VARIoT IoT vulnerabilities database
| VAR-201110-0425 | CVE-2011-3218 | Apple QuickTime Player Vulnerable to cross-site scripting |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.
The update addresses new vulnerabilities that affect Application Firewall, ATS, CFNetwork, CoreMedia, CoreProcesses, CoreStorage, File Systems, IOGraphics, Kernel, MediaKit, Open Directory, QuickTime, SMB File Server, User Documentation, and libsecurity.
These issues affect OS X prior to 10.7.2. Apple Mac OS X is prone to an HTML-injection vulnerability that exists in the 'Save for Web' export feature.
An attacker can perform man-in-the-middle attacks to inject malicious script code in a template HTML file generated by the affected export feature. The injected script executes in the context of the local domain, when a victim views the generated template file locally.
NOTE: This issue was previously discussed in BID 50085 (Apple Mac OS X Prior to 10.7.2 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple has
released updates to address these vulnerabilities.
I. Apple has released updates to address these
vulnerabilities.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.
III. This advisory describes any known issues related to the
updates and the specific impacts for each vulnerability.
Administrators are encouraged to note these issues and impacts and
test for any potentially adverse effects before wide-scale
deployment.
IV. Please send
email to <cert@cert.org> with "TA11-286A Feedback VU#421739" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2011 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
October 13, 2011: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTpb8zj/GkGVXE7GMAQI21Af/SHWzIangqPW9vtuG/MQWSBMy9nG4wIZS
DUEAWBEMPTKF3fLrIy6TVpRLN3q/q4dCYXzM4lec4IzKvEbV/bUyg15xEfYdxB0v
s/vARGNwf7tjSbjo+PaHLuSZ1HLn/GLO3CXaf+ut/Kb8y9Fsir5klMgrCX/N0JkY
dLoV9R6zGs1aQzmF9ULB1IQ2/lUkg6CGnyARh0prfhRFwKfu7NZXb8yz5ex68q6V
NF6j9l+XK0Cl4K7R+0ESD4e47jLCg6iN175O8VzrlxiRvBRAyTaFycdMB4uSkmii
xu8SqU2QFhsIJy8J+i1Bb6kuWkaxAnUbxO4tRrmXoqTXl9m0CtpnWA==
=3Wp2
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-26-1 QuickTime 7.7.1
QuickTime 7.7.1 is now available and addresses the following:
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
H.264 encoded movie files.
CVE-ID
CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to the
disclosure of memory contents
Description: An uninitialized memory access issue existed in
QuickTime's handling of URL data handlers within movie files.
CVE-ID
CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An implementation issue existed in QuickTime's handling
of the atom hierarchy within a movie file.
CVE-ID
CVE-2011-3221 : an anonymous researcher working with TippingPoint's
Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: An attacker in a privileged network position may inject
script in the local domain when viewing template HTML
Description: A cross-site scripting issue existed in QuickTime
Player's "Save for Web" export. This issue is addressed by removing the reference to an
online script.
CVE-ID
CVE-2011-3218 : Aaron Sigel of vtty.com
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted FlashPix file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
FlashPix files.
CVE-ID
CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
FLIC files.
CVE-ID
CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in
QuickTime's handling of movie files.
CVE-ID
CVE-2011-3228 : Apple
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted PICT file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in the handling of
PICT files.
CVE-ID
CVE-2011-3247 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue existed in the handling of font
tables embedded in QuickTime movie files.
CVE-ID
CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue existed in the handling of FLC
encoded movie files.
CVE-ID
CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in the handling of
JPEG2000 encoded movie files.
CVE-ID
CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
TKHD atoms in QuickTime movie files.
CVE-ID
CVE-2011-3251 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime 7.7.1 may be obtained from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 9bf0e5da752663d1b8d8a415f938dc2d3b04eee5
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOqH2VAAoJEGnF2JsdZQeecGQIAIY4HmK221wqZEuxnTFYZdnv
CFnX2vc1cn22XODSXQV5x38zEd5RV1X/Crh3QcG/rSmhOKxckCJG5G4cRk9dNmdu
vpaU3+cceDTWieSmgwZX0QRScqdn6+rMHzJqWnR8i1E+bfDKhB5fl4eB1IGmRnAk
W4wZvUd06pMwSKm35d7whBBsiIz0gmIGz2Ktf7ft6wObHyy0Gq/eHWZFm2/VdX1p
Z+gXnbKTsYsgSeE33IGqgbA6+yFpA41ueKqR6084n6aUWdpb7GHpTNI5v3h7Sq53
i3BxkfDIOpgHyd7/G/b1Rmmv9k6fO64GCyvvuxr6laIstfCPYqROoajx1tsFStU=
=LmVu
-----END PGP SIGNATURE-----
| VAR-201110-0433 | CVE-2011-3221 | Apple Mac OS X of QuickTime Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within how the application parses the atom hierarchy within a QuickTime movie file. In a certain situation the application will pass execution to another function for handling the atom, however, will pass the incorrect number of arguments. Due to this, a variable will be treated as a pointer. This can lead to code execution under the context of the application. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2011-006.
The update addresses new vulnerabilities that affect Application Firewall, ATS, CFNetwork, CoreMedia, CoreProcesses, CoreStorage, File Systems, IOGraphics, Kernel, MediaKit, Open Directory, QuickTime, SMB File Server, User Documentation, and libsecurity.
These issues affect OS X prior to 10.7.2. More details
can be found at:
http://support.apple.com/kb/HT5002
-- Disclosure Timeline:
2011-06-03 - Vulnerability reported to vendor
2011-10-27 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
. Apple has
released updates to address these vulnerabilities.
I. Apple has released updates to address these
vulnerabilities.
II.
III. This advisory describes any known issues related to the
updates and the specific impacts for each vulnerability.
Administrators are encouraged to note these issues and impacts and
test for any potentially adverse effects before wide-scale
deployment.
IV. Please send
email to <cert@cert.org> with "TA11-286A Feedback VU#421739" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2011 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
October 13, 2011: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTpb8zj/GkGVXE7GMAQI21Af/SHWzIangqPW9vtuG/MQWSBMy9nG4wIZS
DUEAWBEMPTKF3fLrIy6TVpRLN3q/q4dCYXzM4lec4IzKvEbV/bUyg15xEfYdxB0v
s/vARGNwf7tjSbjo+PaHLuSZ1HLn/GLO3CXaf+ut/Kb8y9Fsir5klMgrCX/N0JkY
dLoV9R6zGs1aQzmF9ULB1IQ2/lUkg6CGnyARh0prfhRFwKfu7NZXb8yz5ex68q6V
NF6j9l+XK0Cl4K7R+0ESD4e47jLCg6iN175O8VzrlxiRvBRAyTaFycdMB4uSkmii
xu8SqU2QFhsIJy8J+i1Bb6kuWkaxAnUbxO4tRrmXoqTXl9m0CtpnWA==
=3Wp2
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-26-1 QuickTime 7.7.1
QuickTime 7.7.1 is now available and addresses the following:
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
H.264 encoded movie files.
CVE-ID
CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to the
disclosure of memory contents
Description: An uninitialized memory access issue existed in
QuickTime's handling of URL data handlers within movie files.
CVE-ID
CVE-2011-3221 : an anonymous researcher working with TippingPoint's
Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: An attacker in a privileged network position may inject
script in the local domain when viewing template HTML
Description: A cross-site scripting issue existed in QuickTime
Player's "Save for Web" export. The template HTML files generated by
this feature referenced a script file from a non-encrypted origin. An
attacker in a privileged network position may be able to inject
malicious scripts in the local domain if the user views a template
file locally. This issue is addressed by removing the reference to an
online script.
CVE-ID
CVE-2011-3218 : Aaron Sigel of vtty.com
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted FlashPix file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
FlashPix files.
CVE-ID
CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
FLIC files.
CVE-ID
CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in
QuickTime's handling of movie files.
CVE-ID
CVE-2011-3247 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue existed in the handling of font
tables embedded in QuickTime movie files.
CVE-ID
CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue existed in the handling of FLC
encoded movie files.
CVE-ID
CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in the handling of
JPEG2000 encoded movie files.
CVE-ID
CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
TKHD atoms in QuickTime movie files.
CVE-ID
CVE-2011-3251 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime 7.7.1 may be obtained from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 9bf0e5da752663d1b8d8a415f938dc2d3b04eee5
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOqH2VAAoJEGnF2JsdZQeecGQIAIY4HmK221wqZEuxnTFYZdnv
CFnX2vc1cn22XODSXQV5x38zEd5RV1X/Crh3QcG/rSmhOKxckCJG5G4cRk9dNmdu
vpaU3+cceDTWieSmgwZX0QRScqdn6+rMHzJqWnR8i1E+bfDKhB5fl4eB1IGmRnAk
W4wZvUd06pMwSKm35d7whBBsiIz0gmIGz2Ktf7ft6wObHyy0Gq/eHWZFm2/VdX1p
Z+gXnbKTsYsgSeE33IGqgbA6+yFpA41ueKqR6084n6aUWdpb7GHpTNI5v3h7Sq53
i3BxkfDIOpgHyd7/G/b1Rmmv9k6fO64GCyvvuxr6laIstfCPYqROoajx1tsFStU=
=LmVu
-----END PGP SIGNATURE-----
| VAR-201110-0427 | CVE-2011-3223 | Apple Mac OS X of QuickTime Vulnerable to buffer overflow |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. When Quicktime tries to decompress this data it reads a user supplied RLE Packet count field from the file and uses that as loop counter. A high value for this field will cause Quicktime to write outside previously allocated memory which could result into remote code execution.
The update addresses new vulnerabilities that affect Application Firewall, ATS, CFNetwork, CoreMedia, CoreProcesses, CoreStorage, File Systems, IOGraphics, Kernel, MediaKit, Open Directory, QuickTime, SMB File Server, User Documentation, and libsecurity. Apple Mac OS X is prone to a buffer-overflow vulnerability that affects QuickTime Player. Failed attacks will cause denial-of-service conditions.
Versions prior to Mac OS X 10.7.2 are vulnerable.
NOTE: This issue was previously discussed in BID 50085 (Apple Mac OS X Prior to 10.7.2 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple has
released updates to address these vulnerabilities.
