VARIoT IoT vulnerabilities database
| VAR-200909-0754 | CVE-2009-2807 | CUPS USB backend Local Heap Based Buffer Overflow Vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. CUPS (Common UNIX Printing System) is prone to a local heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Exploiting this issue will allow local attackers to execute arbitrary code with superuser privileges and completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. Local users can gain privileges with the help of unknown vectors. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36701
VERIFY ADVISORY:
http://secunia.com/advisories/36701/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in Alias Manager when processing alias files can be
exploited to cause a buffer overflow and potentially execute
arbitrary code.
2) An error in Resource Manager when processing resource forks can be
exploited to corrupt memory and potentially execute arbitrary code.
3) Multiple vulnerabilities in ClamAV can be exploited to bypass
certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.
For more information:
SA34566
SA34612
4) An integer overflow error exists when processing ColorSync
profiles embedded in images. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted image.
5) An integer overflow error exists in CoreGraphics when processing
JBIG2 streams embedded in PDF files. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted PDF file.
6) An error in CoreGraphics can be exploited to cause a heap-based
buffer overflow potentially execute arbitrary code when drawing long
text strings.
This is related to vulnerability #1 in:
SA36269
7) A NULL-pointer dereference error in CUPS can be exploited to cause
a crash.
9) Multiple vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass security features, gain knowledge of
sensitive information, or compromise a user's system.
For more information:
SA35948
10) Multiple errors exist in ImageIO when processing PixarFilm
encoded TIFF images. These can be exploited to trigger memory
corruptions and potentially execute arbitrary code via specially
crafted TIFF files.
11) An error exists in Launch Services when handling files having a
".fileloc" extension. This can be exploited to potentially execute
arbitrary code by tricking a user into opening a ".fileloc" file.
12) An error exists in Launch Services when handling exported
document types presented when an application is downloaded. This can
be exploited to associate a safe file extension with an unsafe
Uniform Type Identifier (UTI) and execute arbitrary code.
13) An error in MySQL can be exploited by malicious, local users to
bypass certain security restrictions.
For more information:
SA30134
14) Multiple vulnerabilities in PHP have an unknown impact or can
potentially be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).
For more information:
SA34081
15) An error exists in Samba when handling error conditions. This can
be exploited by a user without a configured home directory to access
the contents of the file system by connecting to the Windows File
Sharing service.
16) Input passed in search requests containing non UTF-8 encoded data
to Wiki Server is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
SOLUTION:
Update to Mac OS X v10.6.1 or apply Security Update 2009-005.
Security Update 2009-005 (Tiger PPC):
http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg
Security Update 2009-005 (Tiger Intel):
http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg
Security Update 2009-005 Server (Tiger Univ):
http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg
Security Update 2009-005 Server (Tiger PPC):
http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg
Mac OS X Server v10.6.1 Update:
http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg
Security Update 2009-005 Server (Leopard):
http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg
Security Update 2009-005 (Leopard):
http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg
Mac OS X v10.6.1 Update:
http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg
PROVIDED AND/OR DISCOVERED BY:
1, 2, 4, 8, 10-12, 16) Reported by the vendor.
5) The vendor credits Will Dormann of CERT/CC.
6) The vendor credits Will Drewry of Google.
15) The vendor credits J. David Hester of LCG Systems National
Institutes of Health.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865
OTHER REFERENCES:
SA30134:
http://secunia.com/advisories/30134/
SA34081:
http://secunia.com/advisories/34081/
SA34481:
http://secunia.com/advisories/34481/
SA34566:
http://secunia.com/advisories/34566/
SA34612:
http://secunia.com/advisories/34612/
SA35948:
http://secunia.com/advisories/35948/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0752 | CVE-2009-2814 | Apple Mac OS of Wiki Server Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects Mac OS X Server 10.5.8 and prior.
NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in Alias Manager when processing alias files can be
exploited to cause a buffer overflow and potentially execute
arbitrary code.
2) An error in Resource Manager when processing resource forks can be
exploited to corrupt memory and potentially execute arbitrary code.
3) Multiple vulnerabilities in ClamAV can be exploited to bypass
certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.
