VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-200909-0754 CVE-2009-2807 CUPS USB backend Local Heap Based Buffer Overflow Vulnerability CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. CUPS (Common UNIX Printing System) is prone to a local heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Exploiting this issue will allow local attackers to execute arbitrary code with superuser privileges and completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. Local users can gain privileges with the help of unknown vectors. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36701 VERIFY ADVISORY: http://secunia.com/advisories/36701/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted image. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF file. 6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. This can be exploited to potentially execute arbitrary code by tricking a user into opening a ".fileloc" file. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to Mac OS X v10.6.1 or apply Security Update 2009-005. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200909-0752 CVE-2009-2814 Apple Mac OS of Wiki Server Vulnerable to cross-site scripting CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects Mac OS X Server 10.5.8 and prior. NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted image. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF file. 6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. For more information see vulnerability #4 in: SA34481 8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200909-0747 CVE-2009-2803 Apple Mac OS of CarbonCore Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork. Apple Mac OS X is prone to a memory-corruption vulnerability that affects the CarbonCore component. Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. This issue affects the following: Mac OS X 10.4.11 and prior Mac OS X Server 10.4.11 and prior Mac OS X 10.5.8 and prior Mac OS X Server 10.5.8 and prior NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36701 VERIFY ADVISORY: http://secunia.com/advisories/36701/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF file. 6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. For more information see vulnerability #4 in: SA34481 8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. This can be exploited to associate a safe file extension with an unsafe Uniform Type Identifier (UTI) and execute arbitrary code. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200909-0745 CVE-2009-2812 Apple Mac OS of Launch Services Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site. Apple Mac OS X is prone to a remote code-execution vulnerability that affects the Launch Services component. Successful exploits may allow attackers to execute arbitrary code with the privileges of the currently logged-in user. The following versions are affected: Mac OS X 10.5.8 and prior Mac OS X Server 10.5.8 and prior NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Visiting a malicious website may cause unsafe file types to open automatically. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in Alias Manager when processing alias files can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An error in Resource Manager when processing resource forks can be exploited to corrupt memory and potentially execute arbitrary code. 3) Multiple vulnerabilities in ClamAV can be exploited to bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. For more information: SA34566 SA34612 4) An integer overflow error exists when processing ColorSync profiles embedded in images. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted image. 5) An integer overflow error exists in CoreGraphics when processing JBIG2 streams embedded in PDF files. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF file. 6) An error in CoreGraphics can be exploited to cause a heap-based buffer overflow potentially execute arbitrary code when drawing long text strings. This is related to vulnerability #1 in: SA36269 7) A NULL-pointer dereference error in CUPS can be exploited to cause a crash. For more information see vulnerability #4 in: SA34481 8) An error in the CUPS USB backend can be exploited to cause a heap-based buffer overflow and execute arbitrary code with escalated privileges. 9) Multiple vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system. For more information: SA35948 10) Multiple errors exist in ImageIO when processing PixarFilm encoded TIFF images. These can be exploited to trigger memory corruptions and potentially execute arbitrary code via specially crafted TIFF files. 11) An error exists in Launch Services when handling files having a ".fileloc" extension. 12) An error exists in Launch Services when handling exported document types presented when an application is downloaded. 13) An error in MySQL can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA30134 14) Multiple vulnerabilities in PHP have an unknown impact or can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). For more information: SA34081 15) An error exists in Samba when handling error conditions. This can be exploited by a user without a configured home directory to access the contents of the file system by connecting to the Windows File Sharing service. 