e90a86a22e503cf20e492f57e0f http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 173636 d477c60212f8098b6e92c2b5ec0b7ee2 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 61320 35baa0391a49f0490f49a97d5c8d57d4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 52322 d0caa49b4da1ea3ce447d2fa161d7394 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 36226 1374ff5d461c4aafe2b57822f45c11c6 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 115316 0a8d0a452e3cd7d37eb72a9b4bacd8c8 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 1549000 468b48af21f437e2942d4b447d18d9ef http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 2141316 d117bac8e26451e37827a62749d39b4d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 346096 26576542e0a94b17da8ddd971fbffa90 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 170556 7739c110695754553926fad31463187f http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 60538 5c5832067d06795cbab9e65a885ba240 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 51720 e7d90e5e4eac150dfd205ac17b686cc8 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 36028 5bfdf3e87b3764eb20c0093fb1de1d3e http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 114504 a4f3e28e6eb86599111687a0f7235c45 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 1577892 6c0014be2e9e878679480239a494e917 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 2138164 0a4c78f2bda571599ecffc75dade8006 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 343092 df67f3a082314f41e14cdf97c35c4668 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 168874 dcdab1a3f91f1f2a91a20d01873545ba http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 60626 27c5b3fec56fcb1d7215fd35dfa31ec1 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 52394 5644013cd3dec455b6b6d88b4306d67d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 43566 986c0bd78d2fc4fb5ae76598b24b1a41 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 138118 cc8ece0b9d10792ead1b7902924a6a81 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 1669132 eefc44a29391bb799adc54b6cb412cf3 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 2266096 b798bac78d4f645b90683b3a7901ff4d http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 348056 e9100409aabe02a51ea9fd6c315ab5b6 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 177934 9d812213782055304cc92b4b3ca69894 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 61266 7287aa743d0135c2d16bf29acf9cf915 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 57452 b132aaccd9bcf40dc9ae38783f69c6a6 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 37220 5399de66103270899259960bb9d61345 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 117550 80acdf6867e804b3aa00055737534b57 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 1496764 e434ccdce381acf459b8d387881057d9 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 2202892 bbe3b1587f55b0bd868ce5e6fd4a38e9 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 344914 8a6824c84362ffbf4f9846a65045354a http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 166792 2be506fc868b369e46cf9f9d5fe83e69 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 57854 aef2dd0a14d3a8f01142d78e40ddcb67 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 49804 8d12ec1a43df8c8c40f88082139d2785 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.6.diff.gz Size/MD5: 335789 4f5f61340c4875048c60d69f82dec645 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.6.dsc Size/MD5: 1995 e338a99e7a2e02a57415885e285f3bb1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-17ubuntu3.6_all.deb Size/MD5: 1165632 9b0854975cf994bd9233d6469e777e01 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-17ubuntu3.6_all.deb Size/MD5: 60870 0e74155e761a4d852866bfdac0fb18fb http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-17ubuntu3.6_all.deb Size/MD5: 60876 ad4e2582235225612d6c14e65dbcba3d http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.3.9-17ubuntu3.6_all.deb Size/MD5: 60868 636f7492dabc042d1bc7e11864b38df1 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.3.9-17ubuntu3.6_all.deb Size/MD5: 60872 47806c56c4700090e125496e23d8529c http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-17ubuntu3.6_all.deb Size/MD5: 4516 0e4d49c326db4af8add9edd88b561ad9 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.3.9-17ubuntu3.6_all.deb Size/MD5: 60856 09bb0b47cf251fde476503402b0d0518 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-17ubuntu3.6_all.deb Size/MD5: 60866 02b07214f91997c6b4f5d017aff0655e amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 37294 f14e9d6deb8a90dc55ba033dd6932f29 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 119756 b6d1f12fdca56879c84d177280535945 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 1664430 e0829de2955259a1169ca120f0a0a674 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 2170170 47904ff162f68734105645d802262448 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 352252 cff0030f199a0c96accc192e4168339c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 177900 da8f57dc1c56c823d459c12b98e64d2a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 61264 5deccf4e07529b9e4676a83a556cebde http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 52226 306d5a5075974aa902c7e10066420efa i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 36230 5d95974ec58afa8d26b10d7b9c46a66b http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 115278 9011610cdad6d618456f508e3fe02107 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 1523946 660619a4cbb8df04bd81354ab6059f6c http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 2136486 7f7dea27d4901a02daf9497bd242e2d9 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 346068 67c31d2afa56164900bb916480386b79 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 174416 c84631d45fd35facbf136270470844d4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 60498 31d407917c749a659835e23c99eef0bb http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 51542 5026ab999fb97ac800bd185af3a8cff1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 36022 952070683ed6130fbc8e5531e2142063 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 114500 977d5c00dc13327bc0c9bce453473388 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 1552094 4fecfb548b223615fc7ce88f8fb94264 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 2134028 8dad89838f050c4a375c01ab4b3b2559 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 343052 0139347ae444d4d9f0b9b1420ebfc04f http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 172714 406bb68cba379412650849ea003eb537 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 60668 0a2993f0ac79fc4a91648991be1b0976 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 52342 a501ebcafdf48300f5326632ce1b08b6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 