I. Apple has released updates to address these
vulnerabilities.
II.
III. This advisory describes any known issues related to the
updates and the specific impacts for each vulnerability.
Administrators are encouraged to note these issues and impacts and
test for any potentially adverse effects before wide-scale
deployment.
IV. Please send
email to <cert@cert.org> with "TA11-286A Feedback VU#421739" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2011 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
October 13, 2011: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTpb8zj/GkGVXE7GMAQI21Af/SHWzIangqPW9vtuG/MQWSBMy9nG4wIZS
DUEAWBEMPTKF3fLrIy6TVpRLN3q/q4dCYXzM4lec4IzKvEbV/bUyg15xEfYdxB0v
s/vARGNwf7tjSbjo+PaHLuSZ1HLn/GLO3CXaf+ut/Kb8y9Fsir5klMgrCX/N0JkY
dLoV9R6zGs1aQzmF9ULB1IQ2/lUkg6CGnyARh0prfhRFwKfu7NZXb8yz5ex68q6V
NF6j9l+XK0Cl4K7R+0ESD4e47jLCg6iN175O8VzrlxiRvBRAyTaFycdMB4uSkmii
xu8SqU2QFhsIJy8J+i1Bb6kuWkaxAnUbxO4tRrmXoqTXl9m0CtpnWA==
=3Wp2
-----END PGP SIGNATURE-----
. More details
can be found at:
http://support.apple.com/kb/HT5002
-- Disclosure Timeline:
2011-06-03 - Vulnerability reported to vendor
2011-10-27 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Matt "j00ru" Jurczyk
* Anonymous
* pa_kt / twitter.com/pa_kt / e1c14ba6
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-26-1 QuickTime 7.7.1
QuickTime 7.7.1 is now available and addresses the following:
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
H.264 encoded movie files.
CVE-ID
CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to the
disclosure of memory contents
Description: An uninitialized memory access issue existed in
QuickTime's handling of URL data handlers within movie files.
CVE-ID
CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An implementation issue existed in QuickTime's handling
of the atom hierarchy within a movie file.
CVE-ID
CVE-2011-3221 : an anonymous researcher working with TippingPoint's
Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: An attacker in a privileged network position may inject
script in the local domain when viewing template HTML
Description: A cross-site scripting issue existed in QuickTime
Player's "Save for Web" export. The template HTML files generated by
this feature referenced a script file from a non-encrypted origin. An
attacker in a privileged network position may be able to inject
malicious scripts in the local domain if the user views a template
file locally. This issue is addressed by removing the reference to an
online script.
CVE-ID
CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in
QuickTime's handling of movie files.
CVE-ID
CVE-2011-3228 : Apple
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted PICT file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in the handling of
PICT files.
CVE-ID
CVE-2011-3247 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue existed in the handling of font
tables embedded in QuickTime movie files.
CVE-ID
CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue existed in the handling of FLC
encoded movie files.
CVE-ID
CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in the handling of
JPEG2000 encoded movie files.
CVE-ID
CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
TKHD atoms in QuickTime movie files.
CVE-ID
CVE-2011-3251 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime 7.7.1 may be obtained from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 9bf0e5da752663d1b8d8a415f938dc2d3b04eee5
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOqH2VAAoJEGnF2JsdZQeecGQIAIY4HmK221wqZEuxnTFYZdnv
CFnX2vc1cn22XODSXQV5x38zEd5RV1X/Crh3QcG/rSmhOKxckCJG5G4cRk9dNmdu
vpaU3+cceDTWieSmgwZX0QRScqdn6+rMHzJqWnR8i1E+bfDKhB5fl4eB1IGmRnAk
W4wZvUd06pMwSKm35d7whBBsiIz0gmIGz2Ktf7ft6wObHyy0Gq/eHWZFm2/VdX1p
Z+gXnbKTsYsgSeE33IGqgbA6+yFpA41ueKqR6084n6aUWdpb7GHpTNI5v3h7Sq53
i3BxkfDIOpgHyd7/G/b1Rmmv9k6fO64GCyvvuxr6laIstfCPYqROoajx1tsFStU=
=LmVu
-----END PGP SIGNATURE-----
| VAR-201110-0432 | CVE-2011-3220 | Apple QuickTime Vulnerability in which important information is obtained |
CVSS V2: 4.3 CVSS V3: - Severity: HIGH |
QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists within how the application handles a malformed atom type when playing a movie encoded with uncompressed audio. When decoding the audio sample the application will use a 16-bit length for allocating a buffer, and a different one for initializing it. This can cause memory corruption which can lead to code execution under the context of the application.
The update addresses new vulnerabilities that affect Application Firewall, ATS, CFNetwork, CoreMedia, CoreProcesses, CoreStorage, File Systems, IOGraphics, Kernel, MediaKit, Open Directory, QuickTime, SMB File Server, User Documentation, and libsecurity.
These issues affect OS X prior to 10.7.2. Apple Quicktime is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to read memory contents. Information obtained may aid in other attacks.
NOTE: This issue was previously discussed in BID 50085 (Apple Mac OS X Prior to 10.7.2 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple has
released updates to address these vulnerabilities.
I. Apple has released updates to address these
vulnerabilities.
II.
III. This advisory describes any known issues related to the
updates and the specific impacts for each vulnerability.
Administrators are encouraged to note these issues and impacts and
test for any potentially adverse effects before wide-scale
deployment.
IV. Please send
email to <cert@cert.org> with "TA11-286A Feedback VU#421739" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2011 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
October 13, 2011: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTpb8zj/GkGVXE7GMAQI21Af/SHWzIangqPW9vtuG/MQWSBMy9nG4wIZS
DUEAWBEMPTKF3fLrIy6TVpRLN3q/q4dCYXzM4lec4IzKvEbV/bUyg15xEfYdxB0v
s/vARGNwf7tjSbjo+PaHLuSZ1HLn/GLO3CXaf+ut/Kb8y9Fsir5klMgrCX/N0JkY
dLoV9R6zGs1aQzmF9ULB1IQ2/lUkg6CGnyARh0prfhRFwKfu7NZXb8yz5ex68q6V
NF6j9l+XK0Cl4K7R+0ESD4e47jLCg6iN175O8VzrlxiRvBRAyTaFycdMB4uSkmii
xu8SqU2QFhsIJy8J+i1Bb6kuWkaxAnUbxO4tRrmXoqTXl9m0CtpnWA==
=3Wp2
-----END PGP SIGNATURE-----
. ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-311
October 27, 2011
-- CVE ID:
CVE-2011-3220
-- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C
-- Affected Vendors:
Apple
-- Affected Products:
Apple Quicktime
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 11804. More details
can be found at:
http://support.apple.com/kb/HT5002
-- Disclosure Timeline:
2011-05-12 - Vulnerability reported to vendor
2011-10-27 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Luigi Auriemma
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-10-26-1 QuickTime 7.7.1
QuickTime 7.7.1 is now available and addresses the following:
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
H.264 encoded movie files.
CVE-ID
CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An implementation issue existed in QuickTime's handling
of the atom hierarchy within a movie file.
CVE-ID
CVE-2011-3221 : an anonymous researcher working with TippingPoint's
Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: An attacker in a privileged network position may inject
script in the local domain when viewing template HTML
Description: A cross-site scripting issue existed in QuickTime
Player's "Save for Web" export. The template HTML files generated by
this feature referenced a script file from a non-encrypted origin. An
attacker in a privileged network position may be able to inject
malicious scripts in the local domain if the user views a template
file locally. This issue is addressed by removing the reference to an
online script.
CVE-ID
CVE-2011-3218 : Aaron Sigel of vtty.com
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted FlashPix file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
FlashPix files.
CVE-ID
CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
FLIC files.
CVE-ID
CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in
QuickTime's handling of movie files.
CVE-ID
CVE-2011-3228 : Apple
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted PICT file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in the handling of
PICT files.
CVE-ID
CVE-2011-3247 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue existed in the handling of font
tables embedded in QuickTime movie files.
CVE-ID
CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue existed in the handling of FLC
encoded movie files.
CVE-ID
CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in the handling of
JPEG2000 encoded movie files.
CVE-ID
CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
TKHD atoms in QuickTime movie files.
CVE-ID
CVE-2011-3251 : Damian Put working with TippingPoint's Zero Day
Initiative
QuickTime 7.7.1 may be obtained from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 9bf0e5da752663d1b8d8a415f938dc2d3b04eee5
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOqH2VAAoJEGnF2JsdZQeecGQIAIY4HmK221wqZEuxnTFYZdnv
CFnX2vc1cn22XODSXQV5x38zEd5RV1X/Crh3QcG/rSmhOKxckCJG5G4cRk9dNmdu
vpaU3+cceDTWieSmgwZX0QRScqdn6+rMHzJqWnR8i1E+bfDKhB5fl4eB1IGmRnAk
W4wZvUd06pMwSKm35d7whBBsiIz0gmIGz2Ktf7ft6wObHyy0Gq/eHWZFm2/VdX1p
Z+gXnbKTsYsgSeE33IGqgbA6+yFpA41ueKqR6084n6aUWdpb7GHpTNI5v3h7Sq53
i3BxkfDIOpgHyd7/G/b1Rmmv9k6fO64GCyvvuxr6laIstfCPYqROoajx1tsFStU=
=LmVu
-----END PGP SIGNATURE-----
| VAR-201110-0335 | CVE-2011-3231 | Mac OS X Work on Apple Safari of SSL An arbitrary code execution vulnerability in the implementation |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. Apple Safari is prone to a remote code-execution vulnerability.
Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will crash the application.
This issue affects Apple Safari versions prior to 5.1.1.
NOTE: This issue was previously covered in BID 50089 (Apple Safari Prior to 5.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. This vulnerability does not affect OS X Lion systems or Windows systems
| VAR-201110-0334 | CVE-2011-3230 | Mac OS X Work on Apple Safari Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. Safari is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application.
Versions prior to Safari 5.1.1 are vulnerable.
NOTE: This issue was previously covered in BID 50089(Apple Safari Prior to 5.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46412
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46412/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46412
RELEASE DATE:
2011-10-14
DISCUSS ADVISORY:
http://secunia.com/advisories/46412/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46412/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46412
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
Safari, which can be exploited by malicious people to bypass certain
security restrictions, conduct cross-site scripting attacks, disclose
potentially sensitive information, and compromise a user's system.
