VARIoT IoT vulnerabilities database
| VAR-201012-0015 | CVE-2010-0125 | RealNetworks RealPlayer of AAC Vulnerability in spectral data analysis processing |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors. Real Networks RealPlayer is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application.
NOTE: This issue was previously discussed in BID 45327 (Real Networks RealPlayer Multiple Remote Vulnerabilities) but has been given its own record to better document it. RealPlayer is a software package released and maintained by Real Networks, which can be used to play multimedia files encoded in Real Media format. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
RealPlayer Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA38550
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/38550/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=38550
RELEASE DATE:
2010-12-12
DISCUSS ADVISORY:
http://secunia.com/advisories/38550/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/38550/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=38550
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in RealPlayer, which can
be exploited by malicious people to compromise a user's system.
1) An error exists when parsing RealAudio content encoded using the
"cook" codec. This can be exploited to trigger the use of
uninitialised memory and potentially cause a memory corruption via
e.g. a specially crafted RealMedia file.
2) An error in the handling of errors encountered while decoding
"cook"-encoded audio content can be exploited to trigger the use of
uninitialised memory and potentially free an arbitrary address.
3) An error in the parsing of AAC audio content can be exploited to
corrupt memory via specially crafted spectral data.
4) An array indexing error when parsing Media Properties Header
(MDPR) in a RealMedia file can be exploited to corrupt memory.
5) An input validation error when parsing a RealMedia file can be
exploited to cause a buffer overflow via a specially crafted
multi-rate audio stream.
6) An error in the processing of the "StreamTitle" tag in a SHOUTcast
stream using the ICY protocol can be exploited to cause an allocation
failure for heap memory, which can result in the usage of freed
pointers.
7) An integer overflow error when parsing a MLLT atom in an .AAC file
can be exploited to cause a buffer overflow.
8) An input validation error in the "pnen3260.dll" module in the
parsing of TIT2 atoms within AAC files can be exploited to corrupt
memory.
9) An integer overflow in the parsing of GIF87a files over the
streaming protocol RTSP can be exploited to cause a buffer overflow
via a large "Screen Width" size in the "Screen Descriptor" header.
10) An error in the parsing of audio codec information in a Real
Audio media file can be exploited to to cause a heap-based buffer
overflow via a large number of subbands.
11) An input validation error in drv2.dll when decompressing RV20
video streams can be exploited to corrupt heap memory.
12) An unspecified error related to "SIPR" parsing can be exploited
to corrupt heap memory.
13) An unspecified error related to "SOUND" processing can be
exploited to corrupt heap memory.
14) An unspecified error related to "AAC" processing can be exploited
to corrupt heap memory.
15) An unspecified error related to "RealMedia" processing can be
exploited to corrupt heap memory.
16) An unspecified error related to "RA5" processing can be exploited
to corrupt heap memory.
17) An integer overflow in "drv1.dll" when parsing SIPR stream
metadata can be exploited to cause a heap-based buffer overflow, e.g.
via the RealPlayer ActiveX control.
18) An input validation error in the processing of RealMedia files
can be exploited to corrupt heap memory.
19) An input validation error in the RealAudio codec when processing
RealMedia files can be exploited to corrupt heap memory.
20) An error in the "HandleAction" method in the RealPlayer ActiveX
control allows users to download and execute scripts in the "Local
Zone".
21) Input sanitisation errors in the "Custsupport.html", "Main.html",
and "Upsell.htm" components can be exploited to inject arbitrary code
into the RealOneActiveXObject process and load unsafe controls.
22) A boundary error in the parsing of cook-specific data used for
initialization can be exploited to cause a heap-based buffer
overflow.
23) An error in the parsing of MLTI chunks when processing Internet
Video Recording (.ivr) files can be exploited to cause a heap-based
buffer overflow via an invalid size for an embedded MDPR chunk.
24) An error in the parsing of MLTI chunks when processing Internet
Video Recording (.ivr) files can be exploited to corrupt heap memory
via an invalid number streams within the chunk.
25) An input validation error when parsing the RMX file format can be
exploited to cause a heap-based buffer overflow.
26) An error when decoding data for particular mime types within a
RealMedia file can be exploited to cause a heap-based buffer
overflow.
27) An error in the parsing of server headers can be exploited to
cause a heap-based buffer overflow via an image tag pointing to a
malicious server, which causes the player to fetch a remote file.
28) An error in the implementation of the Advanced Audio Coding
compression when decoding a conditional component of a data block
within an AAC frame can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Upgrade to RealPlayer 14.0.0 or later.