43574 ae6a41699272fc0b360ba6555fd4e7ef http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 138086 95d5d1551240a86de61f4472f8433d01 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 1640174 24942cd5b3e82cb8f700880ace4cb40b http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 2257684 78ff8dc9f337c46ade897f22092939af http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 347984 9663f15cddd48aaa7d389ce1244aebc1 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 183308 1d188a3ea31eaba68b620b8fece8fcd8 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 61306 56306bfa507550c07d02b820380e19c3 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 57406 be85c41fd62fcaf3a28107a1614146d4 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 37218 adeb034eaeadb51fd3723f382cab7b7c http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 117506 7a8039312accd4ce6be1596403616744 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 1468404 c3f80af2a2fc00c590562ea19e6fe9f2 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 2203876 b75a1f2918317d00cc1540014c42e8d0 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 344838 5976a1b94be50118b6ddcdc4b40de073 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 170236 262941bf660cc95765b72cf5aa13e14d http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 57860 36426cde9ee4e2e2dc813ba4d0e98f19 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 49702 590f4b45bf412b2f59d9ad4ea395754c Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.4.diff.gz Size/MD5: 414730 d1a0c764ccf1fedd4c3427c45d19a9ca http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.4.dsc Size/MD5: 2273 4a8ceed09060814e0cf5070412e06aae http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1.orig.tar.gz Size/MD5: 5287327 4dc8f431ef50752dfd61d9d4959abd06 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.1-5ubuntu2.4_all.deb Size/MD5: 1419910 5ccad7198ba64c4d2e487109d38baf6c http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.1-5ubuntu2.4_all.deb Size/MD5: 69572 33961e905c819b2d67c641fa0226596f http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.1-5ubuntu2.4_all.deb Size/MD5: 69534 04b34f17b2f23a24254d74d266121b10 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.1-5ubuntu2.4_all.deb Size/MD5: 69562 f624d2fcb8549771cd920148ba2ace45 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.1-5ubuntu2.4_all.deb Size/MD5: 69574 e0b8e717d5bd0740c7af047debb050f7 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.1-5ubuntu2.4_all.deb Size/MD5: 4548 45c04ec4b5ef40e7b5a05b97cfff0821 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.1-5ubuntu2.4_all.deb Size/MD5: 69554 10ac2f07563d4eb693e27195b7778935 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 36708 60bcfe9509bf6c460a24b32f3dc22f3a http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 120258 31f336e66b77fdb68624eee6c3f6aa86 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 89636 f2300503230b0418b939bbf0acbddd50 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 1909456 70052df26d278ec8fbcb89e92801f59c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 210406 50cf5e47fc69aa59dafcc51fd1ba7aca http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 218936 7f04aa35b965955b0c12566d18dd27bc http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 101856 80b6e20deaa9ec8006b6233daea025c4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 31586 cac166753bfc5dad29293f69669402fe http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 90190 bdf93f96a315ba2313eb0bc86a24fa2b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 22192 be5b0eba29c355d76aa86db66b328b8c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 61528 bcfe65ac2cd9cfab070635f5ede4482b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 53160 a3cff812c204698c97027c47a2a8032d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 81196 7fdf8a14125aed96ba11cfad2df8450b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 15492 406aa3da43f5949e6d062bf117a8656c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 143032 c29bf3ee9e457b0096ada17948d85afb http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 60098 1cd00de7321f747b33a82c06bec69625 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 34526 8a2d07f4f318a7fb578aef25a1fa106b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 35470 59752d8fe6b0ab6b4be4bc9553dd67fe http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 115326 24a5ebd4c6b0c9932ec34481bdfc27fd http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 88804 71f3cbd750cb6283dc29cdea5e7b8dd3 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 1867476 93037d1769ff83d77a6da5ed93e82058 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 199428 dc33c5038d26a0b76f1b694598c004a0 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 213030 031bc59c14807b8d6c7347c2a3ba2e8c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 101048 e751022124d2496ac051280b70e75d88 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 31376 133412f956a2808d74ae62bc73ca6c48 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 90402 4c375adba3718768e98346d10ecfc2ed http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 22060 6969c7f346d155095980d127763e205a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 60314 6d620c4a4380d7e65c2dcf147c7df896 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 52412 6641e47022e889de1525eaf5c5305eca http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 81106 7e3b8f7ddec3a8a5b8377b0234270268 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 15206 fd9858648c9df78fae4a974955c0e475 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 141568 1db2ce91ffedfa1bbde68b2756cfe389 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 61438 1299d9de795e485872507e21e42b20e5 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 32824 a7d8171d0f2888bb97f59387b5953db2 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 35442 dd26d3e196a3bc1880331dc3821cdbab http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 115178 76977be3cbcb0d5f4a22ada4071188e4 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 88774 6516931d5dce31c51b80f107a6c78f29 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 1865004 e482b421a57cc75b18d979de2e82fb7a http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 196772 061c86b147f9fdb980e7d40d8e84dabd http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 211440 13a330ef0e77a7f20f0e803140148905 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 100448 17f556fffdb82e83559268361e0eb53f http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 31206 27d0d62e0c989545ed7455f832eb2b25 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 89820 86176d7a6557617ff30aa83bcc875196 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 21778 e04668e8936e1d32e7e33414e570fcee http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 