For more information:
SA34566
SA34612
4) An integer overflow error exists when processing ColorSync
profiles embedded in images. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted image.
5) An integer overflow error exists in CoreGraphics when processing
JBIG2 streams embedded in PDF files. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted PDF file.
6) An error in CoreGraphics can be exploited to cause a heap-based
buffer overflow potentially execute arbitrary code when drawing long
text strings.
This is related to vulnerability #1 in:
SA36269
7) A NULL-pointer dereference error in CUPS can be exploited to cause
a crash.
For more information see vulnerability #4 in:
SA34481
8) An error in the CUPS USB backend can be exploited to cause a
heap-based buffer overflow and execute arbitrary code with escalated
privileges.
9) Multiple vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass security features, gain knowledge of
sensitive information, or compromise a user's system.
For more information:
SA35948
10) Multiple errors exist in ImageIO when processing PixarFilm
encoded TIFF images. These can be exploited to trigger memory
corruptions and potentially execute arbitrary code via specially
crafted TIFF files.
11) An error exists in Launch Services when handling files having a
".fileloc" extension.
12) An error exists in Launch Services when handling exported
document types presented when an application is downloaded. This can
be exploited to associate a safe file extension with an unsafe
Uniform Type Identifier (UTI) and execute arbitrary code.
13) An error in MySQL can be exploited by malicious, local users to
bypass certain security restrictions.
For more information:
SA30134
14) Multiple vulnerabilities in PHP have an unknown impact or can
potentially be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).
For more information:
SA34081
15) An error exists in Samba when handling error conditions. This can
be exploited by a user without a configured home directory to access
the contents of the file system by connecting to the Windows File
Sharing service.
16) Input passed in search requests containing non UTF-8 encoded data
to Wiki Server is not properly sanitised before being returned to the
user.
Security Update 2009-005 (Tiger PPC):
http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg
Security Update 2009-005 (Tiger Intel):
http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg
Security Update 2009-005 Server (Tiger Univ):
http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg
Security Update 2009-005 Server (Tiger PPC):
http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg
Mac OS X Server v10.6.1 Update:
http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg
Security Update 2009-005 Server (Leopard):
http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg
Security Update 2009-005 (Leopard):
http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg
Mac OS X v10.6.1 Update:
http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg
PROVIDED AND/OR DISCOVERED BY:
1, 2, 4, 8, 10-12, 16) Reported by the vendor.
5) The vendor credits Will Dormann of CERT/CC.
6) The vendor credits Will Drewry of Google.
15) The vendor credits J. David Hester of LCG Systems National
Institutes of Health.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865
OTHER REFERENCES:
SA30134:
http://secunia.com/advisories/30134/
SA34081:
http://secunia.com/advisories/34081/
SA34481:
http://secunia.com/advisories/34481/
SA34566:
http://secunia.com/advisories/34566/
SA34612:
http://secunia.com/advisories/34612/
SA35948:
http://secunia.com/advisories/35948/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0747 | CVE-2009-2803 | Apple Mac OS of CarbonCore Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork. Apple Mac OS X is prone to a memory-corruption vulnerability that affects the CarbonCore component.
Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects the following:
Mac OS X 10.4.11 and prior
Mac OS X Server 10.4.11 and prior
Mac OS X 10.5.8 and prior
Mac OS X Server 10.5.8 and prior
NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36701
VERIFY ADVISORY:
http://secunia.com/advisories/36701/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in Alias Manager when processing alias files can be
exploited to cause a buffer overflow and potentially execute
arbitrary code.
3) Multiple vulnerabilities in ClamAV can be exploited to bypass
certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.
For more information:
SA34566
SA34612
4) An integer overflow error exists when processing ColorSync
profiles embedded in images.
5) An integer overflow error exists in CoreGraphics when processing
JBIG2 streams embedded in PDF files. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted PDF file.
6) An error in CoreGraphics can be exploited to cause a heap-based
buffer overflow potentially execute arbitrary code when drawing long
text strings.