PROVIDED AND/OR DISCOVERED BY:
1, 2) Alin Rad Pop, Secunia Research.
3) Carsten Eiram, Secunia Research.
4) Anonymous and Hossein Lotfi, reported via ZDI.
5 - 11, 20, 21) Anonymous, reported via ZDI.
12 - 14) The vendor credits Nicolas Joly, Vupen
15) The vendor credits Chaouki Bekrar, Vupen
17) Aaron Portnoy, Zef Cekaj, and Logan Brown of TippingPoint DVLabs
18, 19) Omair, reported via iDefense.
22, 28) Damian Put, reported via ZDI.
23, 24) Aaron Portnoy and Logan Brown of TippingPoint DVLabs and Team
lollersk8erz.
25) Sebastian Apelt, reported via ZDI.
26) Sebastian Apelt and Andreas Schmidt, reported via ZDI.
27) AbdulAziz Hariri, reported via ZDI.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2010-9/
http://secunia.com/secunia_research/2010-14/
http://secunia.com/secunia_research/2010-15/
RealNetworks:
http://service.real.com/realplayer/security/12102010_player/en/
http://realnetworksblog.com/?p=2216
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-10-268/
http://www.zerodayinitiative.com/advisories/ZDI-10-266/
http://www.zerodayinitiative.com/advisories/ZDI-10-270/
http://www.zerodayinitiative.com/advisories/ZDI-10-273/
http://www.zerodayinitiative.com/advisories/ZDI-10-269/
http://www.zerodayinitiative.com/advisories/ZDI-10-271/
http://www.zerodayinitiative.com/advisories/ZDI-10-272/
http://www.zerodayinitiative.com/advisories/ZDI-10-274/
http://www.zerodayinitiative.com/advisories/ZDI-10-275/
http://www.zerodayinitiative.com/advisories/ZDI-10-276/
http://www.zerodayinitiative.com/advisories/ZDI-10-277/
http://www.zerodayinitiative.com/advisories/ZDI-10-278/
http://www.zerodayinitiative.com/advisories/ZDI-10-279/
http://www.zerodayinitiative.com/advisories/ZDI-10-281/
http://www.zerodayinitiative.com/advisories/ZDI-10-280/
http://www.zerodayinitiative.com/advisories/ZDI-10-282/
http://www.zerodayinitiative.com/advisories/ZDI-10-267/
TippingPoint DVLabs:
http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0216.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0212.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0213.html
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=883
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=884
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
======================================================================
2) Severity
Rating: Highly critical
Impact: System compromise
Where: Remote
======================================================================
3) Vendor's Description of Software
"RealPlayer\xae SP lets you download video from thousands of Websites
\x96 free! Just click on the "download this video" button above the video
you want. It's just that easy. Now you can watch your favorite videos
anywhere, anytime."
Product Link:
http://www.real.com/realplayer/
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in RealPlayer, which
can be exploited by malicious people to compromise a user's system.
======================================================================
6) Time Table
01/03/2010 - Vendor notified.
01/03/2010 - Vendor response.
11/03/2010 - Vendor provides status update.
19/10/2010 - Vendor provides status update.
29/11/2010 - Vendor provides status update.
10/12/2010 - Public disclosure.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2010-0125 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2010-15/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
| VAR-201012-0017 | CVE-2010-0121 | RealNetworks RealPlayer of cook Vulnerability in codec |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and attack vectors. Real Networks RealPlayer is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application.
NOTE: This issue was previously discussed in BID 45327 (Real Networks RealPlayer Multiple Remote Vulnerabilities) but has been given its own record to better document it. RealPlayer is a software package released and maintained by Real Networks, which can be used to play multimedia files encoded in Real Media format. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
RealPlayer Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA38550
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/38550/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=38550
RELEASE DATE:
2010-12-12
DISCUSS ADVISORY:
http://secunia.com/advisories/38550/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/38550/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=38550
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in RealPlayer, which can
be exploited by malicious people to compromise a user's system.
1) An error exists when parsing RealAudio content encoded using the
"cook" codec. This can be exploited to trigger the use of
uninitialised memory and potentially cause a memory corruption via
e.g. a specially crafted RealMedia file.
2) An error in the handling of errors encountered while decoding
"cook"-encoded audio content can be exploited to trigger the use of
uninitialised memory and potentially free an arbitrary address.
3) An error in the parsing of AAC audio content can be exploited to
corrupt memory via specially crafted spectral data.
4) An array indexing error when parsing Media Properties Header
(MDPR) in a RealMedia file can be exploited to corrupt memory.