59950 9569de467d24173a0c35b838fea647fc http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 52576 582213e9cde03104f3c1795d06984197 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 81056 c1a6cca183116319ed1a095806cf1c8c http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 15304 21d41f59b097afbd27a12f7c9e877b32 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 141898 15553deba7c1e9c98136330e97b59119 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 62662 ecc362e334c91a0530c356b17e6a2641 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 33264 325a9170ecf6cd1dc9f955be9bbc1d24 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 37006 3acbe062b83fdc269964eef5675a89c5 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 121650 74995951c11f700b551f6c8ce2badb23 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 89384 8f0ce2467cda194e493e87369aab765d http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 1930866 ef1a8fd29f47f928b81c785730ce89d9 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 203588 decd7de1cafe69b61d713988fe55af37 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 223504 f60c1ea0858fd39961852c870c7fce49 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 101020 c0ad517da1a8bc09ccf97903a3ded8c9 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 33348 2424426af873cd4207b8226ebb8490c5 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 89594 9e6125fb851403ef7e80f09840eaa89a http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 22324 a4b8cbb7319e42721479d3092ef23f16 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 60618 01ffa1358e2fb0c5dd307cd8d135c14f http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 55376 fa276276aa683c19b9fc10bf65372347 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 81558 c9060c3ec4eca6ae2ce532f44298e556 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 15790 c857b043bf0bb4ff3dfc0db38de89f99 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 141118 92099a9250e369378fe8287e556b21a7 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 64954 b7da8579507c4db05cc78df34d289f76 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 34790 964c7ecb9faa3a0b1a115a2a06a66e75 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 36068 7ab9b44191ad5078c5f63a521744ca23 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 117816 2be453254c5f80dc1c353acc62a3c443 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 89232 09f73b5d95d3248b5ecc0393036ddbff http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 1954238 7f4762af124ba5e650569b6fa2fbb5c7 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 201516 730d6a0e1428a7165e01a565cc810d8a http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 210594 4f16bfe7a76a1c9cb137401290c4f5c1 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 102698 fe023955fc4e93236d2ff46b685bc32b http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 31560 4be671eb7500d06a1f949df0d92086e7 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 89804 3e5dbcf536bc2be0435561b4997c796e http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 21380 fce9fff2a5bc990ae97cd67569805789 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 58150 e5a43b39220105101c69480fa63075f5 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 50290 1cf2e270243b8f0a6cc56405a8c5bd94 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 80330 fd1073834591fd282edc82e516d7e533 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 14380 e00615f5e33b445f214fd1205b1948cb http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 144322 85692c2dcfd49bb0c0e0aad28ccb670c http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 61450 c809cd1adf184af7e35e60fa9c9c55e3 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 33858 2bddab9378a2a4e3938ce6ed39dc807e . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201207-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: July 09, 2012 Bugs: #295256, #308045, #325551, #380771 ID: 201207-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in CUPS, some of which may allow execution of arbitrary code or local privilege escalation. Background ========== CUPS, the Common Unix Printing System, is a full-featured print server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.4.8-r1 >= 1.4.8-r1 Description =========== Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker may be able to execute arbitrary code using specially crafted streams, IPP requests or files, or cause a Denial of Service (daemon crash or hang). A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to obtain sensitive information from the CUPS process or hijack a CUPS administrator authentication request. Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 03, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2009-3553 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553 [ 2 ] CVE-2010-0302 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302 [ 3 ] CVE-2010-0393 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393 [ 4 ] CVE-2010-0540 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540 [ 5 ] CVE-2010-0542 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542 [ 6 ] CVE-2010-1748 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748 [ 7 ] CVE-2010-2431 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431 [ 8 ] CVE-2010-2432 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432 [ 9 ] CVE-2010-2941 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941 [ 10 ] CVE-2011-3170 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201207-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

3Com OfficeConnect ADSL Wireless 11g Firewall Router is prone to an authentication-bypass vulnerability and a remote command-execution vulnerability. An attacker can exploit these issues to gain unauthorized administrative access to the affected device or execute arbitrary commands. Successful exploits will completely compromise the device.