This is related to vulnerability #1 in:
SA36269
7) A NULL-pointer dereference error in CUPS can be exploited to cause
a crash.
For more information see vulnerability #4 in:
SA34481
8) An error in the CUPS USB backend can be exploited to cause a
heap-based buffer overflow and execute arbitrary code with escalated
privileges.
9) Multiple vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass security features, gain knowledge of
sensitive information, or compromise a user's system.
For more information:
SA35948
10) Multiple errors exist in ImageIO when processing PixarFilm
encoded TIFF images. These can be exploited to trigger memory
corruptions and potentially execute arbitrary code via specially
crafted TIFF files.
11) An error exists in Launch Services when handling files having a
".fileloc" extension.
12) An error exists in Launch Services when handling exported
document types presented when an application is downloaded. This can
be exploited to associate a safe file extension with an unsafe
Uniform Type Identifier (UTI) and execute arbitrary code.
13) An error in MySQL can be exploited by malicious, local users to
bypass certain security restrictions.
For more information:
SA30134
14) Multiple vulnerabilities in PHP have an unknown impact or can
potentially be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).
For more information:
SA34081
15) An error exists in Samba when handling error conditions. This can
be exploited by a user without a configured home directory to access
the contents of the file system by connecting to the Windows File
Sharing service.
16) Input passed in search requests containing non UTF-8 encoded data
to Wiki Server is not properly sanitised before being returned to the
user.
Security Update 2009-005 (Tiger PPC):
http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg
Security Update 2009-005 (Tiger Intel):
http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg
Security Update 2009-005 Server (Tiger Univ):
http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg
Security Update 2009-005 Server (Tiger PPC):
http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg
Mac OS X Server v10.6.1 Update:
http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg
Security Update 2009-005 Server (Leopard):
http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg
Security Update 2009-005 (Leopard):
http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg
Mac OS X v10.6.1 Update:
http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg
PROVIDED AND/OR DISCOVERED BY:
1, 2, 4, 8, 10-12, 16) Reported by the vendor.
5) The vendor credits Will Dormann of CERT/CC.
6) The vendor credits Will Drewry of Google.
15) The vendor credits J. David Hester of LCG Systems National
Institutes of Health.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865
OTHER REFERENCES:
SA30134:
http://secunia.com/advisories/30134/
SA34081:
http://secunia.com/advisories/34081/
SA34481:
http://secunia.com/advisories/34481/
SA34566:
http://secunia.com/advisories/34566/
SA34612:
http://secunia.com/advisories/34612/
SA35948:
http://secunia.com/advisories/35948/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0745 | CVE-2009-2812 | Apple Mac OS of Launch Services Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site. Apple Mac OS X is prone to a remote code-execution vulnerability that affects the Launch Services component.
Successful exploits may allow attackers to execute arbitrary code with the privileges of the currently logged-in user.
The following versions are affected:
Mac OS X 10.5.8 and prior
Mac OS X Server 10.5.8 and prior
NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Visiting a malicious website may cause unsafe file types to open automatically. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in Alias Manager when processing alias files can be
exploited to cause a buffer overflow and potentially execute
arbitrary code.
2) An error in Resource Manager when processing resource forks can be
exploited to corrupt memory and potentially execute arbitrary code.
3) Multiple vulnerabilities in ClamAV can be exploited to bypass
certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.
For more information:
SA34566
SA34612
4) An integer overflow error exists when processing ColorSync
profiles embedded in images. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted image.
5) An integer overflow error exists in CoreGraphics when processing
JBIG2 streams embedded in PDF files. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted PDF file.
6) An error in CoreGraphics can be exploited to cause a heap-based
buffer overflow potentially execute arbitrary code when drawing long
text strings.
This is related to vulnerability #1 in:
SA36269
7) A NULL-pointer dereference error in CUPS can be exploited to cause
a crash.
For more information see vulnerability #4 in:
SA34481
8) An error in the CUPS USB backend can be exploited to cause a
heap-based buffer overflow and execute arbitrary code with escalated
privileges.
9) Multiple vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass security features, gain knowledge of
sensitive information, or compromise a user's system.