1) An input sanitation error within the handling of
"safari-extension://" URLs can be exploited to e.g.
2) A policy error within the handling of "file://" URLs can be
exploited to execute arbitrary local applications.
Note: This vulnerability does not affect the Windows platform.
3) An error within the handling of SSL certificates can be exploited
to trigger an access of uninitialised memory and potentially execute
arbitrary code.
Note: This vulnerability does not affect OS X Lion or the Windows
platform.
4) Multiple vulnerabilities in WebKit can be exploited by malicious
people to cause a crash or compromise a user's system.
For more information:
SA44375
SA45097
SA45498
SA46049
SA46171
SA46339
5) An error exists within the handling of the beforeload event.
For more information see vulnerability #22 in:
SA45498
6) An error exists within the handling of the window.open method.
For more information see vulnerability #28 in:
SA45498
7) An error exists within the handling of the document.documentURI
property.
For more information see vulnerability #29 in:
SA45498
8) A cross-origin error exists within the handling of inactive DOM
windows, which can be exploited to conduct cross-site scripting
attacks.
9) A logic error within the handling of cookies in the Private
Browsing mode can lead to cookies being stored although the "Block
cookies" option is set to "Always".
Note: This does not affect the Windows platform.
SOLUTION:
Update to version 5.1.1.
PROVIDED AND/OR DISCOVERED BY:
1, 2) Aaron Sigel
The vendor credits:
3) Jason Broccardo, Fermi National Accelerator Laboratory
8) Sergey Glazunov
9) John Adamczyk
The vendor provides a bundled list of credits for vulnerabilities in
#4:
* Jose A. Vazquez, spa-s3c.blogspot.com
* Abhishek Arya (Inferno), Google Chrome Security Team
* Cris Neckar, Google Chrome Security Team
* miaubiz
* Adam Barth and Abhishek Arya, Google Chrome Security Team
* Mikolaj Malecki, Samsung
* SkyLined, Google Chrome Security Team
* Martin Barbella
* Raman Tenneti and Philip Rogers, Google
* Aki Helin, OUSPG
* Sadrul Habib Chowdhury, Chromium development community
* Dimitri Glazkov, Kent Tamura, and Dominic Cooney, Chromium
development community
* Slawomir Blazek
* Apple
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5000
Aaron Sigel:
http://vttynotes.blogspot.com/2011/10/cve-2011-3230-launch-any-file-path-from.html
http://vttynotes.blogspot.com/2011/10/cve-2011-3229-steal-files-and-inject-js.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0333 | CVE-2011-3261 | Apple iOS of OfficeImport Vulnerable to double memory release in Windows |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet. Apple iOS for iPhone, iPod touch, and iPad is prone to a remote code-execution vulnerability.
Successfully exploiting this issue may allow attackers to execute arbitrary code. Failed exploit attempts may cause denial-of-service conditions.
NOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A code injection vulnerability exists in OfficeImport versions prior to Apple iOS 5. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46377
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46377/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
RELEASE DATE:
2011-10-14
DISCUSS ADVISORY:
http://secunia.com/advisories/46377/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46377/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people with physical access to disclose
certain information and by malicious people to conduct script
insertion, cross-site scripting, and spoofing attacks, disclose
sensitive information, bypass certain security restrictions, cause a
DoS (Denial of Service), and compromise a user's device.
1) An error within the CalDAV component does not properly validate
the SSL certificate when synchronizing the calendar, which can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
2) Input passed via invitation notes is not properly sanitised in
Calendar before being returned to the user. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious invitation is being viewed.
3) The CFNetwork component stores a user's AppleID password and
username in the log file readable by applications, which can be
exploited to disclose the credentials.
4) The CFNetwork component does not properly restrict cross-domain
access of HTTP cookies, which can be exploited to access the cookies
of another web site.
5) An error exists within CoreFoundation when handling string
tokenization.
For more information see vulnerability #1 in:
SA46339
6) Multiple errors within CoreGraphics when handling the certain
freetype fonts can be exploited to corrupt memory.
7) An error within CoreMedia does not properly handle cross-site
redirects and can be exploited to disclose video data.
8) An error exits within the Data Access component when handling
multiple accounts configured on the same server and can be exploited
to disclose the cookie of another account.
9) The application accepts X.509 certificates with MD5 hashes, which
could lead to weak cryptographic certificates being used. This can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
10) A design error exists within the implementation of SSL 3.0 and
TLS 1.0 protocols.
For more information:
SA46168
11) An error within ImageIO when handling CCITT Group 4 encoded TIFF
files can be exploited to cause a buffer overflow.
For more information see vulnerability #1 in:
SA43593
12) An error in ImageIO within the handling of CCITT Group 4 encoded
TIFF image files can be exploited to cause a heap-based buffer
overflow.
For more information see vulnerability #9 in:
SA45325
13) An error within ICU (International Components for Unicode) can be
exploited to cause a buffer overflow.
For more information see vulnerability #11 in:
SA45054
14) An error within the kernel does not reclaim memory from
incomplete TCP connections, which can be exploited to exhaust system
resources by connecting to a listening service and cause the device
to reset.
15) A NULL-pointer dereference error within the kernel when handling
IPv6 socket options can be exploited to cause the device to reset.
16) An error within libxml can be exploited to cause a heap-based
buffer overflow.
For more information see vulnerability #12 in:
SA45325
17) An error within OfficeImport when viewing certain Microsoft Word
files can be exploited to cause a buffer overflow.
18) An error within OfficeImport when viewing certain Microsoft Excel
files can be exploited to cause a buffer overflow.
19) An indexing error exists in the OfficeImport framework when
processing certain records in a Microsoft Word file.
For more information see vulnerability #19 in:
SA45054
20) An error in the OfficeImport framework when processing records
can be exploited to corrupt memory.
For more information see vulnerability #28 in:
SA43814
21) An error within Safari does not properly handle the "attachment"
HTTP Content-Disposition header and can be exploited to conduct
cross-site scripting attacks.
22) The parental restrictions feature stores the restrictions
passcode in plaintext on disk and can be exploited to disclose the
passcode.
23) An error within UIKit does not properly handle "tel:" URIs and
can be exploited to cause the device to hang by tricking the user
into visiting a malicious website.
24) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
For more information:
SA43519
SA43683
SA43696
SA43859
SA45097
SA45325
SA45325
SA45498
SA45498
SA46339
SA46412
25) The WiFi credentials are stored in a file readable by other
applications, which may lead to the credentials being disclosed.
SOLUTION:
Apply iOS 5 Software Update.
PROVIDED AND/OR DISCOVERED BY:
1) Leszek Tasiemski, nSense.
6, 9) Reported by the vendor.
The vendor credits:
2) Rick Deacon
3) Peter Quade, qdevelop
4) Erling Ellingsen, Facebook.
7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
8) Bob Sielken, IBM
14) Wouter van der Veer, Topicus and Josh Enders
15) Thomas Clement, Intego
17) Tobias Klein via iDefense.
18) Tobias Klein, www.trapkit.de
21) Christian Matthies via iDefense and Yoshinori Oota, Business
Architects via JP/CERT.
22) An anonymous person
23) Simon Young, Anglia Ruskin University
25) Laurent OUDOT, TEHTRI Security
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4999
nSense:
http://www.nsense.fi/advisories/nsense_2011_006.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0329 | CVE-2011-3245 | Apple iOS Vulnerability in obtaining important information in the keyboard component |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. Apple iOS is prone to an information-disclosure vulnerability.
A local attacker can exploit this issue to retrieve the last character of a password typed previously by another user. Information obtained may aid in further attacks.
The following Apple systems are vulnerable:
iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
NOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46377
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46377/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
RELEASE DATE:
2011-10-14
DISCUSS ADVISORY:
http://secunia.com/advisories/46377/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46377/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people with physical access to disclose
certain information and by malicious people to conduct script
insertion, cross-site scripting, and spoofing attacks, disclose
sensitive information, bypass certain security restrictions, cause a
DoS (Denial of Service), and compromise a user's device.
1) An error within the CalDAV component does not properly validate
the SSL certificate when synchronizing the calendar, which can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
2) Input passed via invitation notes is not properly sanitised in
Calendar before being returned to the user. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious invitation is being viewed.
3) The CFNetwork component stores a user's AppleID password and
username in the log file readable by applications, which can be
exploited to disclose the credentials.
4) The CFNetwork component does not properly restrict cross-domain
access of HTTP cookies, which can be exploited to access the cookies
of another web site.
5) An error exists within CoreFoundation when handling string
tokenization.
For more information see vulnerability #1 in:
SA46339
6) Multiple errors within CoreGraphics when handling the certain
freetype fonts can be exploited to corrupt memory.
7) An error within CoreMedia does not properly handle cross-site
redirects and can be exploited to disclose video data.
8) An error exits within the Data Access component when handling
multiple accounts configured on the same server and can be exploited
to disclose the cookie of another account.
9) The application accepts X.509 certificates with MD5 hashes, which
could lead to weak cryptographic certificates being used. This can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
10) A design error exists within the implementation of SSL 3.0 and
TLS 1.0 protocols.
For more information:
SA46168
11) An error within ImageIO when handling CCITT Group 4 encoded TIFF
files can be exploited to cause a buffer overflow.
For more information see vulnerability #1 in:
SA43593
12) An error in ImageIO within the handling of CCITT Group 4 encoded
TIFF image files can be exploited to cause a heap-based buffer
overflow.
For more information see vulnerability #9 in:
SA45325
13) An error within ICU (International Components for Unicode) can be
exploited to cause a buffer overflow.
For more information see vulnerability #11 in:
SA45054
14) An error within the kernel does not reclaim memory from
incomplete TCP connections, which can be exploited to exhaust system
resources by connecting to a listening service and cause the device
to reset.
15) A NULL-pointer dereference error within the kernel when handling
IPv6 socket options can be exploited to cause the device to reset.
16) An error within libxml can be exploited to cause a heap-based
buffer overflow.
For more information see vulnerability #12 in:
SA45325
17) An error within OfficeImport when viewing certain Microsoft Word
files can be exploited to cause a buffer overflow.
