VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201201-0316 CVE-2012-0814 OpenSSH Vulnerability in which important information is obtained CVSS V2: 3.5
CVSS V3: 6.5
Severity: LOW
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. The Debian openssh-server package is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to gain access to sensitive information; this may lead to further attacks. Debian openssh-server 1:5.5p1-6+squeeze1 is affected; other versions may also be vulnerable. The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections (CVE-2010-5107). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0814 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: d4dc59e94c2f0f4ca4ed3d29c05afd9d mes5/i586/openssh-5.1p1-2.3mdvmes5.2.i586.rpm 6bb053a5d82451594d433c0059c5f7a7 mes5/i586/openssh-askpass-5.1p1-2.3mdvmes5.2.i586.rpm cc26585ed65704d2fa6c0bcb102953c7 mes5/i586/openssh-askpass-common-5.1p1-2.3mdvmes5.2.i586.rpm 06ded6e5614c7a188a676550934e98bb mes5/i586/openssh-askpass-gnome-5.1p1-2.3mdvmes5.2.i586.rpm 860932e1a599ec68a150879b9c9abe52 mes5/i586/openssh-clients-5.1p1-2.3mdvmes5.2.i586.rpm fe26afea6473e680a45979a904bb7e3d mes5/i586/openssh-server-5.1p1-2.3mdvmes5.2.i586.rpm baa4beb7bfb76b7706166e7870ddd210 mes5/SRPMS/openssh-5.1p1-2.3mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 1c43725b46c279b7295c16e0fb9f43bf mes5/x86_64/openssh-5.1p1-2.3mdvmes5.2.x86_64.rpm d0231e13471148dfed86f75c4f99a2d0 mes5/x86_64/openssh-askpass-5.1p1-2.3mdvmes5.2.x86_64.rpm 2c06080b369ab13a9c95df47336aeb13 mes5/x86_64/openssh-askpass-common-5.1p1-2.3mdvmes5.2.x86_64.rpm 9fc99fb86e43c00139329787c7b3829d mes5/x86_64/openssh-askpass-gnome-5.1p1-2.3mdvmes5.2.x86_64.rpm 63621dfc8b9c4bf731711af418ea5c5f mes5/x86_64/openssh-clients-5.1p1-2.3mdvmes5.2.x86_64.rpm ea5653a3e6d790ce02f11fbcd722801d mes5/x86_64/openssh-server-5.1p1-2.3mdvmes5.2.x86_64.rpm baa4beb7bfb76b7706166e7870ddd210 mes5/SRPMS/openssh-5.1p1-2.3mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFRQFi+mqjQ0CJFipgRAuIuAJ9D6e15JXI7YDeAIZqQalKdXEmEWwCgjBoe quBwSmmMLE/orEkpMzGwKbQ= =PJAx -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities EMC Identifier: ESA-2014-016 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS scores Affected products: All versions from VPLEX GeoSynchrony 4.0 through VPLEX GeoSynchrony 5.2.1 are affected Summary: EMC VPLEX GeoSynchrony 5.3 contains fixes for multiple vulnerabilities that could potentially be exploited by malicious users. Details: \x95Multiple Vulnerabilities affecting the VPLEX Web GUI. Please refer to the NVD website (http://web.nvd.nist.gov/) for more details on the below CVEs Path Traversal vulnerability in VPLEX GUI \x96 CVE-2014-0632 CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) VPLEX GUI Session Timeout validity vulnerability \x96 CVE-2014-0633 CVSS v2 Base Score: 7.7 (AV:A/AC:L/Au:S/C:C/I:C/A:C) Missing HttpOnly attribute vulnerability \x96 CVE-2014-0634 CVSS v2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P) Session Fixation vulnerability \x96 CVE-2014-0635 CVSS v2 Base Score: 7.5 (AV:N/AC:M/Au:S/C:C/I:P/A:P) BEAST Attack \x96 CVE-2011-3389 CVSS v2 Base Score: See NVD advisory for the CVSS score. \x95Multiple Embedded Component Vulnerabilities Multiple vulnerabilities in the following embedded components of the SLES Operating System have been fixed: Kernel: CVE-2011-1044, CVE-2011-4110, CVE-2012-2136 perl: CVE-2002-2443 krb5: CVE-2013-1667 bind packages: CVE-2012-5166 CVSS v2 Base Score: See NVD advisory for the individual CVSS scores. Remote Information Disclosure vulnerability in OpenSSH - CVE-2012-0814 CVSS v2 Base Score: See NVD advisory for the CVSS score. Multiple vulnerabilities in Oracle Java and Apache Tomcat: This release also contains critical security updates for Oracle Java and Apache Tomcat. Oracle Java has been upgraded to 1.6.0_45 and Apache tomcat has been upgraded to 6.0.36. Please refer the following links for more information: Java: http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html Tomcat: https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36 CVSS v2 Base Score: See vendor advisory for the individual CVSS scores. Resolution: EMC recommends all customers to upgrade to VPLEX GeoSynchrony version 5.3 at their earliest opportunity. Link to remedies: Customers can download the software from Support Zone. Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Cygwin) iEYEARECAAYFAlMy6mgACgkQtjd2rKp+ALwqbACgmMupmaxQ1GTwg1a1onHdgo4Q BxYAn1iAOq12nZ2WudlyECe9hrNp/DEc =7q/t -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201405-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: OpenSSH: Multiple vulnerabilities Date: May 11, 2014 Bugs: #231292, #247466, #386307, #410869, #419357, #456006, #505066 ID: 201405-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSH, the worst of which may allow remote attackers to execute arbitrary code. Background ========== OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/openssh < 6.6_p1-r1 >= 6.6_p1-r1 Description =========== Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, or bypass environment restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSH users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-6.6_p1-r1" NOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them. References ========== [ 1 ] CVE-2008-5161 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5161 [ 2 ] CVE-2010-4478 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4478 [ 3 ] CVE-2010-4755 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4755 [ 4 ] CVE-2010-5107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5107 [ 5 ] CVE-2011-5000 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5000 [ 6 ] CVE-2012-0814 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0814 [ 7 ] CVE-2014-2532 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2532 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201405-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201201-0285 CVE-2011-4704 Voxofon Remote Unauthorized Access Vulnerability CVSS V2: 5.8
CVSS V3: -
Severity: MEDIUM
The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application. Voxofon is a VoIP program. Voxofon has security vulnerabilities that allow malicious applications to access and modify sensitive information, including SMS content, timestamps, contact phone numbers, delivery status, and more. Voxofon is prone to a remote unauthorized access vulnerability. An attacker can exploit this issue to read or modify SMS related content. This may aid in further attacks. Voxofon 2.4.3 is affected; other versions may also be vulnerable. ---------------------------------------------------------------------- SC Magazine awards the Secunia CSI a 5-Star rating Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296 ---------------------------------------------------------------------- TITLE: Voxofon - International Calls for Android Security Bypass Security Issue SECUNIA ADVISORY ID: SA47768 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47768/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47768 RELEASE DATE: 2012-02-06 DISCUSS ADVISORY: http://secunia.com/advisories/47768/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47768/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47768 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AppSec has reported a security issue in Voxofon - International Calls for Android, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an unspecified error and can be exploited to disclose certain sensitive information like e.g. Successful exploitation requires that a malicious application is installed. The security issue is reported in version 2.4.3. SOLUTION: Reportedly fixed in version 2.5.2. PROVIDED AND/OR DISCOVERED BY: Daoyuan Wu, Xiapu Luo, and Rocky K. C. Chang Department of Computing, The Hong Kong Polytechnic University ORIGINAL ADVISORY: http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4704-vulnerability-in-Voxofon.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201201-0284 CVE-2011-4703 Limit My Call Remote Unauthorized Access Vulnerability CVSS V2: 5.8
CVSS V3: -
Severity: MEDIUM