For more information:
SA35948
10) Multiple errors exist in ImageIO when processing PixarFilm
encoded TIFF images. These can be exploited to trigger memory
corruptions and potentially execute arbitrary code via specially
crafted TIFF files.
11) An error exists in Launch Services when handling files having a
".fileloc" extension.
12) An error exists in Launch Services when handling exported
document types presented when an application is downloaded.
13) An error in MySQL can be exploited by malicious, local users to
bypass certain security restrictions.
For more information:
SA30134
14) Multiple vulnerabilities in PHP have an unknown impact or can
potentially be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).
For more information:
SA34081
15) An error exists in Samba when handling error conditions. This can
be exploited by a user without a configured home directory to access
the contents of the file system by connecting to the Windows File
Sharing service.
16) Input passed in search requests containing non UTF-8 encoded data
to Wiki Server is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
Security Update 2009-005 (Tiger PPC):
http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg
Security Update 2009-005 (Tiger Intel):
http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg
Security Update 2009-005 Server (Tiger Univ):
http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg
Security Update 2009-005 Server (Tiger PPC):
http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg
Mac OS X Server v10.6.1 Update:
http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg
Security Update 2009-005 Server (Leopard):
http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg
Security Update 2009-005 (Leopard):
http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg
Mac OS X v10.6.1 Update:
http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg
PROVIDED AND/OR DISCOVERED BY:
1, 2, 4, 8, 10-12, 16) Reported by the vendor.
5) The vendor credits Will Dormann of CERT/CC.
6) The vendor credits Will Drewry of Google.
15) The vendor credits J. David Hester of LCG Systems National
Institutes of Health.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865
OTHER REFERENCES:
SA30134:
http://secunia.com/advisories/30134/
SA34081:
http://secunia.com/advisories/34081/
SA34481:
http://secunia.com/advisories/34481/
SA34566:
http://secunia.com/advisories/34566/
SA34612:
http://secunia.com/advisories/34612/
SA35948:
http://secunia.com/advisories/35948/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201004-0011 | CVE-2009-4777 | GIF File Processing Denial of Service Vulnerability in Multiple JP1 Products |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file.". Hitachi JP1 / Cm2 / Hierarchical is a middleware platform software. Hitachi JP1 / Automatic Job Management System 2-View, JP1 / Integrated Management-View, and multiple versions of JP1 / Cm2 / SNMP System Observer have unknown vulnerabilities. Remote attackers can trigger rejection by displaying "Invalid GIF file". Service (& ldquo; Exception & rdquo; Termination). Multiple Hitachi products are prone to a denial-of-service vulnerability caused by an unspecified error.
Attackers can exploit this issue to terminate the affected applications, causing a denial-of-service condition.
Affected products include the following:
JP1/Automatic Job Management System 2 - View
JP1/Integrated Management - View
JP1/Cm2/SNMP System Observer
For the full list of affected products, please see the referenced vendor advisory. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
SOLUTION:
Update to a fixed version. Please see the vendor's advisory for
details.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-016/index.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0490 | CVE-2009-3169 | Hitachi JP1/File Transmission Server/FTP Multiple Unspecified Vulnerabilities |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors.
Very few technical details are currently available. We will update this BID as more information emerges.
An attacker can leverage these issues to execute arbitrary commands within the context of the vulnerable application and compromise the computer. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Hitachi JP1/File Transmission Server/FTP Unspecified Vulnerabilities
SECUNIA ADVISORY ID:
SA36645
VERIFY ADVISORY:
http://secunia.com/advisories/36645/
DESCRIPTION:
Some vulnerabilities have been reported in Hitachi JP1/File
Transmission Server/FTP, which can be exploited by malicious people
to compromise a vulnerable system.
SOLUTION:
Update to a fixed version. Please see the vendor's advisory for
details.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Hitachi:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-015/index.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201004-0010 | CVE-2009-4776 | Multiple Hitachi products vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794. For several Hitachi products, GIF A buffer overflow vulnerability exists due to a flaw in handling images.The details may be affected by a third party. Multiple Hitachi products, including Cosminexus, Processing Kit for XML, and Hitachi Developer's Kit for Java, are prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Hitachi Products GIF Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA36622
VERIFY ADVISORY:
http://secunia.com/advisories/36622/
DESCRIPTION:
A vulnerability has been reported in multiple Hitachi products, which
can be exploited by malicious people to potentially compromise a
vulnerable system.