18) An error within OfficeImport when viewing certain Microsoft Excel
files can be exploited to cause a buffer overflow.
19) An indexing error exists in the OfficeImport framework when
processing certain records in a Microsoft Word file.
For more information see vulnerability #19 in:
SA45054
20) An error in the OfficeImport framework when processing records
can be exploited to corrupt memory.
For more information see vulnerability #28 in:
SA43814
21) An error within Safari does not properly handle the "attachment"
HTTP Content-Disposition header and can be exploited to conduct
cross-site scripting attacks.
22) The parental restrictions feature stores the restrictions
passcode in plaintext on disk and can be exploited to disclose the
passcode.
23) An error within UIKit does not properly handle "tel:" URIs and
can be exploited to cause the device to hang by tricking the user
into visiting a malicious website.
24) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
For more information:
SA43519
SA43683
SA43696
SA43859
SA45097
SA45325
SA45325
SA45498
SA45498
SA46339
SA46412
25) The WiFi credentials are stored in a file readable by other
applications, which may lead to the credentials being disclosed.
Successful exploitation of vulnerabilities #6, #16 \x96 #20, and #24 may
allow execution of arbitrary code.
SOLUTION:
Apply iOS 5 Software Update.
PROVIDED AND/OR DISCOVERED BY:
1) Leszek Tasiemski, nSense.
6, 9) Reported by the vendor.
The vendor credits:
2) Rick Deacon
3) Peter Quade, qdevelop
4) Erling Ellingsen, Facebook.
7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
8) Bob Sielken, IBM
14) Wouter van der Veer, Topicus and Josh Enders
15) Thomas Clement, Intego
17) Tobias Klein via iDefense.
18) Tobias Klein, www.trapkit.de
21) Christian Matthies via iDefense and Yoshinori Oota, Business
Architects via JP/CERT.
22) An anonymous person
23) Simon Young, Anglia Ruskin University
25) Laurent OUDOT, TEHTRI Security
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4999
nSense:
http://www.nsense.fi/advisories/nsense_2011_006.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0325 | CVE-2011-3242 | Mac OS X Run on Apple Safari User tracking vulnerability in the private browsing feature |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. WebKit is prone to a security-bypass vulnerability. This issue occurs when private browsing mode is enabled.
Attackers can exploit this issue to bypass security restrictions.
NOTE: This issue was previously discussed in BID 50089 (Apple Safari Prior to 5.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. There is a logic error in Safari's handling of cookies in Private Browsing mode, which sets cookies even if \"Block cookies\" is set to \"Always\"
| VAR-201110-0322 | CVE-2011-3257 | Apple iOS of Data Access Vulnerabilities that prevent access restrictions on components |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie. Apple iOS is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information due to an incorrect mail cookie synchronization. This may allow the attacker to obtain credentials or other sensitive information. Information harvested may aid in further attacks.
The following Apple systems are vulnerable:
iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later
iOS 3.2 through 4.3.5 for iPad
NOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46377
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46377/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
RELEASE DATE:
2011-10-14
DISCUSS ADVISORY:
http://secunia.com/advisories/46377/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46377/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people with physical access to disclose
certain information and by malicious people to conduct script
insertion, cross-site scripting, and spoofing attacks, disclose
sensitive information, bypass certain security restrictions, cause a
DoS (Denial of Service), and compromise a user's device.
1) An error within the CalDAV component does not properly validate
the SSL certificate when synchronizing the calendar, which can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
2) Input passed via invitation notes is not properly sanitised in
Calendar before being returned to the user. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious invitation is being viewed.
3) The CFNetwork component stores a user's AppleID password and
username in the log file readable by applications, which can be
exploited to disclose the credentials.
4) The CFNetwork component does not properly restrict cross-domain
access of HTTP cookies, which can be exploited to access the cookies
of another web site.
5) An error exists within CoreFoundation when handling string
tokenization.
For more information see vulnerability #1 in:
SA46339
6) Multiple errors within CoreGraphics when handling the certain
freetype fonts can be exploited to corrupt memory.
7) An error within CoreMedia does not properly handle cross-site
redirects and can be exploited to disclose video data.
9) The application accepts X.509 certificates with MD5 hashes, which
could lead to weak cryptographic certificates being used. This can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
10) A design error exists within the implementation of SSL 3.0 and
TLS 1.0 protocols.
For more information:
SA46168
11) An error within ImageIO when handling CCITT Group 4 encoded TIFF
files can be exploited to cause a buffer overflow.
For more information see vulnerability #1 in:
SA43593
12) An error in ImageIO within the handling of CCITT Group 4 encoded
TIFF image files can be exploited to cause a heap-based buffer
overflow.
For more information see vulnerability #9 in:
SA45325
13) An error within ICU (International Components for Unicode) can be
exploited to cause a buffer overflow.
For more information see vulnerability #11 in:
SA45054
14) An error within the kernel does not reclaim memory from
incomplete TCP connections, which can be exploited to exhaust system
resources by connecting to a listening service and cause the device
to reset.
15) A NULL-pointer dereference error within the kernel when handling
IPv6 socket options can be exploited to cause the device to reset.
16) An error within libxml can be exploited to cause a heap-based
buffer overflow.
For more information see vulnerability #12 in:
SA45325
17) An error within OfficeImport when viewing certain Microsoft Word
files can be exploited to cause a buffer overflow.
18) An error within OfficeImport when viewing certain Microsoft Excel
files can be exploited to cause a buffer overflow.
19) An indexing error exists in the OfficeImport framework when
processing certain records in a Microsoft Word file.
For more information see vulnerability #19 in:
SA45054
20) An error in the OfficeImport framework when processing records
can be exploited to corrupt memory.
For more information see vulnerability #28 in:
SA43814
21) An error within Safari does not properly handle the "attachment"
HTTP Content-Disposition header and can be exploited to conduct
cross-site scripting attacks.
22) The parental restrictions feature stores the restrictions
passcode in plaintext on disk and can be exploited to disclose the
passcode.
23) An error within UIKit does not properly handle "tel:" URIs and
can be exploited to cause the device to hang by tricking the user
into visiting a malicious website.
24) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
For more information:
SA43519
SA43683
SA43696
SA43859
SA45097
SA45325
SA45325
SA45498
SA45498
SA46339
SA46412
25) The WiFi credentials are stored in a file readable by other
applications, which may lead to the credentials being disclosed.
Successful exploitation of vulnerabilities #6, #16 \x96 #20, and #24 may
allow execution of arbitrary code.
SOLUTION:
Apply iOS 5 Software Update.
PROVIDED AND/OR DISCOVERED BY:
1) Leszek Tasiemski, nSense.
6, 9) Reported by the vendor.
The vendor credits:
2) Rick Deacon
3) Peter Quade, qdevelop
4) Erling Ellingsen, Facebook.
7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
8) Bob Sielken, IBM
14) Wouter van der Veer, Topicus and Josh Enders
15) Thomas Clement, Intego
17) Tobias Klein via iDefense.
18) Tobias Klein, www.trapkit.de
21) Christian Matthies via iDefense and Yoshinori Oota, Business
Architects via JP/CERT.
22) An anonymous person
23) Simon Young, Anglia Ruskin University
25) Laurent OUDOT, TEHTRI Security
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4999
nSense:
http://www.nsense.fi/advisories/nsense_2011_006.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0324 | CVE-2011-3260 | Apple iOS of OfficeImport Vulnerable to buffer overflow |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. Apple iOS for iPhone, iPod touch, and iPad is prone to a buffer-overflow vulnerability.
Successfully exploiting this issue may allow attackers to execute arbitrary code. Failed exploit attempts may cause denial-of-service conditions.
NOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46377
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46377/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
RELEASE DATE:
2011-10-14
DISCUSS ADVISORY:
http://secunia.com/advisories/46377/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46377/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people with physical access to disclose
certain information and by malicious people to conduct script
insertion, cross-site scripting, and spoofing attacks, disclose
sensitive information, bypass certain security restrictions, cause a
DoS (Denial of Service), and compromise a user's device.
1) An error within the CalDAV component does not properly validate
the SSL certificate when synchronizing the calendar, which can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
2) Input passed via invitation notes is not properly sanitised in
Calendar before being returned to the user. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious invitation is being viewed.
3) The CFNetwork component stores a user's AppleID password and
username in the log file readable by applications, which can be
exploited to disclose the credentials.
4) The CFNetwork component does not properly restrict cross-domain
access of HTTP cookies, which can be exploited to access the cookies
of another web site.
5) An error exists within CoreFoundation when handling string
tokenization.
For more information see vulnerability #1 in:
SA46339
6) Multiple errors within CoreGraphics when handling the certain
freetype fonts can be exploited to corrupt memory.
7) An error within CoreMedia does not properly handle cross-site
redirects and can be exploited to disclose video data.
8) An error exits within the Data Access component when handling
multiple accounts configured on the same server and can be exploited
to disclose the cookie of another account.
9) The application accepts X.509 certificates with MD5 hashes, which
could lead to weak cryptographic certificates being used. This can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
10) A design error exists within the implementation of SSL 3.0 and
TLS 1.0 protocols.
For more information:
SA46168
11) An error within ImageIO when handling CCITT Group 4 encoded TIFF
files can be exploited to cause a buffer overflow.
For more information see vulnerability #1 in:
SA43593
12) An error in ImageIO within the handling of CCITT Group 4 encoded
TIFF image files can be exploited to cause a heap-based buffer
overflow.
For more information see vulnerability #9 in:
SA45325
13) An error within ICU (International Components for Unicode) can be
exploited to cause a buffer overflow.
For more information see vulnerability #11 in:
SA45054
14) An error within the kernel does not reclaim memory from
incomplete TCP connections, which can be exploited to exhaust system
resources by connecting to a listening service and cause the device
to reset.
15) A NULL-pointer dereference error within the kernel when handling
IPv6 socket options can be exploited to cause the device to reset.
16) An error within libxml can be exploited to cause a heap-based
buffer overflow.
For more information see vulnerability #12 in:
SA45325
17) An error within OfficeImport when viewing certain Microsoft Word
files can be exploited to cause a buffer overflow.
18) An error within OfficeImport when viewing certain Microsoft Excel
files can be exploited to cause a buffer overflow.