The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662. Cisco Unified Presence of TimesTenD The process involves service disruption (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID CSCsy17662 It is a problem.By a third party 16200 and 22794 Many to port TCP Service disruption through connection (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause the TimesTenD process to restart, denying service to legitimate users. These vulnerabilities were discovered internally by Cisco, and there are no workarounds. Cisco has released free software updates that address these vulnerabilities. The software version can be determined by running the command "show version active" via the Command Line Interface (CLI). Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. TCP 3-way handshakes must be completed for the attack to be successful. The TimesTenD process will be automatically restarted upon failure. This vulnerability is documented in Cisco Bug ID CSCsy17662 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2874. An attacker can overwhelm the table that is used to track network connections and prevent new connections from being established to system services by establishing many TCP connections with a vulnerable system. Any service that listens to a TCP port on a vulnerable system could be affected by this vulnerability. This vulnerability is documented in Cisco Bug ID CSCsw52371 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2052. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCsy17662 - TimesTenD Coredump During TCP Flood CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsw52371 - CUP: IP_Conntrack Fills Up During TCP Flood Attack CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of any of the vulnerabilities may result in the interruption of presence services. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. Cisco Unified Presence version 6.0(6) is available at the following link: http://tools.cisco.com/support/downloads/go/ReleaseType.x?optPlat=&isPlatform=Y&mdfid=281010019&sftType=Unified+Presence+Server+%28CUPS%29+Updates&treeName=Voice+and+Unified+Communications&modelName=Cisco+Unified+Presence+Version+6.0&mdfLevel=null&treeMdfId=278875240&modifmdfid=null&imname=&hybrid=Y&imst=N Cisco Unified Presence version 7.0(5) is available at the following link: http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified+Presence+Server+%28CUPS%29+Updates&mdfid=281820245&treeName=Voice+and+Unified+Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco+Unified+Presence+Version+7.0&isPlatform=N&treeMdfId=278875240&modifmdfid=null&imname=&hybrid=Y&imst=N Note: Administrators running Cisco Unified Presence version 1.x are encouraged to upgrade to version 6.0 or later. Workarounds =========== No workarounds are available; however, mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20091014-cup.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. These vulnerabilities were discovered by Cisco. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20091014-cup.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-October-14 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFK1eiV86n/Gc8U/uARAtI9AKCY7cOV/RqoTcFB0pjPXMW0HXuWWwCePvum 65XRgnU+TCu1veQd+gWlE7g= =uBzn -----END PGP SIGNATURE-----

Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe. Wyse Device Manager (WDM) Server and HAgent contain several vulnerabilities. An attacker with network access to WDM components could execute arbitrary code on vulnerable systems. Failed attempts will likely cause a denial-of-service condition

Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587. This vulnerability CVE-2009-3587 Is a different vulnerability.Skillfully crafted by a third party RAR Service disruption via archive files (DoS) There is a possibility of being put into a state. Multiple Computer Associates products are prone to memory-corruption vulnerabilities that affect the Anti-Virus engine. An attacker can exploit these issues to execute arbitrary code in the context of the affected applications or cause denial-of-service conditions. The issues affect the Anti-Virus engine with versions prior to 'arclib' 8.1.4.0. Computer Associates is the world's leading security vendor, products include a variety of anti-virus software and backup recovery systems. CA20091008-01: Security Notice for CA Anti-Virus Engine Issued: October 8, 2009 CA's support is alerting customers to multiple security risks associated with CA Anti-Virus Engine. Vulnerabilities exist in the arclib component that can allow a remote attacker to cause a denial of service, or to cause heap corruption and potentially further compromise a system. CA has issued fixes to address the vulnerabilities. An attacker can create a malformed RAR archive file that results in heap corruption and allows the attacker to cause a denial of service or possibly further compromise the system. An attacker can create a malformed RAR archive file that results in stack corruption and allows the attacker to cause a denial of service. Risk Rating Medium Platform Windows UNIX Linux Solaris Mac OS X Netware Affected Products CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8 CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1 CA Anti-Virus 2007 (v8) CA Anti-Virus 2008 CA Anti-Virus 2009 CA Anti-Virus Plus 2009 eTrust EZ Antivirus r7.1 CA Internet Security Suite 2007 (v3) CA Internet Security Suite 2008 CA Internet Security Suite Plus 2008 CA Internet Security Suite Plus 2009 CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8 CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) 8.1 CA Threat Manager Total Defense CA Gateway Security r8.1 CA Protection Suites r2 CA Protection Suites r3 CA Protection Suites r3.1 CA Secure Content Manager (formerly eTrust Secure Content Manager) 1.1 CA Secure Content Manager (formerly eTrust Secure Content Manager) 8.0 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.0 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.1 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11.1 CA ARCserve Backup r11.5 on Windows CA ARCserve Backup r12 on Windows CA ARCserve Backup r12.0 SP1 on Windows CA ARCserve Backup r12.0 SP 2 on Windows CA ARCserve Backup r12.5 on Windows CA ARCserve Backup r11.1 Linux CA ARCserve Backup r11.5 Linux CA ARCserve for Windows Client Agent CA ARCserve for Windows Server component CA eTrust Intrusion Detection 2.0 SP1 CA eTrust Intrusion Detection 3.0 CA eTrust Intrusion Detection 3.0 SP1 CA Common Services (CCS) r3.1 CA Common Services (CCS) r11 CA Common Services (CCS) r11.1 CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK) CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1 Non-Affected Products CA Anti-Virus engine with arclib version 8.1.4.0 or later installed How to determine if the installation is affected For products on Windows: 1. Using Windows Explorer, locate the file "arclib.dll". By default, the file is located in the "C:\Program Files\CA\SharedComponents\ScanEngine" directory (*). 2. Right click on the file and select Properties. 