The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application. Nathaniel Kh Limit My Call is a web phone. Nathaniel Kh Limit My Call has a security vulnerability that allows malicious applications to access and modify user contacts and corresponding call records. Limit My Call is prone to a remote unauthorized access vulnerability. An attacker can exploit this issue to access and manipulate userâ??s contacts and calling logs. Limit My Call 2.11 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Limit My Call for Android Security Bypass Vulnerability SECUNIA ADVISORY ID: SA48420 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48420/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48420 RELEASE DATE: 2012-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/48420/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48420/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48420 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AppSec has reported a vulnerability in Limit My Call for Android, which can be exploited by malicious people to bypass certain security restrictions. Successful exploitation requires that a malicious application is installed. The vulnerability is reported in version 2.11. SOLUTION: Update to version 2.12. PROVIDED AND/OR DISCOVERED BY: Daoyuan Wu, Xiapu Luo, and Rocky K. C. Chang. ORIGINAL ADVISORY: AppSec: http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4703-vulnerability-in-LimitMyCall.html Limit My Call: http://nathanielkh.wordpress.com/android-app/limit-my-call/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201201-0278 CVE-2011-4697 Android for Xiaomi MiTalk Messenger Vulnerable to reading messaging information CVSS V2: 6.4
CVSS V3: -
Severity: MEDIUM
The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a crafted application. MiTalk is prone to a remote unauthorized access vulnerability. An attacker can exploit this issue to gain access to contacts, certain SMS data, buddy information, and to manipulate data. MiTalk 1.0, 2.1.280, and 2.1.310 are affected; other versions may also be vulnerable. Google Chrome is a web browser developed by Google (Google). Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: MiTalk Messenger for Android Security Bypass Security Issue SECUNIA ADVISORY ID: SA47767 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47767/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47767 RELEASE DATE: 2012-02-01 DISCUSS ADVISORY: http://secunia.com/advisories/47767/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47767/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47767 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AppSec has reported a security issue in MiTalk Messenger for Android, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an unspecified error and can be exploited to disclose certain sensitive information like e.g. Successful exploitation requires that a malicious application is installed. The security issue is reported in versions 2.1.280 and 2.1.310. SOLUTION: Reportedly fixed in the version released on 5th December 2011. PROVIDED AND/OR DISCOVERED BY: Daoyuan Wu, Xiapu Luo, and Rocky K. C. Chang Department of Computing, The Hong Kong Polytechnic University ORIGINAL ADVISORY: http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4697-vulnerability-in-MiTalk.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201201-0270 CVE-2011-4772 Android for 360 KouXin In SMS Message and contact list read vulnerability CVSS V2: 5.8
CVSS V3: -
Severity: MEDIUM
The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. 360 KouXin is prone to a remote unauthorized access vulnerability. An attacker can exploit this issue to access and manipulate userâ??s sensitive contacts and SMS messages. 360 KouXin 1.5.3 is affected; other versions may also be vulnerable. Google Chrome is a web browser developed by Google (Google). Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). A vulnerability exists in version 1.5.3 of the 360 ​​KouXin (com.qihoo360.kouxin) app for Android due to improperly securing data
VAR-201201-0267 CVE-2011-4769 Android for 360 MobileSafe In SMS Message and contact list read vulnerability CVSS V2: 5.8
CVSS V3: -
Severity: MEDIUM
The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.x before 2.3.0 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. 360 MobileSafe is prone to a remote unauthorized access vulnerability. An attacker can exploit this issue to access and manipulate a user's blacklist, SMS, contacts, and call logs. 360 MobileSafe 2.1.0 and 2.2.0 are affected; other versions may also be vulnerable. Google Chrome is a web browser developed by Google (Google). Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). A vulnerability exists in the 360 ​​MobileSafe (com.qihoo360.mobilesafe) app version 2.1.0 and 2.2.0 for Android due to failure to properly secure data. ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm ---------------------------------------------------------------------- TITLE: 360 MobileSafe for Android Security Bypass Security Issue SECUNIA ADVISORY ID: SA47838 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47838/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47838 RELEASE DATE: 2012-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/47838/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47838/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47838 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AppSec has reported a security issue in 360 MobileSafe for Android, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an unspecified error and can be exploited to disclose and manipulate certain sensitive information like e.g. Successful exploitation requires that a malicious application is installed. The security issue is reported in versions 2.1.0 and 2.2.0. SOLUTION: Reportedly fixed in version 2.3.0. PROVIDED AND/OR DISCOVERED BY: Daoyuan Wu, Xiapu Luo, and Rocky K. C. Chang, Department of Computing, The Hong Kong Polytechnic University ORIGINAL ADVISORY: http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4769-vulnerability-in-360MobileSafe.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201209-0281 CVE-2012-5004 Parallels H-Sphere Cross-Site Request Forgery Vulnerability CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html. Parallels H-Sphere offers multi-server host automation solutions for Linux, BSD and Windows platforms. A cross-site request forgery vulnerability exists in Parallels H-Sphere. Allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions in the target user context. H-Sphere includes its own controls panels, automated billing, and provisioning solution in a single integrated system. It is scalable to any number of boxes — more Web, mail, database, and Windows hosting servers can be added without downtime. Abstract: ========= A Vulnerability Laboratory researcher discovered multiple persistant cross site scripting vulnerabilities on Parallels H-Sphere 3.3 Patch1. Report-Timeline: ================ 2012-01-22: Public or Non-Public Disclosure Status: ======== Published Exploitation-Technique: ======================= Remote Severity: ========= Medium Details: ======== Multiple persistant cross site scripting vulnerabilities where detected on Parallels H-Sphere 3.3 Patch1. These vulnerabilities allow an remote attacker to hijack customer sessions via persistent cross site scripting. Successful exploitation can result in account steal, client side exploitation or phishing & session hijacking. These bugs are located on the admin panel of Parallels H-Sphere 3.3 Patch1. Vulnerbale Module(s): [+] Group Module [+] Extra Package Module Picture(s): ../1.png ../2.png Proof of Concept: ================= The vulnerability can be exploited by remote attackers with high account privileges(mod/admin) & required user inter action. For demonstration or reproduce ... [Poc 1] Open Link: http://demo.psoft.net/psoft/servlet/psoft.hsphere.CP/admin/1_0/psoft.hsphere.CP?template_name=admin/group_plans.html choose admin post xss on Group Name: <IFRAME SRC="javascript:alert('XSS');"></IFRAME> press add group. Result XSS! [Poc 2] Open link: http://demo.psoft.net/psoft/servlet/psoft.hsphere.CP/admin/1_0/psoft.hsphere.CP?template_name=admin/extra_packs/create_extra_pack.html Extra Pack Name put xss code: <IFRAME SRC="javascript:alert('XSS');"></IFRAME> Extra Package Prices set fee 1 recurrent fee 1 just click submit you will see result. Risk: ===== The security risk of the persistant cross site scripting vulnerabilities are estimated as medium(-). Credits: ======== Vulnerability Research Laboratory - Ucha Gobejishvili (longrifle0x) Disclaimer: =========== The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2012|Vulnerability-Lab -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: admin@vulnerability-lab.com or support@vulnerability-lab.com . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Parallels H-Sphere Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA47556 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47556/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47556 RELEASE DATE: 2012-01-24 DISCUSS ADVISORY: http://secunia.com/advisories/47556/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47556/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47556 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Vulnerability Lab has reported a vulnerability in Parallels H-Sphere, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add extra packages and group plans and conduct script insertion attacks by tricking a logged in user into visiting a malicious web site. The vulnerability is reported in version 3.3 Patch 1. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. ORIGINAL ADVISORY: http://www.vulnerability-lab.com/get_content.php?id=392 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201204-0129 CVE-2012-1805 Of multiple Koyo Electronics Industries products ECOM Ethernet Module buffer overflow vulnerability