19) An indexing error exists in the OfficeImport framework when
processing certain records in a Microsoft Word file.
For more information see vulnerability #19 in:
SA45054
20) An error in the OfficeImport framework when processing records
can be exploited to corrupt memory.
For more information see vulnerability #28 in:
SA43814
21) An error within Safari does not properly handle the "attachment"
HTTP Content-Disposition header and can be exploited to conduct
cross-site scripting attacks.
22) The parental restrictions feature stores the restrictions
passcode in plaintext on disk and can be exploited to disclose the
passcode.
23) An error within UIKit does not properly handle "tel:" URIs and
can be exploited to cause the device to hang by tricking the user
into visiting a malicious website.
24) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
For more information:
SA43519
SA43683
SA43696
SA43859
SA45097
SA45325
SA45325
SA45498
SA45498
SA46339
SA46412
25) The WiFi credentials are stored in a file readable by other
applications, which may lead to the credentials being disclosed.
SOLUTION:
Apply iOS 5 Software Update.
PROVIDED AND/OR DISCOVERED BY:
1) Leszek Tasiemski, nSense.
6, 9) Reported by the vendor.
The vendor credits:
2) Rick Deacon
3) Peter Quade, qdevelop
4) Erling Ellingsen, Facebook.
7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
8) Bob Sielken, IBM
14) Wouter van der Veer, Topicus and Josh Enders
15) Thomas Clement, Intego
17) Tobias Klein via iDefense.
18) Tobias Klein, www.trapkit.de
21) Christian Matthies via iDefense and Yoshinori Oota, Business
Architects via JP/CERT.
22) An anonymous person
23) Simon Young, Anglia Ruskin University
25) Laurent OUDOT, TEHTRI Security
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4999
nSense:
http://www.nsense.fi/advisories/nsense_2011_006.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. The OfficeImport framework is used by several
applications, including MobileMail and MobileSafari. Both of these
applications are attack vectors for this vulnerability. For more
information, see the vendor's site found at the following link.
http://www.apple.com/iphone/softwareupdate/
II.
The vulnerability occurs when parsing a Word file with a maliciously
constructed record. Specific values within this record can trigger a
memory corruption vulnerability and result in values from the file being
used as function pointers.
III. To exploit this
vulnerability, an attacker has several attack vectors. The most
dangerous vector is through MobileSafari, which will automatically open
and parse Office files embedded in Web pages. This behavior is similar
to Microsoft Office 2000, in that it enables drive-by style attacks
without any user interaction beyond visiting a Web page (no file open
dialog is displayed, the file is simply opened). Additionally, an
attacker can e-mail a targeted user and attach a malicious file. The
user will then have to view the e-mail and attachment with MobileMail to
trigger the vulnerability.
IV. DETECTION
iOS versions prior to 5 are vulnerable.
V. WORKAROUND
iDefense is currently unaware of any workarounds for this issue.
VI. VENDOR RESPONSE
Apple has released a fix which addresses this issue. Information about
downloadable vendor updates can be found by clicking on the URLs shown.
http://lists.apple.com/archives/Security-announce/2011/Oct/msg00001.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2011-3260 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
10/27/2010 Initial Vendor Notification
10/27/2010 Vendor Reply
10/12/2011 Coordinated Public Disclosure
IX.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
http://labs.idefense.com/
X. LEGAL NOTICES
Copyright © 2011 Verisign
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information
| VAR-201110-0320 | CVE-2011-3255 | Apple iOS of CFNetwork Vulnerability in which important information is obtained |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. Apple iOS is prone to an information-disclosure vulnerability.
A local attacker can exploit this issue to retrieve a local user's password. Information obtained may aid in further attacks.
The following Apple systems are vulnerable:
iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
NOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46377
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46377/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
RELEASE DATE:
2011-10-14
DISCUSS ADVISORY:
http://secunia.com/advisories/46377/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46377/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people with physical access to disclose
certain information and by malicious people to conduct script
insertion, cross-site scripting, and spoofing attacks, disclose
sensitive information, bypass certain security restrictions, cause a
DoS (Denial of Service), and compromise a user's device.
1) An error within the CalDAV component does not properly validate
the SSL certificate when synchronizing the calendar, which can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
2) Input passed via invitation notes is not properly sanitised in
Calendar before being returned to the user. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious invitation is being viewed.
3) The CFNetwork component stores a user's AppleID password and
username in the log file readable by applications, which can be
exploited to disclose the credentials.
4) The CFNetwork component does not properly restrict cross-domain
access of HTTP cookies, which can be exploited to access the cookies
of another web site.
5) An error exists within CoreFoundation when handling string
tokenization.
For more information see vulnerability #1 in:
SA46339
6) Multiple errors within CoreGraphics when handling the certain
freetype fonts can be exploited to corrupt memory.
7) An error within CoreMedia does not properly handle cross-site
redirects and can be exploited to disclose video data.
8) An error exits within the Data Access component when handling
multiple accounts configured on the same server and can be exploited
to disclose the cookie of another account.
9) The application accepts X.509 certificates with MD5 hashes, which
could lead to weak cryptographic certificates being used. This can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
10) A design error exists within the implementation of SSL 3.0 and
TLS 1.0 protocols.
For more information:
SA46168
11) An error within ImageIO when handling CCITT Group 4 encoded TIFF
files can be exploited to cause a buffer overflow.
For more information see vulnerability #1 in:
SA43593
12) An error in ImageIO within the handling of CCITT Group 4 encoded
TIFF image files can be exploited to cause a heap-based buffer
overflow.
For more information see vulnerability #9 in:
SA45325
13) An error within ICU (International Components for Unicode) can be
exploited to cause a buffer overflow.
For more information see vulnerability #11 in:
SA45054
14) An error within the kernel does not reclaim memory from
incomplete TCP connections, which can be exploited to exhaust system
resources by connecting to a listening service and cause the device
to reset.
15) A NULL-pointer dereference error within the kernel when handling
IPv6 socket options can be exploited to cause the device to reset.
16) An error within libxml can be exploited to cause a heap-based
buffer overflow.
For more information see vulnerability #12 in:
SA45325
17) An error within OfficeImport when viewing certain Microsoft Word
files can be exploited to cause a buffer overflow.
18) An error within OfficeImport when viewing certain Microsoft Excel
files can be exploited to cause a buffer overflow.
19) An indexing error exists in the OfficeImport framework when
processing certain records in a Microsoft Word file.
For more information see vulnerability #19 in:
SA45054
20) An error in the OfficeImport framework when processing records
can be exploited to corrupt memory.
For more information see vulnerability #28 in:
SA43814
21) An error within Safari does not properly handle the "attachment"
HTTP Content-Disposition header and can be exploited to conduct
cross-site scripting attacks.
22) The parental restrictions feature stores the restrictions
passcode in plaintext on disk and can be exploited to disclose the
passcode.
23) An error within UIKit does not properly handle "tel:" URIs and
can be exploited to cause the device to hang by tricking the user
into visiting a malicious website.
24) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
For more information:
SA43519
SA43683
SA43696
SA43859
SA45097
SA45325
SA45325
SA45498
SA45498
SA46339
SA46412
25) The WiFi credentials are stored in a file readable by other
applications, which may lead to the credentials being disclosed.
Successful exploitation of vulnerabilities #6, #16 \x96 #20, and #24 may
allow execution of arbitrary code.
SOLUTION:
Apply iOS 5 Software Update.
PROVIDED AND/OR DISCOVERED BY:
1) Leszek Tasiemski, nSense.
6, 9) Reported by the vendor.
The vendor credits:
2) Rick Deacon
3) Peter Quade, qdevelop
4) Erling Ellingsen, Facebook.
7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
8) Bob Sielken, IBM
14) Wouter van der Veer, Topicus and Josh Enders
15) Thomas Clement, Intego
17) Tobias Klein via iDefense.
18) Tobias Klein, www.trapkit.de
21) Christian Matthies via iDefense and Yoshinori Oota, Business
Architects via JP/CERT.
22) An anonymous person
23) Simon Young, Anglia Ruskin University
25) Laurent OUDOT, TEHTRI Security
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4999
nSense:
http://www.nsense.fi/advisories/nsense_2011_006.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0319 | CVE-2011-3254 | Apple iOS Calendar cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
An attacker may leverage this issue to execute arbitrary script code in the local domain. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following Apple systems are vulnerable:
iOS 4.2.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 4.2.0 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 4.2.0 through 4.3.5 for iPad
NOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46377
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46377/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
RELEASE DATE:
2011-10-14
DISCUSS ADVISORY:
http://secunia.com/advisories/46377/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46377/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people with physical access to disclose
certain information and by malicious people to conduct script
insertion, cross-site scripting, and spoofing attacks, disclose
sensitive information, bypass certain security restrictions, cause a
DoS (Denial of Service), and compromise a user's device.
1) An error within the CalDAV component does not properly validate
the SSL certificate when synchronizing the calendar, which can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
2) Input passed via invitation notes is not properly sanitised in
Calendar before being returned to the user. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious invitation is being viewed.
3) The CFNetwork component stores a user's AppleID password and
username in the log file readable by applications, which can be
exploited to disclose the credentials.
4) The CFNetwork component does not properly restrict cross-domain
access of HTTP cookies, which can be exploited to access the cookies
of another web site.
5) An error exists within CoreFoundation when handling string
tokenization.
For more information see vulnerability #1 in:
SA46339
6) Multiple errors within CoreGraphics when handling the certain
freetype fonts can be exploited to corrupt memory.
7) An error within CoreMedia does not properly handle cross-site
redirects and can be exploited to disclose video data.
8) An error exits within the Data Access component when handling
multiple accounts configured on the same server and can be exploited
to disclose the cookie of another account.
9) The application accepts X.509 certificates with MD5 hashes, which
could lead to weak cryptographic certificates being used. This can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
10) A design error exists within the implementation of SSL 3.0 and
TLS 1.0 protocols.
For more information:
SA46168
11) An error within ImageIO when handling CCITT Group 4 encoded TIFF
files can be exploited to cause a buffer overflow.
For more information see vulnerability #1 in:
SA43593
12) An error in ImageIO within the handling of CCITT Group 4 encoded
TIFF image files can be exploited to cause a heap-based buffer
overflow.