3. Select the Version tab. 4. If the file version is earlier than indicated below, the installation is vulnerable. File Name File Version arclib.dll 8.1.4.0 *For eTrust Intrusion Detection 2.0, the file is located in "Program Files\eTrust\Intrusion Detection\Common", and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in "Program Files\CA\Intrusion Detection\Common". For CA Anti-Virus r8.1 on non-Windows platforms: Use the compver utility provided on the CD to determine the version of Arclib. If the version is less than 8.1.4.0, the installation is vulnerable. Example compver utility output: ------------------------------------------------ COMPONENT NAME VERSION ------------------------------------------------ eTrust Antivirus Arclib Archive Library 8.1.4.0 ... (followed by other components) For reference, the following are file names for arclib on non-Windows operating systems: Operating System File name Solaris libarclib.so Linux libarclib.so Mac OS X arclib.bundle Solution CA released arclib 8.1.4.0 on August 12 2009. If your product is configured for automatic updates, you should already be protected, and you need to take no action. If your product is not configured for automatic updates, then you simply need to run the update utility included with your product. CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.0: apply fix # RO11964. CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.1: apply fix # RO11964. CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11: apply fix # RO11964. CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11.1: apply fix # RO11964. CA Common Services (CCS) r3.1: apply fix # RO11954. CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 32bit: apply fix # RO10663. CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 IA64: apply fix # RO10664. CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 AMD64: apply fix # RO10665. CA Secure Content Manager (formerly eTrust Secure Content Manager) r1.1: apply fix # RO10999. CA Secure Content Manager (formerly eTrust Secure Content Manager) r8.0: apply fix # RO10999. CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1: apply fix # RO11000. CA Gateway Security r8.1: RO10999. CA ARCserve for Windows Server component installed on a 64 bit machine: apply fixes # RO10663 and RO10664 (IA64) or RO10665 (AMD64). CA ARCserve for Windows Server component installed on a 32 bit machine: apply fix # RO10663. CA ARCserve for Windows Client Agent installed on a 64 bit machine: apply fix # RO10664 (IA64) or RO10665 (AMD64). CA ARCserve for Windows Client Agent installed on a 32 bit machine: apply fix # RO10663. CA ARCserve for Linux Server r11.5: apply fix # RO10729. CA ARCserve for Linux: 1. Download RO10729.tar.Z from RO10729 into a temporary location /tmp/RO10729 2. Uncompress and untar RO10729.tar.Z as follows: uncompress RO10729.tar.Z tar -xvf RO10729.tar The new "libarclib.so" will be extracted to /tmp/RO10729 3. Change the directory to $CAIGLBL0000/ino/config as follows: cd $CAIGLBL0000/ino/config 4. Rename "libarclib.so" to "libarclib.so.RO10729" as follows: mv libarclib.so libarclib.so.RO10729 5. Copy the new libarclib.so as follows: cp /tmp/RO10729/libarclib.so $CAIGLBL0000/ino/config/ 6. chmod +x $CAIGLBL0000/ino/config/libarclib.so 7. Stop the common agent (caagent stop) 8. Change the directory to ARCserve common agent directory (typically /opt/CA/BABcmagt) cd /opt/CA/BABcmagt Note: To find out the agent home directory run the following command: dirname 'ls -l /usr/bin/caagent |cut -f2 -d">"' 9. Save a copy of libarclib.so cp -p libarclib.so libarclib.so.RO10729 10. Copy over the new libarclib.so as follows: cp $/tmp/RO10729/libarclib.so. 11. Start the common agent (caagent start) 12. Repeat steps (7-11) on all remote Linux client agents' installations. 13. rm -rf /tmp/RO10729 Workaround Do not open email attachments or download files from untrusted sources. If additional information is required, please contact CA Support at http://support.ca.com/. If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782 Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: CA Anti-Virus Engine RAR Processing Two Vulnerabilities SECUNIA ADVISORY ID: SA36976 VERIFY ADVISORY: http://secunia.com/advisories/36976/ DESCRIPTION: Two vulnerabilities have been reported in multiple CA products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. Successful exploitation may allow execution of arbitrary code. Please see the vendor's advisory for detailed instructions on applying patches. PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller. ORIGINAL ADVISORY: CA20091008-01: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Background ~~~~~~~~~~~~~ Quote: "CA is one of the world's largest IT management software providers. We serve more than 99% of Fortune 1000 companies, as well as government entities, educational institutions and thousands of other companies in diverse industries worldwide" "CA Anti-Virus for the Enterprise is the next generation in comprehensive anti-virus security for business PCs, servers and PDAs. It combines proactive protection against malware with new, powerful management features that stop and remove malicious code before it enters your network, reducing system downtime" II. Attacker has control over EBX : Basic Block: 6e4305b0 mov cl,byte ptr [ebx] Tainted Input Operands: ebx 6e4305b2 add edi,28h 6e4305b5 push edi 6e4305b6 lea edx,[esp+14h] 6e4305ba mov byte ptr [esp+14h],cl Tainted Input Operands: cl 6e4305be inc ebx Tainted Input Operands: ebx 6e4305bf push edx 6e4305c0 mov ecx,esi 6e4305c2 mov dword ptr [esp+1ch],ebx Tainted Input Operands: ebx 6e4305c6 call arclib!arctkopenarchive+0x283a0 (6e42f9f0) III. Due to the nature of Anti-virus products, the attack vectors can be near endless. An attack could be done over the way of an E-mail message carrying an RAR attachment (of a file recognised as being RAR), USB, CD, Network data etc. Please note that this is a general problem and not exclusive to Computer Associates. IV. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD.MM.YYYY 11.05.2009 - Reported CVE-2009-3587 03.06.2009 - Reported CVE-2009-3588 09.10.2009 - CA releases advisory https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 13.10.2009 - G-SEC releases advisory

Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588. This vulnerability CVE-2009-3588 Is a different vulnerability.Skillfully crafted by a third party RAR Service disruption via archive files (DoS) Could be put into a state or execute arbitrary code. Multiple Computer Associates products are prone to memory-corruption vulnerabilities that affect the Anti-Virus engine. An attacker can exploit these issues to execute arbitrary code in the context of the affected applications or cause denial-of-service conditions. The issues affect the Anti-Virus engine with versions prior to 'arclib' 8.1.4.0. Computer Associates is the world's leading security vendor, products include a variety of anti-virus software and backup recovery systems. CA20091008-01: Security Notice for CA Anti-Virus Engine Issued: October 8, 2009 CA's support is alerting customers to multiple security risks associated with CA Anti-Virus Engine. Vulnerabilities exist in the arclib component that can allow a remote attacker to cause a denial of service, or to cause heap corruption and potentially further compromise a system. CA has issued fixes to address the vulnerabilities. An attacker can create a malformed RAR archive file that results in heap corruption and allows the attacker to cause a denial of service or possibly further