Related entries in the VARIoT exploits database: VAR-E-201201-0658
CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Buffer overflow in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to execute arbitrary code via long strings in unspecified parameters. Koyo ECOM100 Ethernet is an Ethernet module. This module is used for communication between the PLC and the control system. There are several security vulnerabilities in Koyo ECOM100 Ethernet, including: (1) Using an 8-byte password weak authentication mechanism. (2) There is a replay attack. (3) The WEB server does not have any verification mechanism. (4) There is a buffer overflow in the WEB server. (5) There is a cross-site scripting attack on the WEB server. (6) The WEB server has a denial of service attack, which can consume a lot of resources. A buffer-overflow vulnerability. 2. A denial-of-service vulnerability. 3. Multiple security-bypass vulnerabilities. 4. A cross site-scripting vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, bypass some security restrictions, allow an attacker to steal cookie-based information, or execute script code in the context of the browser of an unsuspecting user; other attacks may also be possible. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Koyo ECOM100 Ethernet Module Cross-Site Scripting and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA47735 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47735/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47735 RELEASE DATE: 2012-01-23 DISCUSS ADVISORY: http://secunia.com/advisories/47735/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47735/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47735 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Koyo ECOM100 Ethernet Module, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: Filter malicious characters and character sequences in a proxy. Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Reid Wightman via Digital Bond\x92s SCADA Security Scientific Symposium (S4). ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-05.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201208-0696 CVE-2012-1340 Cisco MDS NX-OS of FCIP Service disruption in implementations (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 and 5.2 on MDS 9000 series switches allows remote attackers to cause a denial of service (module reload) via a crafted FCIP header, aka Bug ID CSCtn93151. The problem is Bug ID CSCtn93151 It is a problem.Skillfully crafted by a third party FCIP Service disruption via header ( Module reload ) There is a possibility of being put into a state. Cisco MDS NX-OS is used for operational systems on this switch. Cisco MDS NX-OS is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to cause the device to reload, resulting in a denial-of-service condition. This issue being tracked by Cisco bug ID CSCtn93151
VAR-201204-0133 CVE-2012-1808 Of multiple Koyo Electronics Industries products Web Vulnerability to execute unspecified functions on the server

Related entries in the VARIoT exploits database: VAR-E-201201-0658
CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors. Koyo ECOM100 Ethernet is an Ethernet module. This module is used for communication between the PLC and the control system. There are several security vulnerabilities in Koyo ECOM100 Ethernet, including: (1) Using an 8-byte password weak authentication mechanism. (2) There is a replay attack. (3) The WEB server does not have any verification mechanism. (4) There is a buffer overflow in the WEB server. (5) There is a cross-site scripting attack on the WEB server. (6) The WEB server has a denial of service attack, which can consume a lot of resources. A buffer-overflow vulnerability. 2. A denial-of-service vulnerability. 3. Multiple security-bypass vulnerabilities. 4. A cross site-scripting vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, bypass some security restrictions, allow an attacker to steal cookie-based information, or execute script code in the context of the browser of an unsuspecting user; other attacks may also be possible. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Koyo ECOM100 Ethernet Module Cross-Site Scripting and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA47735 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47735/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47735 RELEASE DATE: 2012-01-23 DISCUSS ADVISORY: http://secunia.com/advisories/47735/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47735/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47735 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Koyo ECOM100 Ethernet Module, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: Filter malicious characters and character sequences in a proxy. Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Reid Wightman via Digital Bond\x92s SCADA Security Scientific Symposium (S4). ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-05.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201204-0134 CVE-2012-1809 Of multiple Koyo Electronics Industries products Web Service disruption at the server ( Resource consumption ) Vulnerabilities

Related entries in the VARIoT exploits database: VAR-E-201201-0658
CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. Koyo ECOM100 Ethernet is an Ethernet module. This module is used for communication between the PLC and the control system. There are several security vulnerabilities in Koyo ECOM100 Ethernet, including: (1) Using an 8-byte password weak authentication mechanism. (2) There is a replay attack. (3) The WEB server does not have any verification mechanism. (4) There is a buffer overflow in the WEB server. (5) There is a cross-site scripting attack on the WEB server. A buffer-overflow vulnerability. 2. A denial-of-service vulnerability. 3. Multiple security-bypass vulnerabilities. 4. A cross site-scripting vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, bypass some security restrictions, allow an attacker to steal cookie-based information, or execute script code in the context of the browser of an unsuspecting user; other attacks may also be possible. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Koyo ECOM100 Ethernet Module Cross-Site Scripting and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA47735 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47735/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47735 RELEASE DATE: 2012-01-23 DISCUSS ADVISORY: http://secunia.com/advisories/47735/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47735/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47735 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Koyo ECOM100 Ethernet Module, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: Filter malicious characters and character sequences in a proxy. Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Reid Wightman via Digital Bond\x92s SCADA Security Scientific Symposium (S4). ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-05.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201204-0130 CVE-2012-1806 Of multiple Koyo Electronics Industries products ECOM Ethernet Module access vulnerability

Related entries in the VARIoT exploits database: VAR-E-201201-0658
CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 supports a maximum password length of 8 bytes, which makes it easier for remote attackers to obtain access via a brute-force attack. Koyo ECOM100 Ethernet is an Ethernet module. This module is used for communication between the PLC and the control system. There are several security vulnerabilities in Koyo ECOM100 Ethernet, including: (1) Using an 8-byte password weak authentication mechanism. (2) There is a replay attack. (3) The WEB server does not have any verification mechanism. (4) There is a buffer overflow in the WEB server. (5) There is a cross-site scripting attack on the WEB server. (6) The WEB server has a denial of service attack, which can consume a lot of resources. A buffer-overflow vulnerability. 2. A denial-of-service vulnerability. 3. Multiple security-bypass vulnerabilities. 4. A cross site-scripting vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, bypass some security restrictions, allow an attacker to steal cookie-based information, or execute script code in the context of the browser of an unsuspecting user; other attacks may also be possible. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Koyo ECOM100 Ethernet Module Cross-Site Scripting and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA47735 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47735/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47735 RELEASE DATE: 2012-01-23 DISCUSS ADVISORY: http://secunia.com/advisories/47735/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47735/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47735 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Koyo ECOM100 Ethernet Module, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: Filter malicious characters and character sequences in a proxy. Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Reid Wightman via Digital Bond\x92s SCADA Security Scientific Symposium (S4). ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-05.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201201-0038 CVE-2012-0053 Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability

Related entries in the VARIoT exploits database: VAR-E-201009-0028, VAR-E-201009-0031, VAR-E-201110-0002, VAR-E-201009-0034, VAR-E-201009-0027, VAR-E-201009-0032, VAR-E-201004-0004, VAR-E-201004-0006, VAR-E-201004-0001, VAR-E-201009-0037, VAR-E-201009-0036, VAR-E-201009-0033, VAR-E-201009-0035, VAR-E-201009-0029, VAR-E-201009-0030, VAR-E-201008-0003, VAR-E-201008-0004, VAR-E-201004-0003, VAR-E-201004-0005, VAR-E-201004-0002, VAR-E-201003-0018, VAR-E-201003-0020, VAR-E-201003-0011, VAR-E-201003-0012, VAR-E-201003-0023, VAR-E-201003-0024, VAR-E-201003-0014, VAR-E-201003-0013, VAR-E-201003-0025, VAR-E-201003-0021, VAR-E-201002-0002, VAR-E-201002-0001, VAR-E-200912-0008, VAR-E-200911-0011, VAR-E-200909-0011, VAR-E-200812-0006, VAR-E-200807-0001, VAR-E-201003-0019, VAR-E-201003-0022, VAR-E-201003-0015, VAR-E-200607-0001, VAR-E-201012-1021, VAR-E-201009-1222, VAR-E-201008-1448, VAR-E-201004-1923, VAR-E-200812-1342, VAR-E-201009-1221, VAR-E-200909-1131, VAR-E-201110-0794, VAR-E-201110-0793, VAR-E-201110-0791, VAR-E-201110-0796, VAR-E-201110-0792, VAR-E-201110-0785, VAR-E-201110-0786, VAR-E-201110-0784, VAR-E-201110-0789, VAR-E-201110-0787, VAR-E-201110-0790, VAR-E-201110-0795, VAR-E-201110-0788, VAR-E-201110-0783, VAR-E-201102-0766, VAR-E-201012-1020, VAR-E-201102-0765, VAR-E-201101-0759, VAR-E-201010-1179, VAR-E-201009-1223, VAR-E-201009-1224, VAR-E-201008-1449, VAR-E-201004-1925, VAR-E-201004-1921, VAR-E-201004-1922, VAR-E-201004-1924, VAR-E-201004-1920, VAR-E-201002-1340, VAR-E-201002-1339, VAR-E-200911-0655, VAR-E-200807-0889, VAR-E-200912-1885, VAR-E-200607-0733
CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. Apache HTTP Server is prone to an information-disclosure vulnerability. The issue occurs in the default error response for status code 400. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. The vulnerability affects Apache HTTP Server versions 2.2.0 through 2.2.21. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security update Advisory ID: RHSA-2012:0128-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0128.html Issue date: 2012-02-13 CVE Names: CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053 ===================================================================== 1. Summary: Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. It was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1391) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317) The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies. (CVE-2012-0053) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a ".htaccess" file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the "apache" user. (CVE-2011-3607) A flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown. (CVE-2012-0031) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 752080 - CVE-2011-3639 httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix 756483 - CVE-2011-4317 httpd: uri scheme bypass of the reverse proxy vulnerability CVE-2011-3368 fix 769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow 773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling 785069 - CVE-2012-0053 httpd: cookie exposure due to error responses 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm i386: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm x86_64: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm x86_64: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm ppc64: httpd-2.2.15-15.el6_2.1.ppc64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.ppc.rpm httpd-debuginfo-2.2.15-15.el6_2.1.ppc64.rpm httpd-devel-2.2.15-15.el6_2.1.ppc.rpm httpd-devel-2.2.15-15.el6_2.1.ppc64.rpm httpd-tools-2.2.15-15.el6_2.1.ppc64.rpm mod_ssl-2.2.15-15.el6_2.1.ppc64.rpm s390x: httpd-2.2.15-15.el6_2.1.s390x.rpm httpd-debuginfo-2.2.15-15.el6_2.1.s390.rpm httpd-debuginfo-2.2.15-15.el6_2.1.s390x.rpm httpd-devel-2.2.15-15.el6_2.1.s390.rpm httpd-devel-2.2.15-15.el6_2.1.s390x.rpm httpd-tools-2.2.15-15.el6_2.1.s390x.rpm mod_ssl-2.2.15-15.el6_2.1.s390x.rpm x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3607.html https://www.redhat.com/security/data/cve/CVE-2011-3639.html https://www.redhat.com/security/data/cve/CVE-2011-4317.html https://www.redhat.com/security/data/cve/CVE-2012-0031.html https://www.redhat.com/security/data/cve/CVE-2012-0053.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2011-1391.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPOXUIXlSAg2UNWIIRAg4AAJ9vTPttyKrbHbaSV7xCAzG89ytZgACfTSq+ HOLS5+cKusdo+jUiYKIV4mw= =fM2U -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This version of Apache is principally a security and bug fix release, including the following significant security fixes: * SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. * SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. * SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. * SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The Apache HTTP Project thanks halfdog, Context Information Security Ltd, Prutha Parikh of Qualys, and Norman Hippert for bringing these issues to the attention of the security team. We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade. Apache HTTP Server 2.2.22 is available for download from: http://httpd.apache.org/download.cgi Please see the CHANGES_2.2 file, linked from the download page, for a full list of changes. A condensed list, CHANGES_2.2.22 includes only those changes introduced since the prior 2.2 release. A summary of all of the security vulnerabilities addressed in this and earlier releases is available: http://httpd.apache.org/security/vulnerabilities_22.html This release includes the Apache Portable Runtime (APR) version 1.4.5 and APR Utility Library (APR-util) version 1.4.2, bundled with the tar and zip distributions. The APR libraries libapr and libaprutil (and on Win32, libapriconv version 1.2.1) must all be updated to ensure binary compatibility and address many known security and platform bugs. APR-util version 1.4 represents a minor version upgrade from earlier httpd source distributions, which previously included version 1.3. Apache 2.2 offers numerous enhancements, improvements, and performance boosts over the 2.0 codebase. For an overview of new features introduced since 2.0 please see: http://httpd.apache.org/docs/2.2/new_features_2_2.html This release builds on and extends the Apache 2.0 API. Modules written for Apache 2.0 will need to be recompiled in order to run with Apache 2.2, and require minimal or no source code changes. http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING When upgrading or installing this version of Apache, please bear in mind that if you intend to use Apache with one of the threaded MPMs (other than the Prefork MPM), you must ensure that any modules you will be using (and the libraries they depend on) are thread-safe. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03231301 Version: 1 HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-03-27 Last Updated: 2012-03-27 Potential Security Impact: Remote unauthorized disclosure of information, unauthorized modification, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache HTTP Server. The vulnerabilities could be exploited remotely resulting in unauthorized disclosure of information, unauthorized modification, or Denial of Service (DoS). References: CVE-2012-0053, CVE-2012-0031, CVE-2012-0021, CVE-2011-4317, CVE-2011-3607, CVE-2011-3368 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Network Node Manager (OV NNM) v7.53 running on HP-UX, Linux, and Solaris. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided a hotfix to resolve the vulnerabilities. The SSRT100772 hotfix is available by contacting the normal HP Services support channel. MANUAL ACTIONS: Yes - NonUpdate Install the hotfix for SSRT100772. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS (for HP-UX) For HP-UX OV NNM 7.53 HP-UX B.11.31 HP-UX B.11.23 (IA) HP-UX B.11.23 (PA) HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN,fr=B.07.50.00 action: install the hotfix for SSRT100772 END AFFECTED VERSIONS (for HP-UX) HISTORY Version:1 (rev.1) - 27 March 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. The apr-util package has also been updated to the latest version. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded. patches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded. PR 52256. [Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.4.1-i486-1_slack12.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.22-i486-1_slack12.0.tgz Updated packages for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.4.1-i486-1_slack12.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.22-i486-1_slack12.1.tgz Updated packages for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.4.1-i486-1_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.22-i486-1_slack12.2.tgz Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-util-1.4.1-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.22-i486-1_slack13.0.txz Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-util-1.4.1-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.22-x86_64-1_slack13.0.txz Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-util-1.4.1-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.22-i486-1_slack13.1.txz Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-util-1.4.1-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.22-x86_64-1_slack13.1.txz Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.22-i486-1_slack13.37.txz Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-util-1.4.1-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.22-x86_64-1_slack13.37.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.4.1-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.22-i486-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.4.1-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.22-x86_64-1.txz MD5 signatures: +-------------+ Slackware 12.0 packages: 3143affee7e89d16a2f5b4f58f1f2c9d apr-util-1.4.1-i486-1_slack12.0.tgz 86c2b71a544c9533794951f718bd907b httpd-2.2.22-i486-1_slack12.0.tgz Slackware 12.1 packages: aab31157fa672bb2bc11851b486c9d5c apr-util-1.4.1-i486-1_slack12.1.tgz 1362ef9a9b2d355e1cf9b5c7e0ae0607 httpd-2.2.22-i486-1_slack12.1.tgz Slackware 12.2 packages: f30f1f0a949f321b6aefb99a703eca3f apr-util-1.4.1-i486-1_slack12.2.tgz 18fd6ddd6e6bbf4a7222ade821ec1aa1 httpd-2.2.22-i486-1_slack12.2.tgz Slackware 13.0 packages: d3600fef7f1cabb62554417567fb55ab apr-util-1.4.1-i486-1_slack13.0.txz 0456c808efb92da333942ff939746d77 httpd-2.2.22-i486-1_slack13.0.txz Slackware x86_64 13.0 packages: d15c2e0a4aa074bbadfa50099da482b2 apr-util-1.4.1-x86_64-1_slack13.0.txz 1b72685b2519bbf167973d88dce562e1 httpd-2.2.22-x86_64-1_slack13.0.txz Slackware 13.1 packages: 9c7c2bb99c99f3a6275f0dc9636ce38c apr-util-1.4.1-i486-1_slack13.1.txz 49a5e4a73be2328d80cca186efe2f6f7 httpd-2.2.22-i486-1_slack13.1.txz Slackware x86_64 13.1 packages: 4f9dcb6495c04d3094cc68050440505b apr-util-1.4.1-x86_64-1_slack13.1.txz 1f378f8a4d990d7298e0155b22cfcf19 httpd-2.2.22-x86_64-1_slack13.1.txz Slackware 13.37 packages: 7feb382700511d72737c5a31e91ee56e apr-util-1.4.1-i486-1_slack13.37.txz 783de593b5827c8601e2b486cf98397f httpd-2.2.22-i486-1_slack13.37.txz Slackware x86_64 13.37 packages: 1bd4b3df67a0449f3015e82e47cd808d apr-util-1.4.1-x86_64-1_slack13.37.txz 8999903e736cbb29c055ea2bf66cfed1 httpd-2.2.22-x86_64-1_slack13.37.txz Slackware -current packages: e709c8056cede91c35fd354ad5b654df l/apr-util-1.4.1-i486-1.txz 97c295a42d4678537c62d6ce54d3e1fa n/httpd-2.2.22-i486-1.txz Slackware x86_64 -current packages: 55fdf36b05ff7e82aa9a015289290424 l/apr-util-1.4.1-x86_64-1.txz 09daa138b81fbf877596e4abc2a01bb6 n/httpd-2.2.22-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg apr-util-1.4.1-i486-1_slack13.37.txz httpd-2.2.22-i486-1_slack13.37.txz Then, restart the httpd daemon. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Hitachi Multiple Products Apache HTTP Server "httpOnly" Cookie Disclosure Vulnerability SECUNIA ADVISORY ID: SA51626 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51626/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51626 RELEASE DATE: 2012-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/51626/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51626/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51626 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged a vulnerability in multiple products, which can be exploited by malicious people to disclose potentially sensitive information. For more information see vulnerability #1 in: SA47779 Please see the vendor's advisory for a list of affected products. ORIGINAL ADVISORY: Hitachi (HS12-033): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-033/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function (CVE-2012-0031). Additionally APR and APR-UTIL has been upgraded to the latest versions 1.4.5 and 1.4.1 respectively which holds many improvments over the previous versions. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPKoIMmqjQ0CJFipgRApUPAKDybXSBuVY2HxRpnqQnFpCmVw9TjACgjD7S qoOiBUIAc3k8YDXisM5t9Gc= =3aR8 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address the following: Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.22 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A remote attacker may be able to cause a denial of service in systems configured to run BIND as a DNS nameserver Description: A reachable assertion issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4313 BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: A remote attacker may be able to cause a denial of service, data corruption, or obtain sensitive information from process memory in systems configured to run BIND as a DNS nameserver Description: A memory management issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1 on OS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. CVE-ID CVE-2012-1667 CoreText Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A bounds checking issue existed in the handling of text glyphs, which may lead to out of bounds memory reads or writes. This issue was addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-3716 : Jesse Ruderman of Mozilla Corporation Data Security Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update adds the involved sub-CA certificate to OS X's list of untrusted certificates. DirectoryService Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: If the DirectoryService Proxy is used, a remote attacker may cause a denial of service or arbitrary code execution Description: A buffer overflow existed in the DirectoryService Proxy. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion and Mountain Lion systems. CVE-ID CVE-2012-0650 : aazubel working with HP's Zero Day Initiative ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. These issues do not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048 ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative Installer Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Remote admins and persons with physical access to the system may obtain account information Description: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented user passwords from being recorded in the system log, but did not remove the old log entries. This issue was addressed by deleting log files that contained passwords. This issue does not affect Mac OS X 10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-0652 International Components for Unicode Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4599 Kernel Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. This issue was addressed by disabling handling of addresses in PT_STEP and PT_CONTINUE. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0643 : iOS Jailbreak Dream Team LoginWindow Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A local user may be able to obtain other user's login passwords Description: A user-installed input method could intercept password keystrokes from Login Window or Screen Saver Unlock. This issue was addressed by preventing user-installed methods from being used when the system is handling login information. CVE-ID CVE-2012-3718 : An anonymous researcher Mail Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing an e-mail message may lead to execution of web plugins Description: An input validation issue existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third- party plug-ins in Mail. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3719 : Will Dormann of the CERT/CC Mobile Accounts Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A user with access to the contents of a mobile account may obtain the account password Description: Creating a mobile account saved a hash of the password in the account, which was used to login when the mobile account was used as an external account. The password hash could be used to determine the user's password. This issue was addressed by creating the password hash only if external accounts are enabled on the system where the mobile account is created. CVE-ID CVE-2012-3720 : Harald Wagener of Google, Inc. PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: Multiple vulnerabilities in PHP Description: >PHP is updated to version 5.3.15 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2386 CVE-2012-2688 PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: PHP scripts which use libpng may be vulnerable to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PNG files. This issue was addressed by updating PHP's copy of libpng to version 1.5.10. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3048 Profile Manager Available for: OS X Lion Server v10.7 to v10.7.4 Impact: An unauthenticated user could enumerate managed devices Description: An authentication issue existed in the Device Management private interface. This issue was addressed by removing the interface. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3721 : Derick Cassidy of XEquals Corporation QuickLook Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .pict files. This issue was addressed through improved validation of .pict files. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL) QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of sean atoms. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. The Ruby OpenSSL module disabled the 'empty fragment' countermeasure which prevented these attacks. This issue was addressed by enabling empty fragments. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3389 USB Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Attaching a USB device may lead to an unexpected system termination or arbitrary code execution Description: A memory corruption issue existed in the handling of USB hub descriptors. This issue was addressed through improved handling of the bNbrPorts descriptor field. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3723 : Andy Davis of NGS Secure Note: OS X Mountain Lion v10.8.2 includes the content of Safari 6.0.1. For further details see "About the security content of Safari 6.0.1" at http://http//support.apple.com/kb/HT5502 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update 2012-004. For OS X Mountain Lion v10.8.1 The download file is named: OSXUpd10.8.2.dmg Its SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33 For OS X Mountain Lion v10.8 The download file is named: OSXUpdCombo10.8.2.dmg Its SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c For OS X Lion v10.7.4 The download file is named: MacOSXUpd10.7.5.dmg Its SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532 For OS X Lion v10.7 and v10.7.3 The download file is named: MacOSXUpdCombo10.7.5.dmg Its SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b For OS X Lion Server v10.7.4 The download file is named: MacOSXServerUpd10.7.5.dmg Its SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a For OS X Lion Server v10.7 and v10.7.3 The download file is named: MacOSXServerUpdCombo10.7.5.dmg Its SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e For Mac OS X v10.6.8 The download file is named: SecUpd2012-004.dmg Its SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-004.dmg Its SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e Qm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW pc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE DQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO QyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n 7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm 7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO BOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5 w4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3 +9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK q5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2 xyBfrQfG/dsif6jGHaot =8joH -----END PGP SIGNATURE-----
VAR-201201-0023 CVE-2011-3926 Used in multiple products Webkit Heap-based buffer overflow vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 16.0.912.77 are vulnerable. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201201-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: January 28, 2012 Bugs: #400551 ID: 201201-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 16.0.912.77 >= 16.0.912.77 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-16.0.912.77" References ========== [ 1 ] CVE-2011-3924 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3924 [ 2 ] CVE-2011-3925 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3925 [ 3 ] CVE-2011-3926 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3926 [ 4 ] CVE-2011-3927 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3927 [ 5 ] CVE-2011-3928 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3928 [ 6 ] Release Notes 16.0.912.77 http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23= .html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-17.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47694 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47694 RELEASE DATE: 2012-01-24 DISCUSS ADVISORY: http://secunia.com/advisories/47694/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47694/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47694 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which potentially can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists within the handling of DOM selections. 2) A use-after-free error exists within the DOM handling. 3) An uninitialised value exists within Skia. SOLUTION: Update to version 16.0.912.77. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1, 4) Arthur Gerkis 2) wushi of team509 via ZDI 3) miaubiz ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201201-0021 CVE-2011-3924 Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 16.0.912.77 are vulnerable. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201201-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: January 28, 2012 Bugs: #400551 ID: 201201-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 16.0.912.77 >= 16.0.912.77 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-16.0.912.77" References ========== [ 1 ] CVE-2011-3924 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3924 [ 2 ] CVE-2011-3925 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3925 [ 3 ] CVE-2011-3926 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3926 [ 4 ] CVE-2011-3927 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3927 [ 5 ] CVE-2011-3928 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3928 [ 6 ] Release Notes 16.0.912.77 http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23= .html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-17.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47694 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47694 RELEASE DATE: 2012-01-24 DISCUSS ADVISORY: http://secunia.com/advisories/47694/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47694/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47694 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which potentially can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists within the handling of DOM selections. 2) A use-after-free error exists within the DOM handling. 3) An uninitialised value exists within Skia. 4) An error within the tree builder can be exploited to cause a heap-based buffer overflow. SOLUTION: Update to version 16.0.912.77. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1, 4) Arthur Gerkis 2) wushi of team509 via ZDI 3) miaubiz ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201201-0025 CVE-2011-3928 Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling. Google Chrome Used in Webkit Is DOM Service operation is interrupted due to incomplete processing (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected. plural Apple Product Webkit A similar vulnerability exists for. Detail is Apple See vendor information for.Service disruption by a third party (DoS) You may be put into a state or affected by other details. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. When importing a node having a nonattribute property such as an attached event, an object is improperly freed and accessed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. Google Chrome is prone to multiple vulnerabilities. Versions prior to Chrome 16.0.912.77 are vulnerable. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 51641 (Google Chrome Prior to 16.0.912.77 Multiple Security Vulnerabilities) but has been given its own record to better document it. Google Chrome is a web browser developed by Google (Google). These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue is addressed through an improved domain name validity check. This issue does not affect OS X systems. Third-party websites could set cookies if the "Block Cookies" preference in Safari was set to the default setting of "From third parties and advertisers". CVE-ID CVE-2012-0640 : nshah WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, OS X Lion Server v10.7.3, Windows 7, Vista, XP SP2 or later Impact: HTTP authentication credentials may be inadvertently disclosed to another site Description: If a site uses HTTP authentication and redirects to another site, the authentication credentials may be sent to the other site. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201201-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: January 28, 2012 Bugs: #400551 ID: 201201-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 16.0.912.77 >= 16.0.912.77 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-16.0.912.77" References ========== [ 1 ] CVE-2011-3924 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3924 [ 2 ] CVE-2011-3925 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3925 [ 3 ] CVE-2011-3926 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3926 [ 4 ] CVE-2011-3927 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3927 [ 5 ] CVE-2011-3928 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3928 [ 6 ] Release Notes 16.0.912.77 http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23= .html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-17.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . - -- Vendor Response: WebKit.Org has issued an update to correct this vulnerability. More details can be found at: http://prod.lists.apple.com/archives/security-announce/2012/Mar/msg00003.html - -- Disclosure Timeline: 2011-12-22 - Vulnerability reported to vendor 2012-04-09 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * wushi of team509 - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-03-07-2 iOS 5.1 Software Update iOS 5.1 Software Update is now available and addresses the following: CFNetwork Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers. CVE-ID CVE-2012-0641 : Erling Ellingsen of Facebook HFS Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Mounting a maliciously crafted disk image may lead to a device shutdown or arbitrary code execution Description: An integer underflow existed with the handling of HFS catalog files. CVE-ID CVE-2012-0642 : pod2g Kernel Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. CVE-ID CVE-2012-0643 : 2012 iOS Jailbreak Dream Team libresolv Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Applications that use the libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of DNS resource records, which may lead to heap memory corruption. CVE-ID CVE-2011-3453 : Ilja van Sprundel of IOActive Passcode Lock Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A person with physical access to the device may be able to bypass the screen lock Description: A race condition issue existed in the handling of slide to dial gestures. This may allow a person with physical access to the device to bypass the Passcode Lock screen. CVE-ID CVE-2012-0644 : Roland Kohler of the German Federal Ministry of Economics and Technology Safari Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Web page visits may be recorded in browser history even when Private Browsing is active Description: Safari's Private Browsing is designed to prevent recording of a browsing session. Pages visited as a result of a site using the JavaScript methods pushState or replaceState were recorded in the browser history even when Private Browsing mode was active. This issue is addressed by not recording such visits when Private Browsing is active. CVE-ID CVE-2012-0585 : Eric Melville of American Express Siri Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: An attacker with physical access to a locked phone could get access to frontmost email message Description: A design issue existed in Siri's lock screen restrictions. If Siri was enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen, a voice command could be used to send that message to an arbitrary recipient. This issue is addressed by disabling forwarding of active messages from the lock screen. CVE-ID CVE-2012-0645 VPN Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A maliciously crafted system configuration file may lead to arbitrary code execution with system privileges Description: A format string vulnerability existed in the handling of racoon configuration files. CVE-ID CVE-2012-0646 : pod2g WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to the disclosure of cookies Description: A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins. CVE-ID CVE-2011-3887 : Sergey Glazunov WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website and dragging content with the mouse may lead to a cross-site scripting attack Description: A cross-origin issue existed in WebKit, which may allow content to be dragged and dropped across origins. CVE-ID CVE-2012-0590 : Adam Barth of Google Chrome Security Team WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: Multiple cross-origin issues existed in WebKit. CVE-ID CVE-2011-3881 : Sergey Glazunov CVE-2012-0586 : Sergey Glazunov CVE-2012-0587 : Sergey Glazunov CVE-2012-0588 : Jochen Eisinger of Google Chrome Team CVE-2012-0589 : Alan Austin of polyvore.com WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. CVE-ID CVE-2011-2825 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-2833 : Apple CVE-2011-2846 : Arthur Gerkis, miaubiz CVE-2011-2847 : miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2854 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2855 : Arthur Gerkis, wushi of team509 working with iDefense VCP CVE-2011-2857 : miaubiz CVE-2011-2860 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2867 : Dirk Schulze CVE-2011-2868 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2869 : Cris Neckar of Google Chrome Security Team using AddressSanitizer CVE-2011-2870 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2871 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2872 : Abhishek Arya (Inferno) and Cris Neckar of Google Chrome Security Team using AddressSanitizer CVE-2011-2873 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2877 : miaubiz CVE-2011-3885 : miaubiz CVE-2011-3888 : miaubiz CVE-2011-3897 : pa_kt working with TippingPoint's Zero Day Initiative CVE-2011-3908 : Aki Helin of OUSPG CVE-2011-3909 : Google Chrome Security Team (scarybeasts) and Chu CVE-2011-3928 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2012-0591 : miaubiz, and Martin Barbella CVE-2012-0592 : Alexander Gavrun working with TippingPoint's Zero Day Initiative CVE-2012-0593 : Lei Zhang of the Chromium development community CVE-2012-0594 : Adam Klein of the Chromium development community CVE-2012-0595 : Apple CVE-2012-0596 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0597 : miaubiz CVE-2012-0598 : Sergey Glazunov CVE-2012-0599 : Dmytro Gorbunov of SaveSources.com CVE-2012-0600 : Marshall Greenblatt, Dharani Govindan of Google Chrome, miaubiz, Aki Helin of OUSPG, Apple CVE-2012-0601 : Apple CVE-2012-0602 : Apple CVE-2012-0603 : Apple CVE-2012-0604 : Apple CVE-2012-0605 : Apple CVE-2012-0606 : Apple CVE-2012-0607 : Apple CVE-2012-0608 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0609 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0610 : miaubiz, Martin Barbella using AddressSanitizer CVE-2012-0611 : Martin Barbella using AddressSanitizer CVE-2012-0612 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0613 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0614 : miaubiz, Martin Barbella using AddressSanitizer CVE-2012-0615 : Martin Barbella using AddressSanitizer CVE-2012-0616 : miaubiz CVE-2012-0617 : Martin Barbella using AddressSanitizer CVE-2012-0618 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0619 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0620 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0621 : Martin Barbella using AddressSanitizer CVE-2012-0622 : Dave Levin and Abhishek Arya of the Google Chrome Security Team CVE-2012-0623 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0624 : Martin Barbella using AddressSanitizer CVE-2012-0625 : Martin Barbella CVE-2012-0626 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0627 : Apple CVE-2012-0628 : Slawomir Blazek, miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0629 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2012-0630 : Sergio Villar Senin of Igalia CVE-2012-0631 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2012-0632 : Cris Neckar of the Google Chrome Security Team using AddressSanitizer CVE-2012-0633 : Apple CVE-2012-0635 : Julien Chaffraix of the Chromium development community, Martin Barbella using AddressSanitizer Installation note: This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone, iPod touch or iPad is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone, iPod touch, or iPad. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone, iPod touch, or iPad is docked to your computer. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "5.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJPV6M3AAoJEGnF2JsdZQeef/cIAKBSn0czLzJO9fu6ZyjLRvxq 4pIZgfyEVGBzpn+9IeiGFTkkVf+bOsA+Q3RlcsG5g0RlbyFgnuWu59HHsnkrElbM bCfnnTF5eYZX/3fnLzxpX7BUsEona3nf1gHfR24OeEn36C8rZ6rZJfMLqCJNNZGY RDSga1oeMN/AbgZuR9sYKudkE0GOmkLZfR2G4WXmrU+JncR6XoROUwoJBPhg8z90 HAxgDEbduuLLOSe7CHLS3apbh0L2tmxPCWpiBmEMg6PTlFF0HhJQJ0wusrUc8nX6 7TDsAho73wCOpChzBGQeemc6+UEN2uDmUgwVkN6n4D/qN1u6E+d3coUXOlb8hIY= =qPeE -----END PGP SIGNATURE-----