For more information see vulnerability #9 in:
SA45325
13) An error within ICU (International Components for Unicode) can be
exploited to cause a buffer overflow.
For more information see vulnerability #11 in:
SA45054
14) An error within the kernel does not reclaim memory from
incomplete TCP connections, which can be exploited to exhaust system
resources by connecting to a listening service and cause the device
to reset.
15) A NULL-pointer dereference error within the kernel when handling
IPv6 socket options can be exploited to cause the device to reset.
16) An error within libxml can be exploited to cause a heap-based
buffer overflow.
For more information see vulnerability #12 in:
SA45325
17) An error within OfficeImport when viewing certain Microsoft Word
files can be exploited to cause a buffer overflow.
18) An error within OfficeImport when viewing certain Microsoft Excel
files can be exploited to cause a buffer overflow.
19) An indexing error exists in the OfficeImport framework when
processing certain records in a Microsoft Word file.
For more information see vulnerability #19 in:
SA45054
20) An error in the OfficeImport framework when processing records
can be exploited to corrupt memory.
For more information see vulnerability #28 in:
SA43814
21) An error within Safari does not properly handle the "attachment"
HTTP Content-Disposition header and can be exploited to conduct
cross-site scripting attacks.
22) The parental restrictions feature stores the restrictions
passcode in plaintext on disk and can be exploited to disclose the
passcode.
23) An error within UIKit does not properly handle "tel:" URIs and
can be exploited to cause the device to hang by tricking the user
into visiting a malicious website.
24) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
For more information:
SA43519
SA43683
SA43696
SA43859
SA45097
SA45325
SA45325
SA45498
SA45498
SA46339
SA46412
25) The WiFi credentials are stored in a file readable by other
applications, which may lead to the credentials being disclosed.
Successful exploitation of vulnerabilities #6, #16 \x96 #20, and #24 may
allow execution of arbitrary code.
SOLUTION:
Apply iOS 5 Software Update.
PROVIDED AND/OR DISCOVERED BY:
1) Leszek Tasiemski, nSense.
6, 9) Reported by the vendor.
The vendor credits:
2) Rick Deacon
3) Peter Quade, qdevelop
4) Erling Ellingsen, Facebook.
7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
8) Bob Sielken, IBM
14) Wouter van der Veer, Topicus and Josh Enders
15) Thomas Clement, Intego
17) Tobias Klein via iDefense.
18) Tobias Klein, www.trapkit.de
21) Christian Matthies via iDefense and Yoshinori Oota, Business
Architects via JP/CERT.
22) An anonymous person
23) Simon Young, Anglia Ruskin University
25) Laurent OUDOT, TEHTRI Security
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4999
nSense:
http://www.nsense.fi/advisories/nsense_2011_006.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0301 | CVE-2011-3437 | Apple Mac OS X of Apple Type Services (ATS) Integer sign error vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.
The update addresses new vulnerabilities that affect Application Firewall, ATS, CFNetwork, CoreMedia, CoreProcesses, CoreStorage, File Systems, IOGraphics, Kernel, MediaKit, Open Directory, QuickTime, SMB File Server, User Documentation, and libsecurity.
Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions.
OS X versions 10.7.x prior to 10.7.2 are affected.
NOTE: This issue was previously discussed in BID 50085 (Apple Mac OS X Prior to 10.7.2 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple has
released updates to address these vulnerabilities.
I. Apple has released updates to address these
vulnerabilities.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.
III. This advisory describes any known issues related to the
updates and the specific impacts for each vulnerability.
Administrators are encouraged to note these issues and impacts and
test for any potentially adverse effects before wide-scale
deployment.
IV. Please send
email to <cert@cert.org> with "TA11-286A Feedback VU#421739" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2011 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
October 13, 2011: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTpb8zj/GkGVXE7GMAQI21Af/SHWzIangqPW9vtuG/MQWSBMy9nG4wIZS
DUEAWBEMPTKF3fLrIy6TVpRLN3q/q4dCYXzM4lec4IzKvEbV/bUyg15xEfYdxB0v
s/vARGNwf7tjSbjo+PaHLuSZ1HLn/GLO3CXaf+ut/Kb8y9Fsir5klMgrCX/N0JkY
dLoV9R6zGs1aQzmF9ULB1IQ2/lUkg6CGnyARh0prfhRFwKfu7NZXb8yz5ex68q6V
NF6j9l+XK0Cl4K7R+0ESD4e47jLCg6iN175O8VzrlxiRvBRAyTaFycdMB4uSkmii
xu8SqU2QFhsIJy8J+i1Bb6kuWkaxAnUbxO4tRrmXoqTXl9m0CtpnWA==
=3Wp2
-----END PGP SIGNATURE-----
| VAR-201110-0318 | CVE-2011-3253 | Apple iOS of CalDAV Vulnerability in which important information is obtained |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. Apple iOS is prone to an information-disclosure vulnerability that affects the calendar synchronization feature.
Attackers can exploit this issue to obtain sensitive information from CalDAV communications.
An attacker can exploit this issue through man-in-the-middle attacks by impersonating a trusted server. This may allow the attacker to obtain credentials or other sensitive information or give users a false sense of security. Information harvested may aid in further attacks.
NOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46377
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46377/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
RELEASE DATE:
2011-10-14
DISCUSS ADVISORY:
http://secunia.com/advisories/46377/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46377/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people with physical access to disclose
certain information and by malicious people to conduct script
insertion, cross-site scripting, and spoofing attacks, disclose
sensitive information, bypass certain security restrictions, cause a
DoS (Denial of Service), and compromise a user's device.
1) An error within the CalDAV component does not properly validate
the SSL certificate when synchronizing the calendar, which can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
2) Input passed via invitation notes is not properly sanitised in
Calendar before being returned to the user. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious invitation is being viewed.
3) The CFNetwork component stores a user's AppleID password and
username in the log file readable by applications, which can be
exploited to disclose the credentials.
4) The CFNetwork component does not properly restrict cross-domain
access of HTTP cookies, which can be exploited to access the cookies
of another web site.
5) An error exists within CoreFoundation when handling string
tokenization.
For more information see vulnerability #1 in:
SA46339
6) Multiple errors within CoreGraphics when handling the certain
freetype fonts can be exploited to corrupt memory.
7) An error within CoreMedia does not properly handle cross-site
redirects and can be exploited to disclose video data.
8) An error exits within the Data Access component when handling
multiple accounts configured on the same server and can be exploited
to disclose the cookie of another account.
9) The application accepts X.509 certificates with MD5 hashes, which
could lead to weak cryptographic certificates being used. This can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
10) A design error exists within the implementation of SSL 3.0 and
TLS 1.0 protocols.
For more information:
SA46168
11) An error within ImageIO when handling CCITT Group 4 encoded TIFF
files can be exploited to cause a buffer overflow.
For more information see vulnerability #1 in:
SA43593
12) An error in ImageIO within the handling of CCITT Group 4 encoded
TIFF image files can be exploited to cause a heap-based buffer
overflow.
For more information see vulnerability #9 in:
SA45325
13) An error within ICU (International Components for Unicode) can be
exploited to cause a buffer overflow.
For more information see vulnerability #11 in:
SA45054
14) An error within the kernel does not reclaim memory from
incomplete TCP connections, which can be exploited to exhaust system
resources by connecting to a listening service and cause the device
to reset.
15) A NULL-pointer dereference error within the kernel when handling
IPv6 socket options can be exploited to cause the device to reset.
16) An error within libxml can be exploited to cause a heap-based
buffer overflow.
For more information see vulnerability #12 in:
SA45325
17) An error within OfficeImport when viewing certain Microsoft Word
files can be exploited to cause a buffer overflow.
18) An error within OfficeImport when viewing certain Microsoft Excel
files can be exploited to cause a buffer overflow.
19) An indexing error exists in the OfficeImport framework when
processing certain records in a Microsoft Word file.
For more information see vulnerability #19 in:
SA45054
20) An error in the OfficeImport framework when processing records
can be exploited to corrupt memory.
For more information see vulnerability #28 in:
SA43814
21) An error within Safari does not properly handle the "attachment"
HTTP Content-Disposition header and can be exploited to conduct
cross-site scripting attacks.
22) The parental restrictions feature stores the restrictions
passcode in plaintext on disk and can be exploited to disclose the
passcode.
23) An error within UIKit does not properly handle "tel:" URIs and
can be exploited to cause the device to hang by tricking the user
into visiting a malicious website.
24) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
For more information:
SA43519
SA43683
SA43696
SA43859
SA45097
SA45325
SA45325
SA45498
SA45498
SA46339
SA46412
25) The WiFi credentials are stored in a file readable by other
applications, which may lead to the credentials being disclosed.
Successful exploitation of vulnerabilities #6, #16 \x96 #20, and #24 may
allow execution of arbitrary code.
SOLUTION:
Apply iOS 5 Software Update.
PROVIDED AND/OR DISCOVERED BY:
1) Leszek Tasiemski, nSense.
6, 9) Reported by the vendor.
The vendor credits:
2) Rick Deacon
3) Peter Quade, qdevelop
4) Erling Ellingsen, Facebook.
7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
8) Bob Sielken, IBM
14) Wouter van der Veer, Topicus and Josh Enders
15) Thomas Clement, Intego
17) Tobias Klein via iDefense.
18) Tobias Klein, www.trapkit.de
21) Christian Matthies via iDefense and Yoshinori Oota, Business
Architects via JP/CERT.
22) An anonymous person
23) Simon Young, Anglia Ruskin University
25) Laurent OUDOT, TEHTRI Security
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4999
nSense:
http://www.nsense.fi/advisories/nsense_2011_006.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. nSense Vulnerability Research Security Advisory NSENSE-2011-006
---------------------------------------------------------------
t2'11 infosec conference special release
http://www.t2.fi
---------------------------------------------------------------
Affected Vendor: Apple Inc.