compromise the system. An attacker can create a malformed RAR archive file that results in stack corruption and allows the attacker to cause a denial of service. Risk Rating Medium Platform Windows UNIX Linux Solaris Mac OS X Netware Affected Products CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8 CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1 CA Anti-Virus 2007 (v8) CA Anti-Virus 2008 CA Anti-Virus 2009 CA Anti-Virus Plus 2009 eTrust EZ Antivirus r7.1 CA Internet Security Suite 2007 (v3) CA Internet Security Suite 2008 CA Internet Security Suite Plus 2008 CA Internet Security Suite Plus 2009 CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8 CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) 8.1 CA Threat Manager Total Defense CA Gateway Security r8.1 CA Protection Suites r2 CA Protection Suites r3 CA Protection Suites r3.1 CA Secure Content Manager (formerly eTrust Secure Content Manager) 1.1 CA Secure Content Manager (formerly eTrust Secure Content Manager) 8.0 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.0 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.1 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11.1 CA ARCserve Backup r11.5 on Windows CA ARCserve Backup r12 on Windows CA ARCserve Backup r12.0 SP1 on Windows CA ARCserve Backup r12.0 SP 2 on Windows CA ARCserve Backup r12.5 on Windows CA ARCserve Backup r11.1 Linux CA ARCserve Backup r11.5 Linux CA ARCserve for Windows Client Agent CA ARCserve for Windows Server component CA eTrust Intrusion Detection 2.0 SP1 CA eTrust Intrusion Detection 3.0 CA eTrust Intrusion Detection 3.0 SP1 CA Common Services (CCS) r3.1 CA Common Services (CCS) r11 CA Common Services (CCS) r11.1 CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK) CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1 Non-Affected Products CA Anti-Virus engine with arclib version 8.1.4.0 or later installed How to determine if the installation is affected For products on Windows: 1. Using Windows Explorer, locate the file "arclib.dll". By default, the file is located in the "C:\Program Files\CA\SharedComponents\ScanEngine" directory (*). 2. Right click on the file and select Properties. 3. Select the Version tab. 4. If the file version is earlier than indicated below, the installation is vulnerable. File Name File Version arclib.dll 8.1.4.0 *For eTrust Intrusion Detection 2.0, the file is located in "Program Files\eTrust\Intrusion Detection\Common", and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in "Program Files\CA\Intrusion Detection\Common". For CA Anti-Virus r8.1 on non-Windows platforms: Use the compver utility provided on the CD to determine the version of Arclib. If the version is less than 8.1.4.0, the installation is vulnerable. Example compver utility output: ------------------------------------------------ COMPONENT NAME VERSION ------------------------------------------------ eTrust Antivirus Arclib Archive Library 8.1.4.0 ... (followed by other components) For reference, the following are file names for arclib on non-Windows operating systems: Operating System File name Solaris libarclib.so Linux libarclib.so Mac OS X arclib.bundle Solution CA released arclib 8.1.4.0 on August 12 2009. If your product is configured for automatic updates, you should already be protected, and you need to take no action. If your product is not configured for automatic updates, then you simply need to run the update utility included with your product. CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.0: apply fix # RO11964. CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.1: apply fix # RO11964. CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11: apply fix # RO11964. CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11.1: apply fix # RO11964. CA Common Services (CCS) r3.1: apply fix # RO11954. CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 32bit: apply fix # RO10663. CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 IA64: apply fix # RO10664. CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 AMD64: apply fix # RO10665. CA Secure Content Manager (formerly eTrust Secure Content Manager) r1.1: apply fix # RO10999. CA Secure Content Manager (formerly eTrust Secure Content Manager) r8.0: apply fix # RO10999. CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1: apply fix # RO11000. CA Gateway Security r8.1: RO10999. CA ARCserve for Windows Server component installed on a 64 bit machine: apply fixes # RO10663 and RO10664 (IA64) or RO10665 (AMD64). CA ARCserve for Windows Server component installed on a 32 bit machine: apply fix # RO10663. CA ARCserve for Windows Client Agent installed on a 64 bit machine: apply fix # RO10664 (IA64) or RO10665 (AMD64). CA ARCserve for Windows Client Agent installed on a 32 bit machine: apply fix # RO10663. CA ARCserve for Linux Server r11.5: apply fix # RO10729. CA ARCserve for Linux: 1. Download RO10729.tar.Z from RO10729 into a temporary location /tmp/RO10729 2. Uncompress and untar RO10729.tar.Z as follows: uncompress RO10729.tar.Z tar -xvf RO10729.tar The new "libarclib.so" will be extracted to /tmp/RO10729 3. Change the directory to $CAIGLBL0000/ino/config as follows: cd $CAIGLBL0000/ino/config 4. Rename "libarclib.so" to "libarclib.so.RO10729" as follows: mv libarclib.so libarclib.so.RO10729 5. Copy the new libarclib.so as follows: cp /tmp/RO10729/libarclib.so $CAIGLBL0000/ino/config/ 6. chmod +x $CAIGLBL0000/ino/config/libarclib.so 7. Stop the common agent (caagent stop) 8. Change the directory to ARCserve common agent directory (typically /opt/CA/BABcmagt) cd /opt/CA/BABcmagt Note: To find out the agent home directory run the following command: dirname 'ls -l /usr/bin/caagent |cut -f2 -d">"' 9. Save a copy of libarclib.so cp -p libarclib.so libarclib.so.RO10729 10. Copy over the new libarclib.so as follows: cp $/tmp/RO10729/libarclib.so. 11. Start the common agent (caagent start) 12. Repeat steps (7-11) on all remote Linux client agents' installations. 