Please see the vendor's advisory for a full list of affected
products.
SOLUTION:
Update to a fixed version. See vendor advisory for details.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Hitachi:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/index.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0364 | CVE-2009-2795 | Apple iPhone OS Recovery mode component buffer overflow vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing.". Apple iPhone and iPod touch are prone to a heap-based buffer-overflow vulnerability.
An attacker can exploit this issue to bypass the required passcode and gain access to sensitive information.
This issue affects the following products:
iPhone OS 1.0 through 3.0.1
iPhone OS for iPod touch 1.1 through 3.0
This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. Disclosing sensitive information or completely hacking a user's system. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
1) An error in CoreAudio when processing sample size table entries
of AAC and MP3 files can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
2) An error in Exchange Support exists due to the "Require Passcode"
setting not being affected by the "Maximum inactivity time lock"
setting. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
5) A NULL pointer dereference error within the handling of SMS
arrival notifications can be exploited to cause a service
interruption.
6) An error in the handling of passwords in UIKit can be exploited by
a person with physical access to a device to disclose a password.
7) Safari includes the user name and password in the "Referer"
header, which can lead to the exposure of sensitive information.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information:
SA35758
9) A vulnerability in WebKit can be exploited by malicious people to
conduct spoofing attacks.
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0365 | CVE-2009-2796 | Apple iPhone OS of UIKit Information disclosure vulnerability in components |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. Apple iPhone and iPod touch are prone to an information-disclosure vulnerability in the UIKit component.
Successful exploits may allow attackers with physical access to an affected device to obtain password data. Information harvested may aid in launching further attacks.
This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it.
This issue affects the following:
iPhone OS 1.0 through 3.0.1
iPhone OS for iPod touch 1.1 through 3.0. lead to intrusion into the user's system. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
1) An error in CoreAudio when processing sample size table entries
of AAC and MP3 files can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
2) An error in Exchange Support exists due to the "Require Passcode"
setting not being affected by the "Maximum inactivity time lock"
setting. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
5) A NULL pointer dereference error within the handling of SMS
arrival notifications can be exploited to cause a service
interruption.
7) Safari includes the user name and password in the "Referer"
header, which can lead to the exposure of sensitive information.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information:
SA35758
9) A vulnerability in WebKit can be exploited by malicious people to
conduct spoofing attacks.
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0323 | CVE-2009-2799 | Apple QuickTime of H.264 Video file processing heap-based buffer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists during the parsing of samples from a malformed MOV file utilizing the H.264 codec. While parsing data to render the stream, the application will mistrust a length that is used to initialize a heap chunk that was allocated in a header. If the length is larger than the size of the chunk allocated, then a memory corruption will occur leading to code execution under the context of the currently logged in user.
These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. ZDI-09-063: Apple QuickTime H.264 Nal Unit Length Heap Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-063
September 10, 2009
-- CVE ID:
CVE-2009-2799
-- Affected Vendors:
Apple
-- Affected Products:
Apple Quicktime
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8435.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT3859
-- Disclosure Timeline:
2009-07-28 - Vulnerability reported to vendor
2009-09-10 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
* Damian Put
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
| VAR-200909-0322 | CVE-2009-2798 | Apple QuickTime of FlashPix Heap-based buffer overflow vulnerability in file handling |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. Apple QuickTime Is FlashPix Arbitrary code is executed or service operation is interrupted due to incomplete processing (DoS) There is a vulnerability that becomes a condition.Arbitrary code is executed by a third party or service operation is interrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists during the parsing of malformed FlashPix (.fpx) files. While parsing the SectorShift and cSectFat fields from the header, the application will multiply 2 user-controlled 32-bit values and utilize this for an allocation. If the result of the multiplication is greater than 32bits, the application will allocate an undersized heap chunk.
These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files.
Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. ZDI-09-064: Apple QuickTime FlashPix Sector Size Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-064
September 10, 2009
-- CVE ID:
CVE-2009-2798
-- Affected Vendors:
Apple
-- Affected Products:
Apple Quicktime
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8414.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT3859
-- Disclosure Timeline:
2009-07-28 - Vulnerability reported to vendor
2009-09-10 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Damian Put
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
| VAR-200909-0363 | CVE-2009-2794 | Apple iPhone OS of Exchange In support components Microsoft Exchange Vulnerability that can bypass restrictions |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. Apple iPhone and iPod touch are prone to a security-bypass vulnerability.
Successfully exploiting these issues may allow attackers to bypass security restrictions, which may aid in further attacks.
This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it.
This issue affects the following:
iPhone OS 1.0 through 3.0.1
iPhone OS for iPod touch 1.1 through 3.0. iPhone OS allows communication through services provided by Microsoft Exchange Server. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
1) An error in CoreAudio when processing sample size table entries
of AAC and MP3 files can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search. This can be exploited by malicious
people with physical access to the device to disclose potentially
sensitive information.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
5) A NULL pointer dereference error within the handling of SMS
arrival notifications can be exploited to cause a service
interruption.
6) An error in the handling of passwords in UIKit can be exploited by
a person with physical access to a device to disclose a password.
7) Safari includes the user name and password in the "Referer"
header, which can lead to the exposure of sensitive information.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information:
SA35758
9) A vulnerability in WebKit can be exploited by malicious people to
conduct spoofing attacks.
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0309 | CVE-2009-2205 | Mac OS X for Java of Java Web Start Command launcher buffer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Java 1.4 is prone to a denial-of-service vulnerability
| VAR-200909-0308 | CVE-2009-2203 | Apple QuickTime Vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file.
These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files.
Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. There is a buffer overflow vulnerability in QuickTime versions before 7.6.4 when processing MPEG-4 video files
| VAR-200909-0320 | CVE-2009-2815 | Apple iPhone OS of Telephony Service disruption in components (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. Apple iPhone is prone to a NULL-pointer dereference vulnerability.
Successful exploits may allow attackers to cause the affected service to become unresponsive.
This issue affects iPhone OS 1.0 through 3.0.1.
This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
1) An error in CoreAudio when processing sample size table entries
of AAC and MP3 files can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
2) An error in Exchange Support exists due to the "Require Passcode"
setting not being affected by the "Maximum inactivity time lock"
setting. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search. This can be exploited by malicious
people with physical access to the device to disclose potentially
sensitive information.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
6) An error in the handling of passwords in UIKit can be exploited by
a person with physical access to a device to disclose a password.
7) Safari includes the user name and password in the "Referer"
header, which can lead to the exposure of sensitive information.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information:
SA35758
9) A vulnerability in WebKit can be exploited by malicious people to
conduct spoofing attacks.
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0307 | CVE-2009-2202 | Apple QuickTime Vulnerabilities in arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file.
These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. QuickTime versions before 7.6.4 have a memory corruption vulnerability when processing H.264 movie files
| VAR-200909-0311 | CVE-2009-2207 | Apple iPhone OS of MobileMail Vulnerabilities that can capture important information in components |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages. Apple iPhone and iPod touch are prone to an access-validation vulnerability.
An attacker can exploit this issue to bypass certain security restrictions to obtain sensitive information that may lead to further attacks.
This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it.
iPhone OS 1.0 through 3.0.1
iPhone OS for iPod touch 1.1 through 3.0. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
1) An error in CoreAudio when processing sample size table entries
of AAC and MP3 files can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
2) An error in Exchange Support exists due to the "Require Passcode"
setting not being affected by the "Maximum inactivity time lock"
setting. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search. This can be exploited by malicious
people with physical access to the device to disclose potentially
sensitive information.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
5) A NULL pointer dereference error within the handling of SMS
arrival notifications can be exploited to cause a service
interruption.
6) An error in the handling of passwords in UIKit can be exploited by
a person with physical access to a device to disclose a password.