Affected Product: CalDAV (iOS 3.0 through 4.3.5 for iPhone 3GS
and iPhone 4, iOS 3.1 through 4.3.5 for iPod
touch (3rd generation) and later, iOS 3.2
through 4.3.5 for iPad)
Platform: iOS
Impact: Sensitive information interception
Vendor response: New version released
CVE: CVE-2011-3253
Credit: Leszek / nSense
Release date: 12 Oct 2011
Technical details
---------------------------------------------------------------
The calendar synchronization feature of iOS fails to validate
the SSL certificate provided by the server. Therefore, CalDAV
communication can be intercepted by a basic man in the middle
attack. As every request contains a HTTP basic authentication
header, which contains base64-encoded credentials, it is
possible to intercept email account credentials by an attacker
that is suitably positioned (e.g. the same LAN, WLAN) or is
able to tamper with DNS records pointing to the CalDAV server.
The application accepts the untrusted certificate without any
warning or prompt, so the attack will go unnoticed by the user.
Timeline:
20110407 nSense informed the vendor about the vulnerability
20110409 Vendor started to investigate the issue
20110415 nSense sent a status update request to the vendor
20110415 Vendor provided a status update
20110420 nSense asked the vendor for further information
20110502 nSense resent the previous questions
20110502 Vendor confirmed the vulnerability
20110525 nSense asked the vendor about the patch schedule
20110527 Vendor responded
20110527 nSense asked the vendor for further information
20110531 Vendor responded, unable to provide a date
20110601 nSense asked the vendor for clarification
20110603 Vendor responded
20110603 nSense resent the previous question
20110607 nSense commented the issue, asked the vendor for
clarification
20110705 nSense asked the vendor for clarification
20110726 nSense asked the vendor whether 4.3.5 fixed the
issue
20110727 Vendor responded. Issue not fixed.
20110728 nSense asked the vendor for further details
20110917 Vendor asked for credit information
20110917 nSense responded
20111002 Vendor confirmed release date
20111012 Vendor releases fixed version of the software
20111012 Vendor releases public advisory
Solution:
Apple security updates are available via the Software Update
mechanism: http://support.apple.com/kb/HT1338
Apple security updates are also available for manual download
via: http://www.apple.com/support/downloads/
More information from Apple Inc.:
http://support.apple.com/kb/HT1222
Links:
http://www.nsense.fi http://www.nsense.dk
$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P
D r i v e n b y t h e c h a l l e n g e _
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
| VAR-201110-0300 | CVE-2011-3436 | Apple Mac OS of Open Directory Vulnerable to bypassing password change restrictions |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2011-006.
The update addresses new vulnerabilities that affect Application Firewall, ATS, CFNetwork, CoreMedia, CoreProcesses, CoreStorage, File Systems, IOGraphics, Kernel, MediaKit, Open Directory, QuickTime, SMB File Server, User Documentation, and libsecurity.
These issues affect OS X prior to 10.7.2.
An attacker can exploit this issue to change a user's password, aiding further attacks. Apple has
released updates to address these vulnerabilities.
I. Apple has released updates to address these
vulnerabilities.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.
III. This advisory describes any known issues related to the
updates and the specific impacts for each vulnerability.
Administrators are encouraged to note these issues and impacts and
test for any potentially adverse effects before wide-scale
deployment.
IV. Please send
email to <cert@cert.org> with "TA11-286A Feedback VU#421739" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2011 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
October 13, 2011: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTpb8zj/GkGVXE7GMAQI21Af/SHWzIangqPW9vtuG/MQWSBMy9nG4wIZS
DUEAWBEMPTKF3fLrIy6TVpRLN3q/q4dCYXzM4lec4IzKvEbV/bUyg15xEfYdxB0v
s/vARGNwf7tjSbjo+PaHLuSZ1HLn/GLO3CXaf+ut/Kb8y9Fsir5klMgrCX/N0JkY
dLoV9R6zGs1aQzmF9ULB1IQ2/lUkg6CGnyARh0prfhRFwKfu7NZXb8yz5ex68q6V
NF6j9l+XK0Cl4K7R+0ESD4e47jLCg6iN175O8VzrlxiRvBRAyTaFycdMB4uSkmii
xu8SqU2QFhsIJy8J+i1Bb6kuWkaxAnUbxO4tRrmXoqTXl9m0CtpnWA==
=3Wp2
-----END PGP SIGNATURE-----
| VAR-201110-0299 | CVE-2011-3435 | Apple Mac OS X Vulnerabilities in browsing password data in Open Directory |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors.
The update addresses new vulnerabilities that affect Application Firewall, ATS, CFNetwork, CoreMedia, CoreProcesses, CoreStorage, File Systems, IOGraphics, Kernel, MediaKit, Open Directory, QuickTime, SMB File Server, User Documentation, and libsecurity.
These issues affect OS X prior to 10.7.2. Apple Mac OS X is prone to an information-disclosure vulnerability.
A local attacker can exploit this issue to retrieve a local user's password from the vulnerable computer. Information obtained may aid in further attacks.
Apple Mac OS X Lion 10.7 and 10.7.1 are vulnerable.
NOTE: This issue was previously discussed in BID 50085 (Apple Mac OS X Prior to 10.7.2 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple has
released updates to address these vulnerabilities.
I. Apple has released updates to address these
vulnerabilities.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.
III. This advisory describes any known issues related to the
updates and the specific impacts for each vulnerability.
Administrators are encouraged to note these issues and impacts and
test for any potentially adverse effects before wide-scale
deployment.
IV. Please send
email to <cert@cert.org> with "TA11-286A Feedback VU#421739" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2011 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
October 13, 2011: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTpb8zj/GkGVXE7GMAQI21Af/SHWzIangqPW9vtuG/MQWSBMy9nG4wIZS
DUEAWBEMPTKF3fLrIy6TVpRLN3q/q4dCYXzM4lec4IzKvEbV/bUyg15xEfYdxB0v
s/vARGNwf7tjSbjo+PaHLuSZ1HLn/GLO3CXaf+ut/Kb8y9Fsir5klMgrCX/N0JkY
dLoV9R6zGs1aQzmF9ULB1IQ2/lUkg6CGnyARh0prfhRFwKfu7NZXb8yz5ex68q6V
NF6j9l+XK0Cl4K7R+0ESD4e47jLCg6iN175O8VzrlxiRvBRAyTaFycdMB4uSkmii
xu8SqU2QFhsIJy8J+i1Bb6kuWkaxAnUbxO4tRrmXoqTXl9m0CtpnWA==
=3Wp2
-----END PGP SIGNATURE-----
| VAR-201110-0298 | CVE-2011-3434 | Apple iOS of WiFi Vulnerabilities that can capture important information in components |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. Apple iOS is prone to an information-disclosure vulnerability.
A local attacker can exploit this issue to retrieve WiFi credentials. Information obtained may aid in further attacks.
The following Apple systems are vulnerable:
iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,
iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.5 for iPad
NOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. A trust management vulnerability exists in the WiFi component of Apple iOS versions prior to 5. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46377
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46377/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
RELEASE DATE:
2011-10-14
DISCUSS ADVISORY:
http://secunia.com/advisories/46377/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46377/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people with physical access to disclose
certain information and by malicious people to conduct script
insertion, cross-site scripting, and spoofing attacks, disclose
sensitive information, bypass certain security restrictions, cause a
DoS (Denial of Service), and compromise a user's device.
1) An error within the CalDAV component does not properly validate
the SSL certificate when synchronizing the calendar, which can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
2) Input passed via invitation notes is not properly sanitised in
Calendar before being returned to the user. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious invitation is being viewed.
3) The CFNetwork component stores a user's AppleID password and
username in the log file readable by applications, which can be
exploited to disclose the credentials.
4) The CFNetwork component does not properly restrict cross-domain
access of HTTP cookies, which can be exploited to access the cookies
of another web site.
5) An error exists within CoreFoundation when handling string
tokenization.
For more information see vulnerability #1 in:
SA46339
6) Multiple errors within CoreGraphics when handling the certain
freetype fonts can be exploited to corrupt memory.
7) An error within CoreMedia does not properly handle cross-site
redirects and can be exploited to disclose video data.
8) An error exits within the Data Access component when handling
multiple accounts configured on the same server and can be exploited
to disclose the cookie of another account.
9) The application accepts X.509 certificates with MD5 hashes, which
could lead to weak cryptographic certificates being used. This can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
10) A design error exists within the implementation of SSL 3.0 and
TLS 1.0 protocols.
For more information:
SA46168
11) An error within ImageIO when handling CCITT Group 4 encoded TIFF
files can be exploited to cause a buffer overflow.
For more information see vulnerability #1 in:
SA43593
12) An error in ImageIO within the handling of CCITT Group 4 encoded
TIFF image files can be exploited to cause a heap-based buffer
overflow.
For more information see vulnerability #9 in:
SA45325
13) An error within ICU (International Components for Unicode) can be
exploited to cause a buffer overflow.
For more information see vulnerability #11 in:
SA45054
14) An error within the kernel does not reclaim memory from
incomplete TCP connections, which can be exploited to exhaust system
resources by connecting to a listening service and cause the device
to reset.
15) A NULL-pointer dereference error within the kernel when handling
IPv6 socket options can be exploited to cause the device to reset.
16) An error within libxml can be exploited to cause a heap-based
buffer overflow.
For more information see vulnerability #12 in:
SA45325
17) An error within OfficeImport when viewing certain Microsoft Word
files can be exploited to cause a buffer overflow.
18) An error within OfficeImport when viewing certain Microsoft Excel
files can be exploited to cause a buffer overflow.
19) An indexing error exists in the OfficeImport framework when
processing certain records in a Microsoft Word file.
For more information see vulnerability #19 in:
SA45054
20) An error in the OfficeImport framework when processing records
can be exploited to corrupt memory.
For more information see vulnerability #28 in:
SA43814
21) An error within Safari does not properly handle the "attachment"
HTTP Content-Disposition header and can be exploited to conduct
cross-site scripting attacks.
22) The parental restrictions feature stores the restrictions
passcode in plaintext on disk and can be exploited to disclose the
passcode.
23) An error within UIKit does not properly handle "tel:" URIs and
can be exploited to cause the device to hang by tricking the user
into visiting a malicious website.
24) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
Successful exploitation of vulnerabilities #6, #16 \x96 #20, and #24 may
allow execution of arbitrary code.
SOLUTION:
Apply iOS 5 Software Update.
PROVIDED AND/OR DISCOVERED BY:
1) Leszek Tasiemski, nSense.
6, 9) Reported by the vendor.