5) An input validation error when parsing a RealMedia file can be
exploited to cause a buffer overflow via a specially crafted
multi-rate audio stream.
6) An error in the processing of the "StreamTitle" tag in a SHOUTcast
stream using the ICY protocol can be exploited to cause an allocation
failure for heap memory, which can result in the usage of freed
pointers.
7) An integer overflow error when parsing a MLLT atom in an .AAC file
can be exploited to cause a buffer overflow.
8) An input validation error in the "pnen3260.dll" module in the
parsing of TIT2 atoms within AAC files can be exploited to corrupt
memory.
9) An integer overflow in the parsing of GIF87a files over the
streaming protocol RTSP can be exploited to cause a buffer overflow
via a large "Screen Width" size in the "Screen Descriptor" header.
10) An error in the parsing of audio codec information in a Real
Audio media file can be exploited to to cause a heap-based buffer
overflow via a large number of subbands.
11) An input validation error in drv2.dll when decompressing RV20
video streams can be exploited to corrupt heap memory.
12) An unspecified error related to "SIPR" parsing can be exploited
to corrupt heap memory.
13) An unspecified error related to "SOUND" processing can be
exploited to corrupt heap memory.
14) An unspecified error related to "AAC" processing can be exploited
to corrupt heap memory.
15) An unspecified error related to "RealMedia" processing can be
exploited to corrupt heap memory.
16) An unspecified error related to "RA5" processing can be exploited
to corrupt heap memory.
17) An integer overflow in "drv1.dll" when parsing SIPR stream
metadata can be exploited to cause a heap-based buffer overflow, e.g.
via the RealPlayer ActiveX control.
18) An input validation error in the processing of RealMedia files
can be exploited to corrupt heap memory.
19) An input validation error in the RealAudio codec when processing
RealMedia files can be exploited to corrupt heap memory.
20) An error in the "HandleAction" method in the RealPlayer ActiveX
control allows users to download and execute scripts in the "Local
Zone".
21) Input sanitisation errors in the "Custsupport.html", "Main.html",
and "Upsell.htm" components can be exploited to inject arbitrary code
into the RealOneActiveXObject process and load unsafe controls.
22) A boundary error in the parsing of cook-specific data used for
initialization can be exploited to cause a heap-based buffer
overflow.
23) An error in the parsing of MLTI chunks when processing Internet
Video Recording (.ivr) files can be exploited to cause a heap-based
buffer overflow via an invalid size for an embedded MDPR chunk.
24) An error in the parsing of MLTI chunks when processing Internet
Video Recording (.ivr) files can be exploited to corrupt heap memory
via an invalid number streams within the chunk.
25) An input validation error when parsing the RMX file format can be
exploited to cause a heap-based buffer overflow.
26) An error when decoding data for particular mime types within a
RealMedia file can be exploited to cause a heap-based buffer
overflow.
27) An error in the parsing of server headers can be exploited to
cause a heap-based buffer overflow via an image tag pointing to a
malicious server, which causes the player to fetch a remote file.
28) An error in the implementation of the Advanced Audio Coding
compression when decoding a conditional component of a data block
within an AAC frame can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Upgrade to RealPlayer 14.0.0 or later.
PROVIDED AND/OR DISCOVERED BY:
1, 2) Alin Rad Pop, Secunia Research.
3) Carsten Eiram, Secunia Research.
4) Anonymous and Hossein Lotfi, reported via ZDI.
5 - 11, 20, 21) Anonymous, reported via ZDI.
12 - 14) The vendor credits Nicolas Joly, Vupen
15) The vendor credits Chaouki Bekrar, Vupen
17) Aaron Portnoy, Zef Cekaj, and Logan Brown of TippingPoint DVLabs
18, 19) Omair, reported via iDefense.
22, 28) Damian Put, reported via ZDI.
23, 24) Aaron Portnoy and Logan Brown of TippingPoint DVLabs and Team
lollersk8erz.
25) Sebastian Apelt, reported via ZDI.
26) Sebastian Apelt and Andreas Schmidt, reported via ZDI.