7) Safari includes the user name and password in the "Referer"
header, which can lead to the exposure of sensitive information.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information:
SA35758
9) A vulnerability in WebKit can be exploited by malicious people to
conduct spoofing attacks.
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0321 | CVE-2009-2797 | Apple iPhone OS of WebKit Information disclosure vulnerability in components |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. Apple iPhone and iPod touch are prone to an information-disclosure vulnerability in the Safari browser.
Successful exploits may allow attackers to obtain username and password data from URI referer headers on linked sites. Information harvested may aid in launching further attacks.
This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it.
This issue affects the following:
iPhone OS 1.0 through 3.0.1
iPhone OS for iPod touch 1.1 through 3.0. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:039
http://www.mandriva.com/security/
_______________________________________________________________________
Package : webkit
Date : March 2, 2011
Affected: 2010.1
_______________________________________________________________________
Problem Description:
Multiple cross-site scripting, denial of service and arbitrary code
execution security flaws were discovered in webkit.
Please consult the CVE web links for further information.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm
054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm
bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm
a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm
3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm
50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm
625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm
8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm
690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm
7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm
2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm
475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm
b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm
97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm
8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL
Yv/ButpYAcXsmnJWUG4ayxQ=
=GRM6
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
----------------------------------------------------------------------
TITLE:
Ubuntu update for webkit
SECUNIA ADVISORY ID:
SA41856
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41856/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41856
RELEASE DATE:
2010-10-21
DISCUSS ADVISORY:
http://secunia.com/advisories/41856/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41856/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41856
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Ubuntu has issued an update for webkit.
For more information:
SA36677
SA37346
SA37769
SA37931
SA38545
SA38932
SA39091
SA39651
SA40105
SA40196
SA40479
SA40664
SA41014
SA41085
SA41242
SA41328
SOLUTION:
Apply updated packages. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
1) An error in CoreAudio when processing sample size table entries
of AAC and MP3 files can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
2) An error in Exchange Support exists due to the "Require Passcode"
setting not being affected by the "Maximum inactivity time lock"
setting. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search. This can be exploited by malicious
people with physical access to the device to disclose potentially
sensitive information.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
5) A NULL pointer dereference error within the handling of SMS
arrival notifications can be exploited to cause a service
interruption.
6) An error in the handling of passwords in UIKit can be exploited by
a person with physical access to a device to disclose a password.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information:
SA35758
9) A vulnerability in WebKit can be exploited by malicious people to
conduct spoofing attacks.
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)
| VAR-200909-0310 | CVE-2009-2206 | Apple iPhone OS of CoreAudio Component buffer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table. Apple iPhone and iPod touch are prone to a heap-based buffer-overflow vulnerability.
Successful exploits may allow an attacker to execute arbitrary code on a vulnerable device. Failed attacks will cause denial-of-service conditions.
This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it.
This issue affects the following:
iPhone OS 1.0 through 3.0.1
iPhone OS for iPod touch 1.1 through 3.0. Apple iPhone is a smart phone of Apple (Apple). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: Apple iPhone OS AudioCodecs Heap Buffer Overflow
Advisory ID: TKADV2009-007
Revision: 1.0
Release Date: 2009/09/09
Last Modified: 2009/09/09
Date Reported: 2009/04/05
Author: Tobias Klein (tk at trapkit.de)
Affected Software: iPhone OS 1.0 through 3.0.1
iPhone OS for iPod touch 1.1 through 3.0
Remotely Exploitable: Yes
Locally Exploitable: No
Vendor URL: http://www.apple.com/
Vendor Status: Vendor has released an updated version
CVE-ID: CVE-2009-2206
Patch development time: 158 days
======================
Vulnerability Details:
======================
The iPhone OS AudioCodecs library contains a heap buffer overflow
vulnerability while parsing maliciously crafted AAC or MP3 files.
One attack vector are iPhone ringtones with malformed sample size table
entries. It was successfully tested that iTunes uploads such malformed
ringtones to the phone.
==================
Technical Details:
==================
Vulnerable library:
/System/Library/Frameworks/AudioToolbox.framework/AudioCodecs
Vulnerable function:
ACTransformerCodec::AppendInputData()
Disassembly of the vulnerable function:
[..]