The vendor credits:
2) Rick Deacon
3) Peter Quade, qdevelop
4) Erling Ellingsen, Facebook.
7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
8) Bob Sielken, IBM
14) Wouter van der Veer, Topicus and Josh Enders
15) Thomas Clement, Intego
17) Tobias Klein via iDefense.
18) Tobias Klein, www.trapkit.de
21) Christian Matthies via iDefense and Yoshinori Oota, Business
Architects via JP/CERT.
22) An anonymous person
23) Simon Young, Anglia Ruskin University
25) Laurent OUDOT, TEHTRI Security
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4999
nSense:
http://www.nsense.fi/advisories/nsense_2011_006.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0297 | CVE-2011-3432 | Apple iOS of UIKit Service disruption in the alert component ( Device hang ) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog. Apple iOS is prone to a denial-of-service vulnerability when handling specially crafted webpages.
Attackers can exploit this issue to cause the device to hang, denying service to legitimate users.
NOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A resource management error vulnerability exists in the UIKit Alerts component in versions prior to Apple iOS 5. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46377
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46377/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
RELEASE DATE:
2011-10-14
DISCUSS ADVISORY:
http://secunia.com/advisories/46377/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46377/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people with physical access to disclose
certain information and by malicious people to conduct script
insertion, cross-site scripting, and spoofing attacks, disclose
sensitive information, bypass certain security restrictions, cause a
DoS (Denial of Service), and compromise a user's device.
1) An error within the CalDAV component does not properly validate
the SSL certificate when synchronizing the calendar, which can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
2) Input passed via invitation notes is not properly sanitised in
Calendar before being returned to the user. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious invitation is being viewed.
3) The CFNetwork component stores a user's AppleID password and
username in the log file readable by applications, which can be
exploited to disclose the credentials.
4) The CFNetwork component does not properly restrict cross-domain
access of HTTP cookies, which can be exploited to access the cookies
of another web site.
5) An error exists within CoreFoundation when handling string
tokenization.
For more information see vulnerability #1 in:
SA46339
6) Multiple errors within CoreGraphics when handling the certain
freetype fonts can be exploited to corrupt memory.
7) An error within CoreMedia does not properly handle cross-site
redirects and can be exploited to disclose video data.
8) An error exits within the Data Access component when handling
multiple accounts configured on the same server and can be exploited
to disclose the cookie of another account.
9) The application accepts X.509 certificates with MD5 hashes, which
could lead to weak cryptographic certificates being used. This can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
10) A design error exists within the implementation of SSL 3.0 and
TLS 1.0 protocols.
For more information:
SA46168
11) An error within ImageIO when handling CCITT Group 4 encoded TIFF
files can be exploited to cause a buffer overflow.
For more information see vulnerability #1 in:
SA43593
12) An error in ImageIO within the handling of CCITT Group 4 encoded
TIFF image files can be exploited to cause a heap-based buffer
overflow.
For more information see vulnerability #9 in:
SA45325
13) An error within ICU (International Components for Unicode) can be
exploited to cause a buffer overflow.
For more information see vulnerability #11 in:
SA45054
14) An error within the kernel does not reclaim memory from
incomplete TCP connections, which can be exploited to exhaust system
resources by connecting to a listening service and cause the device
to reset.
15) A NULL-pointer dereference error within the kernel when handling
IPv6 socket options can be exploited to cause the device to reset.
16) An error within libxml can be exploited to cause a heap-based
buffer overflow.
For more information see vulnerability #12 in:
SA45325
17) An error within OfficeImport when viewing certain Microsoft Word
files can be exploited to cause a buffer overflow.
18) An error within OfficeImport when viewing certain Microsoft Excel
files can be exploited to cause a buffer overflow.
19) An indexing error exists in the OfficeImport framework when
processing certain records in a Microsoft Word file.
For more information see vulnerability #19 in:
SA45054
20) An error in the OfficeImport framework when processing records
can be exploited to corrupt memory.
For more information see vulnerability #28 in:
SA43814
21) An error within Safari does not properly handle the "attachment"
HTTP Content-Disposition header and can be exploited to conduct
cross-site scripting attacks.
22) The parental restrictions feature stores the restrictions
passcode in plaintext on disk and can be exploited to disclose the
passcode.
24) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
For more information:
SA43519
SA43683
SA43696
SA43859
SA45097
SA45325
SA45325
SA45498
SA45498
SA46339
SA46412
25) The WiFi credentials are stored in a file readable by other
applications, which may lead to the credentials being disclosed.
Successful exploitation of vulnerabilities #6, #16 \x96 #20, and #24 may
allow execution of arbitrary code.
SOLUTION:
Apply iOS 5 Software Update.
PROVIDED AND/OR DISCOVERED BY:
1) Leszek Tasiemski, nSense.
6, 9) Reported by the vendor.
The vendor credits:
2) Rick Deacon
3) Peter Quade, qdevelop
4) Erling Ellingsen, Facebook.
7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
8) Bob Sielken, IBM
14) Wouter van der Veer, Topicus and Josh Enders
15) Thomas Clement, Intego
17) Tobias Klein via iDefense.
18) Tobias Klein, www.trapkit.de
21) Christian Matthies via iDefense and Yoshinori Oota, Business
Architects via JP/CERT.
22) An anonymous person
23) Simon Young, Anglia Ruskin University
25) Laurent OUDOT, TEHTRI Security
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4999
nSense:
http://www.nsense.fi/advisories/nsense_2011_006.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201110-0295 | CVE-2011-3430 | Apple iOS Vulnerabilities affected by unknown details in configuration components |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display.
This weakness may cause unsuspecting users to set up unsafe configurations, resulting in a false sense of security. This may lead to other attacks. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Vulnerabilities exist in the Settings component of Apple iOS versions prior to 5. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA46377
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46377/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
RELEASE DATE:
2011-10-14
DISCUSS ADVISORY:
http://secunia.com/advisories/46377/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/46377/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people with physical access to disclose
certain information and by malicious people to conduct script
insertion, cross-site scripting, and spoofing attacks, disclose
sensitive information, bypass certain security restrictions, cause a
DoS (Denial of Service), and compromise a user's device.
1) An error within the CalDAV component does not properly validate
the SSL certificate when synchronizing the calendar, which can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
2) Input passed via invitation notes is not properly sanitised in
Calendar before being returned to the user. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious invitation is being viewed.
3) The CFNetwork component stores a user's AppleID password and
username in the log file readable by applications, which can be
exploited to disclose the credentials.
4) The CFNetwork component does not properly restrict cross-domain
access of HTTP cookies, which can be exploited to access the cookies
of another web site.
5) An error exists within CoreFoundation when handling string
tokenization.
For more information see vulnerability #1 in:
SA46339
6) Multiple errors within CoreGraphics when handling the certain
freetype fonts can be exploited to corrupt memory.
7) An error within CoreMedia does not properly handle cross-site
redirects and can be exploited to disclose video data.
8) An error exits within the Data Access component when handling
multiple accounts configured on the same server and can be exploited
to disclose the cookie of another account.
9) The application accepts X.509 certificates with MD5 hashes, which
could lead to weak cryptographic certificates being used. This can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.
10) A design error exists within the implementation of SSL 3.0 and
TLS 1.0 protocols.
For more information:
SA46168
11) An error within ImageIO when handling CCITT Group 4 encoded TIFF
files can be exploited to cause a buffer overflow.
For more information see vulnerability #1 in:
SA43593
12) An error in ImageIO within the handling of CCITT Group 4 encoded
TIFF image files can be exploited to cause a heap-based buffer
overflow.
For more information see vulnerability #9 in:
SA45325
13) An error within ICU (International Components for Unicode) can be
exploited to cause a buffer overflow.
For more information see vulnerability #11 in:
SA45054
14) An error within the kernel does not reclaim memory from
incomplete TCP connections, which can be exploited to exhaust system
resources by connecting to a listening service and cause the device
to reset.
15) A NULL-pointer dereference error within the kernel when handling
IPv6 socket options can be exploited to cause the device to reset.
16) An error within libxml can be exploited to cause a heap-based
buffer overflow.
For more information see vulnerability #12 in:
SA45325
17) An error within OfficeImport when viewing certain Microsoft Word
files can be exploited to cause a buffer overflow.
18) An error within OfficeImport when viewing certain Microsoft Excel
files can be exploited to cause a buffer overflow.
19) An indexing error exists in the OfficeImport framework when
processing certain records in a Microsoft Word file.
For more information see vulnerability #19 in:
SA45054
20) An error in the OfficeImport framework when processing records
can be exploited to corrupt memory.
For more information see vulnerability #28 in:
SA43814
21) An error within Safari does not properly handle the "attachment"
HTTP Content-Disposition header and can be exploited to conduct
cross-site scripting attacks.
22) The parental restrictions feature stores the restrictions
passcode in plaintext on disk and can be exploited to disclose the
passcode.
23) An error within UIKit does not properly handle "tel:" URIs and
can be exploited to cause the device to hang by tricking the user
into visiting a malicious website.
24) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
For more information:
SA43519
SA43683
SA43696
SA43859
SA45097
SA45325
SA45325
SA45498
SA45498
SA46339
SA46412
25) The WiFi credentials are stored in a file readable by other
applications, which may lead to the credentials being disclosed.
Successful exploitation of vulnerabilities #6, #16 \x96 #20, and #24 may
allow execution of arbitrary code.
SOLUTION:
Apply iOS 5 Software Update.
PROVIDED AND/OR DISCOVERED BY:
1) Leszek Tasiemski, nSense.
6, 9) Reported by the vendor.
The vendor credits:
2) Rick Deacon
3) Peter Quade, qdevelop
4) Erling Ellingsen, Facebook.
7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
8) Bob Sielken, IBM
14) Wouter van der Veer, Topicus and Josh Enders
15) Thomas Clement, Intego
17) Tobias Klein via iDefense.
18) Tobias Klein, www.trapkit.de
21) Christian Matthies via iDefense and Yoshinori Oota, Business
Architects via JP/CERT.
22) An anonymous person
23) Simon Young, Anglia Ruskin University
25) Laurent OUDOT, TEHTRI Security
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4999
nSense:
http://www.nsense.fi/advisories/nsense_2011_006.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------