16) Input passed in search requests containing non UTF-8 encoded data to Wiki Server is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Security Update 2009-005 (Tiger PPC): http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg Security Update 2009-005 (Tiger Intel): http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg Security Update 2009-005 Server (Tiger Univ): http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg Security Update 2009-005 Server (Tiger PPC): http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg Mac OS X Server v10.6.1 Update: http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg Security Update 2009-005 Server (Leopard): http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg Security Update 2009-005 (Leopard): http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg Mac OS X v10.6.1 Update: http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg PROVIDED AND/OR DISCOVERED BY: 1, 2, 4, 8, 10-12, 16) Reported by the vendor. 5) The vendor credits Will Dormann of CERT/CC. 6) The vendor credits Will Drewry of Google. 15) The vendor credits J. David Hester of LCG Systems National Institutes of Health. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA34081: http://secunia.com/advisories/34081/ SA34481: http://secunia.com/advisories/34481/ SA34566: http://secunia.com/advisories/34566/ SA34612: http://secunia.com/advisories/34612/ SA35948: http://secunia.com/advisories/35948/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201004-0011 CVE-2009-4777 GIF File Processing Denial of Service Vulnerability in Multiple JP1 Products CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file.". Hitachi JP1 / Cm2 / Hierarchical is a middleware platform software. Hitachi JP1 / Automatic Job Management System 2-View, JP1 / Integrated Management-View, and multiple versions of JP1 / Cm2 / SNMP System Observer have unknown vulnerabilities. Remote attackers can trigger rejection by displaying "Invalid GIF file". Service (& ldquo; Exception & rdquo; Termination). Multiple Hitachi products are prone to a denial-of-service vulnerability caused by an unspecified error. Attackers can exploit this issue to terminate the affected applications, causing a denial-of-service condition. Affected products include the following: JP1/Automatic Job Management System 2 - View JP1/Integrated Management - View JP1/Cm2/SNMP System Observer For the full list of affected products, please see the referenced vendor advisory. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. SOLUTION: Update to a fixed version. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-016/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200909-0490 CVE-2009-3169 Hitachi JP1/File Transmission Server/FTP Multiple Unspecified Vulnerabilities CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors. Very few technical details are currently available. We will update this BID as more information emerges. An attacker can leverage these issues to execute arbitrary commands within the context of the vulnerable application and compromise the computer. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Hitachi JP1/File Transmission Server/FTP Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA36645 VERIFY ADVISORY: http://secunia.com/advisories/36645/ DESCRIPTION: Some vulnerabilities have been reported in Hitachi JP1/File Transmission Server/FTP, which can be exploited by malicious people to compromise a vulnerable system. SOLUTION: Update to a fixed version. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-015/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201004-0010 CVE-2009-4776 Multiple Hitachi products vulnerable to buffer overflow CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794. For several Hitachi products, GIF A buffer overflow vulnerability exists due to a flaw in handling images.The details may be affected by a third party. Multiple Hitachi products, including Cosminexus, Processing Kit for XML, and Hitachi Developer's Kit for Java, are prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Hitachi Products GIF Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA36622 VERIFY ADVISORY: http://secunia.com/advisories/36622/ DESCRIPTION: A vulnerability has been reported in multiple Hitachi products, which can be exploited by malicious people to potentially compromise a vulnerable system. Please see the vendor's advisory for a full list of affected products. SOLUTION: Update to a fixed version. See vendor advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200909-0364 CVE-2009-2795 Apple iPhone OS Recovery mode component buffer overflow vulnerability CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing.". Apple iPhone and iPod touch are prone to a heap-based buffer-overflow vulnerability. An attacker can exploit this issue to bypass the required passcode and gain access to sensitive information. This issue affects the following products: iPhone OS 1.0 through 3.0.1 iPhone OS for iPod touch 1.1 through 3.0 This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. Disclosing sensitive information or completely hacking a user's system. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 1) An error in CoreAudio when processing sample size table entries of AAC and MP3 files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 2) An error in Exchange Support exists due to the "Require Passcode" setting not being affected by the "Maximum inactivity time lock" setting. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 5) A NULL pointer dereference error within the handling of SMS arrival notifications can be exploited to cause a service interruption. 6) An error in the handling of passwords in UIKit can be exploited by a person with physical access to a device to disclose a password. 7) Safari includes the user name and password in the "Referer" header, which can lead to the exposure of sensitive information. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200909-0365 CVE-2009-2796 Apple iPhone OS of UIKit Information disclosure vulnerability in components CVSS V2: 2.1