VAR-201301-0158 CVE-2012-6441 Rockwell Automation ControlLogix Information Disclosure Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400. plural Rockwell Automation There are vulnerabilities in products that can capture important information.Skillfully crafted by a third party CIP Important information may be obtained through the packet. Rockwell Automation MicroLogix is a programmable controller platform. When the device receives a special request, it will disclose sensitive information. Rockwell's products are affected by this vulnerability: all EtherNet/IP products that comply with CIP and EtherNet/IP specifications. Allow arbitrary code execution or denial of service attacks. Rockwell Automation Controllogix has an input validation attack that allows an attacker to submit a malformed request to crash an application and require a physical restart for normal functionality. A security vulnerability exists in the Rockwell Automation Controllogix module startup code. Allow leaks of data. An attacker can exploit these issues to crash the affected application, denying service to legitimate users. Information obtained may aid in further attacks. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Rockwell Automation ControlLogix Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47737 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47737/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47737 RELEASE DATE: 2012-01-23 DISCUSS ADVISORY: http://secunia.com/advisories/47737/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47737/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47737 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Rockwell Automation ControlLogix, which can be exploited by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a vulnerable device. 1) An input validation error when processing certain commands can be exploited to cause a device to stop responding. 2) An input validation error when processing certain packets can be exploited to cause a device to stop responding. 3) An error when processing interface control commands can be exploited to cause a device to stop responding. 4) An error when processing the stop command can be exploited to cause a device to stop responding. 5) An error when processing the dump command can be exploited to disclose the device's boot code, which may contain sensitive information. 6) An error when processing the reset command can be exploited to cause a device to stop responding. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Ruben Santamarta via Digital Bond\x92s SCADA Security Scientific Symposium (S4). ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-Alert-12-020-02.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201201-0148 CVE-2012-0931 Schneider Electric Modicon Quantum PLC Service disruption in (DoS) Vulnerabilities

Related entries in the VARIoT exploits database: VAR-E-201201-0278
CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. Schneider Electric Modicon Quantum is an automated control platform with a full range of complete processors for complex process control and infrastructure. (2) There is a backdoor account that allows access to the system with user or administrator privileges. (3) The HTTP server has a buffer overflow, and the remote attacker can exploit the vulnerability for the denial of service attack. (4) There is a buffer overflow in the FTP server, and a remote attacker can exploit the vulnerability for a denial of service attack. (5) There is also a cross-site scripting attack. Schneider Electric Modicon Quantum is prone to multiple vulnerabilities including: 1. A remote code-execution vulnerability. 2. Multiple buffer-overflow vulnerabilities. 3. A security-bypass vulnerability. 4. A cross site-scripting vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, bypass some security restrictions, allow an attacker to steal cookie-based information, or execute script code in the context of the browser of an unsuspecting user; other attacks may also be possible. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Schneider Electric Modicon Quantum Cross-Site Scripting and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA47723 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47723/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47723 RELEASE DATE: 2012-01-23 DISCUSS ADVISORY: http://secunia.com/advisories/47723/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47723/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47723 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Schneider Electric Modicon Quantum Series Modules, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: Filter malicious characters and character sequences in a proxy. Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Ruben Santamarta via Digital Bond\x92s SCADA Security Scientific Symposium (S4). ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201201-0147 CVE-2012-0930 Schneider Electric Modicon Quantum PLC Cross-Site Scripting Vulnerability

Related entries in the VARIoT exploits database: VAR-E-201201-0278
CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Schneider Electric Modicon Quantum is an automated control platform with a full range of complete processors for complex process control and infrastructure. (2) There is a backdoor account that allows access to the system with user or administrator privileges. (3) The HTTP server has a buffer overflow, and the remote attacker can exploit the vulnerability for the denial of service attack. (4) There is a buffer overflow in the FTP server, and a remote attacker can exploit the vulnerability for a denial of service attack. (5) There is also a cross-site scripting attack. Schneider Electric Modicon Quantum is prone to multiple vulnerabilities including: 1. A remote code-execution vulnerability. 2. Multiple buffer-overflow vulnerabilities. 3. A security-bypass vulnerability. 4. A cross site-scripting vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, bypass some security restrictions, allow an attacker to steal cookie-based information, or execute script code in the context of the browser of an unsuspecting user; other attacks may also be possible. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Schneider Electric Modicon Quantum Cross-Site Scripting and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA47723 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47723/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47723 RELEASE DATE: 2012-01-23 DISCUSS ADVISORY: http://secunia.com/advisories/47723/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47723/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47723 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Schneider Electric Modicon Quantum Series Modules, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: Filter malicious characters and character sequences in a proxy. Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Ruben Santamarta via Digital Bond\x92s SCADA Security Scientific Symposium (S4). ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201210-0405 CVE-2012-5311 ComponentOne FlexGrid ActiveX Control Buffer Overflow Vulnerability CVSS V2: 9.3
CVSS V3: -
Severity: High
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0227. Reason: This candidate is a duplicate of CVE-2012-0227. Notes: All CVE users should reference CVE-2012-0227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Open Automation Software OPC Systems.NET Used in ComponentOne FlexGrid of VSFlex7.VSFlexGrid ActiveX The control contains a buffer overflow vulnerability.By a third party Archive Denial of service via an excessively long archive filename argument to the method (DoS) Could be put into a state and execute arbitrary code. OPC Systems.NET is a .NET product for SCADA, HMI. The ComponentOne FlexGrid ActiveX control has a buffer overflow that allows an attacker to exploit a vulnerability to construct a malicious link that tricks the user into parsing and executing arbitrary code in the context of the application. ComponentOne FlexGrid ActiveX Control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. ComponentOne FlexGrid 7.1 is vulnerable; other versions may also be affected