13. rm -rf /tmp/RO10729 Workaround Do not open email attachments or download files from untrusted sources. If additional information is required, please contact CA Support at http://support.ca.com/. If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782 Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: CA Anti-Virus Engine RAR Processing Two Vulnerabilities SECUNIA ADVISORY ID: SA36976 VERIFY ADVISORY: http://secunia.com/advisories/36976/ DESCRIPTION: Two vulnerabilities have been reported in multiple CA products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. Successful exploitation may allow execution of arbitrary code. Please see the vendor's advisory for detailed instructions on applying patches. PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller. ORIGINAL ADVISORY: CA20091008-01: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Background ~~~~~~~~~~~~~ Quote: "CA is one of the world's largest IT management software providers. We serve more than 99% of Fortune 1000 companies, as well as government entities, educational institutions and thousands of other companies in diverse industries worldwide" "CA Anti-Virus for the Enterprise is the next generation in comprehensive anti-virus security for business PCs, servers and PDAs. It combines proactive protection against malware with new, powerful management features that stop and remove malicious code before it enters your network, reducing system downtime" II. Attacker has control over EBX : Basic Block: 6e4305b0 mov cl,byte ptr [ebx] Tainted Input Operands: ebx 6e4305b2 add edi,28h 6e4305b5 push edi 6e4305b6 lea edx,[esp+14h] 6e4305ba mov byte ptr [esp+14h],cl Tainted Input Operands: cl 6e4305be inc ebx Tainted Input Operands: ebx 6e4305bf push edx 6e4305c0 mov ecx,esi 6e4305c2 mov dword ptr [esp+1ch],ebx Tainted Input Operands: ebx 6e4305c6 call arclib!arctkopenarchive+0x283a0 (6e42f9f0) III. Due to the nature of Anti-virus products, the attack vectors can be near endless. An attack could be done over the way of an E-mail message carrying an RAR attachment (of a file recognised as being RAR), USB, CD, Network data etc. Please note that this is a general problem and not exclusive to Computer Associates. IV. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD.MM.YYYY 11.05.2009 - Reported CVE-2009-3587 03.06.2009 - Reported CVE-2009-3588 09.10.2009 - CA releases advisory https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 13.10.2009 - G-SEC releases advisory

Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command. Serv-U is prone to a denial-of-service vulnerability. An unspecified error in the Boost module can be exploited to create new directories in the webroot directory of the web server. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Serv-U "SITE SET TRANSFERPROGRESS ON" Denial of Service SECUNIA ADVISORY ID: SA36873 VERIFY ADVISORY: http://secunia.com/advisories/36873/ DESCRIPTION: A vulnerability has been reported in Serv-U, which can be exploited by malicious users to cause a DoS (Denial of Service). Successful exploitation requires valid user credentials and that "SITE SET" commands are enabled. The vulnerability is reported in Serv-U versions 7.0.0.1 through 8.2.0.3. SOLUTION: Fixed in version 9.0.0.1. Disable the "SITE SET" command. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. Multiple IBM Informix products are prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects the following: IBM Informix Client Software Development Kit (CSDK) 3.5 IBM Informix Connect 3.x Other products that use the Setnet32 3.50.0.13752 utility may also be vulnerable. Sun VirtualBox is prone to a local privilege-escalation vulnerability. Successful exploits will completely compromise affected computers. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: IBM Informix Products Setnet32 Utility ".nfx" Processing Buffer Overflow SECUNIA ADVISORY ID: SA36949 VERIFY ADVISORY: http://secunia.com/advisories/36949/ DESCRIPTION: bruiser has discovered a vulnerability in IBM Informix Client Software Development Kit (CSDK) and IBM Informix Connect, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the processing of ".nfx" files. This can be exploited to cause a stack-based buffer overflow when an ".nfx" file having e.g. an overly long "HostList" entry is opened. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in setnet32.exe version 3.50.0.13752 included in IBM Informix CSDK version 3.50. Other versions may also be affected. SOLUTION: Do not open untrusted ".nfx" files. PROVIDED AND/OR DISCOVERED BY: Nine:Situations:Group::bruiser ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_ibm_setnet32.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . SOLUTION: Update to version 3.0.8. PROVIDED AND/OR DISCOVERED BY: The vendor credits Thomas Biege of SUSE Linux. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201001-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VirtualBox: Multiple vulnerabilities Date: January 13, 2010 Bugs: #288836, #294678 ID: 201001-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in VirtualBox were found, the worst of which allowing for privilege escalation. Background ========== The VirtualBox family provides powerful x86 virtualization products. ------------------------------------------------------------------- Description =========== Thomas Biege of SUSE discovered multiple vulnerabilities: * A shell metacharacter injection in popen() (CVE-2009-3692) and a possible buffer overflow in strncpy() in the VBoxNetAdpCtl configuration tool. * An unspecified vulnerability in VirtualBox Guest Additions (CVE-2009-3940). A guest OS local user could cause a Denial of Service (memory consumption) on the guest OS via unknown vectors. Workaround ========== There is no known workaround at this time. Resolution ========== All users of the binary version of VirtualBox should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-bin-3.0.12" All users of the Open Source version of VirtualBox should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-ose-3.0.12" All users of the binary VirtualBox Guest Additions should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-guest-additions-3.0.12" All users of the Open Source VirtualBox Guest Additions should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-ose-additions-3.0.12" References ========== [ 1 ] CVE-2009-3692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3692 [ 2 ] CVE-2009-3940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3940 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201001-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. VMware Fusion is prone to a denial-of-service vulnerability caused by an unspecified integer-overflow issue. An attacker can exploit this issue to crash the affected system, resulting in denial-of-service conditions. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed. This issue affects versions prior to Fusion 2.0.6 build 196839. Users of the main operating system can use unknown parameters to cause a denial of service attack on the main operating system. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: VMware Fusion Denial of Service and Privilege Escalation SECUNIA ADVISORY ID: SA36928 VERIFY ADVISORY: http://secunia.com/advisories/36928/ DESCRIPTION: Two vulnerabilities have been reported in VMware Fusion, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. The vulnerabilities are reported in version 2.0.5 and prior. SOLUTION: Update to version 2.0.6 build 196839. ORIGINAL ADVISORY: VMSA-2009-0013: http://lists.vmware.com/pipermail/security-announce/2009/000066.