CVSS V3: -
Severity: LOW
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. Apple iPhone and iPod touch are prone to an information-disclosure vulnerability in the UIKit component. Successful exploits may allow attackers with physical access to an affected device to obtain password data. Information harvested may aid in launching further attacks. This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. This issue affects the following: iPhone OS 1.0 through 3.0.1 iPhone OS for iPod touch 1.1 through 3.0. lead to intrusion into the user's system. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 1) An error in CoreAudio when processing sample size table entries of AAC and MP3 files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 2) An error in Exchange Support exists due to the "Require Passcode" setting not being affected by the "Maximum inactivity time lock" setting. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 5) A NULL pointer dereference error within the handling of SMS arrival notifications can be exploited to cause a service interruption. 7) Safari includes the user name and password in the "Referer" header, which can lead to the exposure of sensitive information. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200909-0323 CVE-2009-2799 Apple QuickTime of H.264 Video file processing heap-based buffer overflow vulnerability CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists during the parsing of samples from a malformed MOV file utilizing the H.264 codec. While parsing data to render the stream, the application will mistrust a length that is used to initialize a heap chunk that was allocated in a header. If the length is larger than the size of the chunk allocated, then a memory corruption will occur leading to code execution under the context of the currently logged in user. These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. ZDI-09-063: Apple QuickTime H.264 Nal Unit Length Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-063 September 10, 2009 -- CVE ID: CVE-2009-2799 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8435. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3859 -- Disclosure Timeline: 2009-07-28 - Vulnerability reported to vendor 2009-09-10 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous * Damian Put -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/
VAR-200909-0322 CVE-2009-2798 Apple QuickTime of FlashPix Heap-based buffer overflow vulnerability in file handling CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. Apple QuickTime Is FlashPix Arbitrary code is executed or service operation is interrupted due to incomplete processing (DoS) There is a vulnerability that becomes a condition.Arbitrary code is executed by a third party or service operation is interrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists during the parsing of malformed FlashPix (.fpx) files. While parsing the SectorShift and cSectFat fields from the header, the application will multiply 2 user-controlled 32-bit values and utilize this for an allocation. If the result of the multiplication is greater than 32bits, the application will allocate an undersized heap chunk. These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. ZDI-09-064: Apple QuickTime FlashPix Sector Size Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-064 September 10, 2009 -- CVE ID: CVE-2009-2798 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8414. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3859 -- Disclosure Timeline: 2009-07-28 - Vulnerability reported to vendor 2009-09-10 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Damian Put -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/
VAR-200909-0363 CVE-2009-2794 Apple iPhone OS of Exchange In support components Microsoft Exchange Vulnerability that can bypass restrictions CVSS V2: 4.6
CVSS V3: -
Severity: MEDIUM
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. Apple iPhone and iPod touch are prone to a security-bypass vulnerability. Successfully exploiting these issues may allow attackers to bypass security restrictions, which may aid in further attacks. This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. This issue affects the following: iPhone OS 1.0 through 3.0.1 iPhone OS for iPod touch 1.1 through 3.0. iPhone OS allows communication through services provided by Microsoft Exchange Server. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 1) An error in CoreAudio when processing sample size table entries of AAC and MP3 files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. This can be exploited by malicious people with physical access to the device to disclose potentially sensitive information. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 5) A NULL pointer dereference error within the handling of SMS arrival notifications can be exploited to cause a service interruption. 6) An error in the handling of passwords in UIKit can be exploited by a person with physical access to a device to disclose a password. 7) Safari includes the user name and password in the "Referer" header, which can lead to the exposure of sensitive information. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200909-0309 CVE-2009-2205 Mac OS X for Java of Java Web Start Command launcher buffer overflow vulnerability CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Java 1.4 is prone to a denial-of-service vulnerability