__text:3314443C LDR R3, [R5,#0xA8]
__text:33144440 LDR R2, [R5,#0xA4]
__text:33144444 ADD R3, R3, #1
__text:33144448 ADD R2, fp, R2
__text:3314444C STR R3, [R5,#0xA8]
__text:33144450 MOV R3, #0
__text:33144454 STMIA IP, {R2,R3} [1]
__text:33144458 MOV R3, #0
__text:3314445C STR R3, [IP,#8] [2]
__text:33144460 LDR R3, [SP,#0x4C+sample_size] [3]
__text:33144464 STR R3, [IP,#0xC] [4]
__text:33144468 ADD IP, IP, #0x10 [5]
[..]
[1] The values of R2 and R3 are stored into the heap buffer pointed to by
IP (R12). R2 contains user controlled data.
[2] The value of R3 gets copied into the heap buffer.
[3] R3 is filled with user controlled data from the audio file.
[4] The user controlled data of R3 gets copied into the heap buffer.
[5] The index into the heap buffer (pointed to by IP) gets incremented.
This code snippet gets executed in a loop. As there is no bounds checking
of the heap buffer pointed to by IP (R12) it is possible to cause an out of
bounds write (heap buffer overflow).
====================
Disclosure Timeline:
====================
2009/04/05 - Apple Product Security Team notified
2009/04/05 - Received an automated response message
2009/04/07 - Reply from Apple
2009/06/05 - Status update request sent to Apple
2009/06/05 - Apple confirms the vulnerability
2009/08/17 - Status update by Apple
2009/09/05 - Status update by Apple
2009/09/09 - New iPhone OS released by Apple
2009/09/09 - Release date of this security advisory
========
Credits:
========
Vulnerability found and advisory written by Tobias Klein.
===========
References:
===========
[REF1] http://support.apple.com/kb/HT3860
[REF2] http://www.trapkit.de/advisories/TKADV2009-007.txt
========
Changes:
========
Revision 0.1 - Initial draft release to the vendor
Revision 1.0 - Public release
===========
Disclaimer:
===========
The information within this advisory may change without notice. Use
of this information constitutes acceptance for use in an AS IS
condition. There are no warranties, implied or express, with regard
to this information. In no event shall the author be liable for any
direct or indirect damages whatsoever arising out of or in connection
with the use or spread of this information. Any use of this
information is at the user's own risk.
==================
PGP Signature Key:
==================
http://www.trapkit.de/advisories/tk-advisories-signature-key.asc
Copyright 2009 Tobias Klein. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: PGP
Charset: utf-8
wj8DBQFKqB4rkXxgcAIbhEERAik4AKD5gWG/GvB9bLQojJpaLhTVlfpj4gCfSJ9i
nVSlzUd5NozllFGeI5rCboc=
=B2cm
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
2) An error in Exchange Support exists due to the "Require Passcode"
setting not being affected by the "Maximum inactivity time lock"
setting. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search. This can be exploited by malicious
people with physical access to the device to disclose potentially
sensitive information.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
5) A NULL pointer dereference error within the handling of SMS
arrival notifications can be exploited to cause a service
interruption.
6) An error in the handling of passwords in UIKit can be exploited by
a person with physical access to a device to disclose a password.
7) Safari includes the user name and password in the "Referer"
header, which can lead to the exposure of sensitive information.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information:
SA35758
9) A vulnerability in WebKit can be exploited by malicious people to
conduct spoofing attacks.
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0581 | No CVE | Novell eDirectory HTTP GET Request Unicode String Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Novell eDirectory is a cross-platform directory server. If a remote attacker submits a specially crafted HTTP request containing a large number of Unicode strings to the port 8028 of the eDirectory server (the default port of the Dhost Http Server), it will exhaust 100% of the CPU resources. Novell eDirectory is prone to a denial-of-service vulnerability.
Remote attackers can exploit this issue to consume an excessive amount of resources, denying service to legitimate users.
Novell eDirectory 8.8 SP5 is vulnerable; other versions may also be affected