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2009-0013 Synopsis: VMware Fusion resolves two security issues Issue date: 2009-10-01 Updated on: 2009-10-01 (initial release of advisory) CVE numbers: CVE-2009-3281 CVE-2009-3282 - ------------------------------------------------------------------------ 1. Relevant releases VMware Fusion 2.0.5 and earlier. 3. Problem Description VMware Fusion is a product that allows you to seamlessly run your favorite Windows applications on any Intel-based Mac. a. Kernel code execution vulnerability An file permission problem in the vmx86 kernel extension allows for executing arbitrary code in the host system kernel context by an unprivileged user on the host system. VMware would like to thank Neil Kettle of Convergent Network Solutions for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3281 to this issue. b. VMware would like to thank Neil Kettle of Convergent Network Solutions for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3282 to this issue. To remediate the above issues update your product using the table below. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x Windows not affected Workstation 6.5.x Linux not affected Player 2.5.x Windows not affected Player 2.5.x Linux not affected ACE 2.5.x any not affected Server any any not affected Fusion any Mac OS/X Fusion 2.0.6 build 196839 ESXi any ESXi not affected ESX any ESX not affected 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Fusion 2.0.6 (for Intel-based Macs): Download including VMware Fusion and a 12 month complimentary subscription to McAfee VirusScan Plus 2009 md5sum: d35490aa8caa92e21339c95c77314b2f sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26 VMware Fusion 2.0.6 (for Intel-based Macs): Download including only VMware Fusion software md5sum: 2e8d39defdffed224c4bab4218cc6659 sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3282 - ------------------------------------------------------------------------ 6. Change log 2009-10-01 VMSA-2009-0013 Initial security advisory after release of Fusion 2.0.6 on 2009-10-01 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFKxYtnS2KysvBH1xkRAgZjAJ9xF6r9OKjHc4iayvPz0VEiLf2T6QCfdglG 7vvN45BLtMo4BuHfCGRGHo4= =y8E6 -----END PGP SIGNATURE-----

The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. VMware Fusion is prone to a privilege-escalation vulnerability caused by an unspecified file-permission problem. An attacker can exploit this issue to run arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers. This issue affects versions prior to Fusion 2.0.6 build 196839. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: VMware Fusion Denial of Service and Privilege Escalation SECUNIA ADVISORY ID: SA36928 VERIFY ADVISORY: http://secunia.com/advisories/36928/ DESCRIPTION: Two vulnerabilities have been reported in VMware Fusion, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. The vulnerabilities are reported in version 2.0.5 and prior. SOLUTION: Update to version 2.0.6 build 196839. ORIGINAL ADVISORY: VMSA-2009-0013: http://lists.vmware.com/pipermail/security-announce/2009/000066.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2009-0013 Synopsis: VMware Fusion resolves two security issues Issue date: 2009-10-01 Updated on: 2009-10-01 (initial release of advisory) CVE numbers: CVE-2009-3281 CVE-2009-3282 - ------------------------------------------------------------------------ 1. Relevant releases VMware Fusion 2.0.5 and earlier. 3. Problem Description VMware Fusion is a product that allows you to seamlessly run your favorite Windows applications on any Intel-based Mac. a. VMware would like to thank Neil Kettle of Convergent Network Solutions for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3281 to this issue. b. Kernel denial of service vulnerability An integer overflow vulnerability in the vmx86 kernel extension allows for a denial of service of the host by an unprivileged user on the host system. VMware would like to thank Neil Kettle of Convergent Network Solutions for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3282 to this issue. To remediate the above issues update your product using the table below. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x Windows not affected Workstation 6.5.x Linux not affected Player 2.5.x Windows not affected Player 2.5.x Linux not affected ACE 2.5.x any not affected Server any any not affected Fusion any Mac OS/X Fusion 2.0.6 build 196839 ESXi any ESXi not affected ESX any ESX not affected 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Fusion 2.0.6 (for Intel-based Macs): Download including VMware Fusion and a 12 month complimentary subscription to McAfee VirusScan Plus 2009 md5sum: d35490aa8caa92e21339c95c77314b2f sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26 VMware Fusion 2.0.6 (for Intel-based Macs): Download including only VMware Fusion software md5sum: 2e8d39defdffed224c4bab4218cc6659 sha1sum: 453d54a2f37b257a0aad17c95843305250c7b6ef 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3282 - ------------------------------------------------------------------------ 6. Change log 2009-10-01 VMSA-2009-0013 Initial security advisory after release of Fusion 2.0.6 on 2009-10-01 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFKxYtnS2KysvBH1xkRAgZjAJ9xF6r9OKjHc4iayvPz0VEiLf2T6QCfdglG 7vvN45BLtMo4BuHfCGRGHo4= =y8E6 -----END PGP SIGNATURE-----

The Linksys WRT54GC is a small wireless router from Cisco. The diagnostics.cgi script of the WRT54GC router failed to properly validate the HTTP request submitted by the user. The remote attacker could inject arbitrary script code or cause a denial of service by including malicious ping_address and raceroute_address parameters in the request. Other attacks are also possible. This issue affects Linksys WRT54GC running firmware 1.01.5 and 1.00.7. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Linksys WRT54GC Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA36921 VERIFY ADVISORY: http://secunia.com/advisories/36921/ DESCRIPTION: VenturoLab Team has reported a vulnerability in Linksys WRT54GC, which can be exploited by malicious people to conduct cross-site request forgery attacks. The diagnostics.cgi script allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. The vulnerability is reported in firmware version 1.01.5 and 1.00.7. Other versions may also be affected. SOLUTION: Do not visit other websites while being logged-in to the Linksys administration interface. PROVIDED AND/OR DISCOVERED BY: VenturoLab Team ORIGINAL ADVISORY: http://venturolab.pl/index.php/2009/09/30/opis-bledu-w-routerze-linksys-wrt54gc/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Linksys WRT54GC is a small wireless router from Cisco.  The diagnostics.cgi script of the WRT54GC router does not properly verify the HTTP request submitted by the user. A remote attacker can inject arbitrary script code or cause a denial of service by including malicious ping_address and raceroute_address parameters in the request.