VAR-200909-0308 CVE-2009-2203 Apple QuickTime Vulnerable to buffer overflow CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file. These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. There is a buffer overflow vulnerability in QuickTime versions before 7.6.4 when processing MPEG-4 video files
VAR-200909-0320 CVE-2009-2815 Apple iPhone OS of Telephony Service disruption in components (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. Apple iPhone is prone to a NULL-pointer dereference vulnerability. Successful exploits may allow attackers to cause the affected service to become unresponsive. This issue affects iPhone OS 1.0 through 3.0.1. This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 1) An error in CoreAudio when processing sample size table entries of AAC and MP3 files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 2) An error in Exchange Support exists due to the "Require Passcode" setting not being affected by the "Maximum inactivity time lock" setting. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. This can be exploited by malicious people with physical access to the device to disclose potentially sensitive information. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 6) An error in the handling of passwords in UIKit can be exploited by a person with physical access to a device to disclose a password. 7) Safari includes the user name and password in the "Referer" header, which can lead to the exposure of sensitive information. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200909-0307 CVE-2009-2202 Apple QuickTime Vulnerabilities in arbitrary code execution CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file. These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. QuickTime versions before 7.6.4 have a memory corruption vulnerability when processing H.264 movie files
VAR-200909-0311 CVE-2009-2207 Apple iPhone OS of MobileMail Vulnerabilities that can capture important information in components CVSS V2: 2.1
CVSS V3: -
Severity: LOW
The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages. Apple iPhone and iPod touch are prone to an access-validation vulnerability. An attacker can exploit this issue to bypass certain security restrictions to obtain sensitive information that may lead to further attacks. This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. iPhone OS 1.0 through 3.0.1 iPhone OS for iPod touch 1.1 through 3.0. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 1) An error in CoreAudio when processing sample size table entries of AAC and MP3 files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 2) An error in Exchange Support exists due to the "Require Passcode" setting not being affected by the "Maximum inactivity time lock" setting. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. This can be exploited by malicious people with physical access to the device to disclose potentially sensitive information. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 5) A NULL pointer dereference error within the handling of SMS arrival notifications can be exploited to cause a service interruption. 6) An error in the handling of passwords in UIKit can be exploited by a person with physical access to a device to disclose a password. 7) Safari includes the user name and password in the "Referer" header, which can lead to the exposure of sensitive information. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200909-0321 CVE-2009-2797 Apple iPhone OS of WebKit Information disclosure vulnerability in components CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. Apple iPhone and iPod touch are prone to an information-disclosure vulnerability in the Safari browser. Successful exploits may allow attackers to obtain username and password data from URI referer headers on linked sites. Information harvested may aid in launching further attacks. This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. This issue affects the following: iPhone OS 1.0 through 3.0.1 iPhone OS for iPod touch 1.1 through 3.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for webkit SECUNIA ADVISORY ID: SA41856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for webkit. For more information: SA36677 SA37346 SA37769 SA37931 SA38545 SA38932 SA39091 SA39651 SA40105 SA40196 SA40479 SA40664 SA41014 SA41085 SA41242 SA41328 SOLUTION: Apply updated packages. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 1) An error in CoreAudio when processing sample size table entries of AAC and MP3 files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 2) An error in Exchange Support exists due to the "Require Passcode" setting not being affected by the "Maximum inactivity time lock" setting. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. This can be exploited by malicious people with physical access to the device to disclose potentially sensitive information. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 5) A NULL pointer dereference error within the handling of SMS arrival notifications can be exploited to cause a service interruption. 6) An error in the handling of passwords in UIKit can be exploited by a person with physical access to a device to disclose a password. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)
VAR-200909-0310 CVE-2009-2206 Apple iPhone OS of CoreAudio Component buffer overflow vulnerability CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table. Apple iPhone and iPod touch are prone to a heap-based buffer-overflow vulnerability. Successful exploits may allow an attacker to execute arbitrary code on a vulnerable device. Failed attacks will cause denial-of-service conditions. This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. This issue affects the following: iPhone OS 1.0 through 3.0.1 iPhone OS for iPod touch 1.1 through 3.0. Apple iPhone is a smart phone of Apple (Apple). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Apple iPhone OS AudioCodecs Heap Buffer Overflow Advisory ID: TKADV2009-007 Revision: 1.0 Release Date: 2009/09/09 Last Modified: 2009/09/09 Date Reported: 2009/04/05 Author: Tobias Klein (tk at trapkit.de) Affected Software: iPhone OS 1.0 through 3.0.1 iPhone OS for iPod touch 1.1 through 3.0 Remotely Exploitable: Yes Locally Exploitable: No Vendor URL: http://www.apple.com/ Vendor Status: Vendor has released an updated version CVE-ID: CVE-2009-2206 Patch development time: 158 days ====================== Vulnerability Details: ====================== The iPhone OS AudioCodecs library contains a heap buffer overflow vulnerability while parsing maliciously crafted AAC or MP3 files. One attack vector are iPhone ringtones with malformed sample size table entries. It was successfully tested that iTunes uploads such malformed ringtones to the phone. ================== Technical Details: ================== Vulnerable library: /System/Library/Frameworks/AudioToolbox.framework/AudioCodecs Vulnerable function: ACTransformerCodec::AppendInputData() Disassembly of the vulnerable function: [..] __text:3314443C LDR R3, [R5,#0xA8] __text:33144440 LDR R2, [R5,#0xA4] __text:33144444 ADD R3, R3, #1 __text:33144448 ADD R2, fp, R2 __text:3314444C STR R3, [R5,#0xA8] __text:33144450 MOV R3, #0 __text:33144454 STMIA IP, {R2,R3} [1] __text:33144458 MOV R3, #0 __text:3314445C STR R3, [IP,#8] [2] __text:33144460 LDR R3, [SP,#0x4C+sample_size] [3] __text:33144464 STR R3, [IP,#0xC] [4] __text:33144468 ADD IP, IP, #0x10 [5] [..] [1] The values of R2 and R3 are stored into the heap buffer pointed to by IP (R12). R2 contains user controlled data. [2] The value of R3 gets copied into the heap buffer. [3] R3 is filled with user controlled data from the audio file. [4] The user controlled data of R3 gets copied into the heap buffer. [5] The index into the heap buffer (pointed to by IP) gets incremented. This code snippet gets executed in a loop. As there is no bounds checking of the heap buffer pointed to by IP (R12) it is possible to cause an out of bounds write (heap buffer overflow). ==================== Disclosure Timeline: ==================== 2009/04/05 - Apple Product Security Team notified 2009/04/05 - Received an automated response message 2009/04/07 - Reply from Apple 2009/06/05 - Status update request sent to Apple 2009/06/05 - Apple confirms the vulnerability 2009/08/17 - Status update by Apple 2009/09/05 - Status update by Apple 2009/09/09 - New iPhone OS released by Apple 2009/09/09 - Release date of this security advisory ======== Credits: ======== Vulnerability found and advisory written by Tobias Klein. =========== References: =========== [REF1] http://support.apple.com/kb/HT3860 [REF2] http://www.trapkit.de/advisories/TKADV2009-007.txt ======== Changes: ======== Revision 0.1 - Initial draft release to the vendor Revision 1.0 - Public release =========== Disclaimer: =========== The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. ================== PGP Signature Key: ================== http://www.trapkit.de/advisories/tk-advisories-signature-key.asc Copyright 2009 Tobias Klein. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Charset: utf-8 wj8DBQFKqB4rkXxgcAIbhEERAik4AKD5gWG/GvB9bLQojJpaLhTVlfpj4gCfSJ9i nVSlzUd5NozllFGeI5rCboc= =B2cm -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 2) An error in Exchange Support exists due to the "Require Passcode" setting not being affected by the "Maximum inactivity time lock" setting. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. This can be exploited by malicious people with physical access to the device to disclose potentially sensitive information. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 5) A NULL pointer dereference error within the handling of SMS arrival notifications can be exploited to cause a service interruption. 6) An error in the handling of passwords in UIKit can be exploited by a person with physical access to a device to disclose a password. 7) Safari includes the user name and password in the "Referer" header, which can lead to the exposure of sensitive information. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200909-0581 No CVE Novell eDirectory HTTP GET Request Unicode String Denial of Service Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Novell eDirectory is a cross-platform directory server. If a remote attacker submits a specially crafted HTTP request containing a large number of Unicode strings to the port 8028 of the eDirectory server (the default port of the Dhost Http Server), it will exhaust 100% of the CPU resources. Novell eDirectory is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to consume an excessive amount of resources, denying service to legitimate users. Novell eDirectory 8.8 SP5 is vulnerable; other versions may also be affected