27) AbdulAziz Hariri, reported via ZDI.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2010-9/
http://secunia.com/secunia_research/2010-14/
http://secunia.com/secunia_research/2010-15/
RealNetworks:
http://service.real.com/realplayer/security/12102010_player/en/
http://realnetworksblog.com/?p=2216
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-10-268/
http://www.zerodayinitiative.com/advisories/ZDI-10-266/
http://www.zerodayinitiative.com/advisories/ZDI-10-270/
http://www.zerodayinitiative.com/advisories/ZDI-10-273/
http://www.zerodayinitiative.com/advisories/ZDI-10-269/
http://www.zerodayinitiative.com/advisories/ZDI-10-271/
http://www.zerodayinitiative.com/advisories/ZDI-10-272/
http://www.zerodayinitiative.com/advisories/ZDI-10-274/
http://www.zerodayinitiative.com/advisories/ZDI-10-275/
http://www.zerodayinitiative.com/advisories/ZDI-10-276/
http://www.zerodayinitiative.com/advisories/ZDI-10-277/
http://www.zerodayinitiative.com/advisories/ZDI-10-278/
http://www.zerodayinitiative.com/advisories/ZDI-10-279/
http://www.zerodayinitiative.com/advisories/ZDI-10-281/
http://www.zerodayinitiative.com/advisories/ZDI-10-280/
http://www.zerodayinitiative.com/advisories/ZDI-10-282/
http://www.zerodayinitiative.com/advisories/ZDI-10-267/
TippingPoint DVLabs:
http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0216.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0212.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0213.html
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=883
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=884
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
======================================================================
2) Severity
Rating: Highly critical
Impact: System access
Where: From remote
======================================================================
3) Vendor's Description of Software
"RealPlayer\xae SP lets you download video from thousands of Websites
\x96 free! Just click on the "download this video" button above the video
you want. It's just that easy. Now you can watch your favorite videos
anywhere, anytime."
Product Link:
http://www.real.com/realplayer/
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in RealPlayer, which
can be exploited by malicious people to potentially compromise a
user's system.
======================================================================
6) Time Table
24/02/2010 - Vendor notified.
25/02/2010 - Vendor response.
11/03/2010 - Vendor provides status update.
19/10/2010 - Vendor provides status update.
29/11/2010 - Vendor provides status update.
10/12/2010 - Public disclosure.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2010-0121 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2010-9/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
| VAR-201012-0368 | No CVE | D-Link DIR Router \"bsc_lan.php\" Secure Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
D-Link DIR is a wireless router for the SOHO series. The D-Link DIR implementation has an error that allows remote attackers to bypass security restrictions and modify device configuration. The device does not correctly restrict access to the \"bsc_lan.php\" script. Requests with \"NO_NEED_AUTH\" parameter \"1\" and \"AUTH_GROUP\" parameter \"0\" can directly access the management interface. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
D-Link DIR Routers "bsc_lan.php" Security Issue
SECUNIA ADVISORY ID:
SA42425
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42425/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42425
RELEASE DATE:
2010-12-07
DISCUSS ADVISORY:
http://secunia.com/advisories/42425/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42425/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42425
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Craig Heffner has reported a security issue in multiple D-Link DIR
routers, which can be exploited by malicious people to bypass certain
security restrictions and compromise a vulnerable device.
This may be related to vulnerability #5:
SA33692
SOLUTION:
Restrict access to trusted hosts only (e.g. via network access
control lists).
PROVIDED AND/OR DISCOVERED BY:
Craig Heffner
ORIGINAL ADVISORY:
http://www.devttys0.com/wp-content/uploads/2010/12/dlink_php_vulnerability.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201209-0075 | CVE-2010-5269 | Intel Threading Building Blocks of tbb.dll Vulnerability gained in |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
Untrusted search path vulnerability in tbb.dll in Intel Threading Building Blocks (TBB) 2.2.013 allows local users to gain privileges via a Trojan horse tbbmalloc.dll file in the current working directory, as demonstrated by a directory that contains a .pbk file. NOTE: some of these details are obtained from third party information. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlA local user can create a Trojan horse in the current working directory. tbbmalloc.dll It may be possible to get permission through the file. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Intel Threading Building Blocks (TBB) Insecure Library Loading
Vulnerability
SECUNIA ADVISORY ID:
SA42506
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42506/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42506
RELEASE DATE:
2010-12-07
DISCUSS ADVISORY:
http://secunia.com/advisories/42506/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42506/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42506
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Intel Threading Building
Blocks (TBB), which can be exploited by malicious people to
compromise a user's system.
The vulnerability is caused due to the "tbb.dll" loading libraries
(e.g. tbbmalloc.dll) in an insecure manner. This can be exploited to
load arbitrary libraries when an application using this library e.g.
opens a file located on a remote WebDAV or SMB share.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 2.2.013. Other versions may
also be affected.
SOLUTION:
Upgrade to version 3.0.4.127.
PROVIDED AND/OR DISCOVERED BY:
Originally reported in a CORE IMPACT exploit module for Adobe Pixel
Bender Toolkit by Core Security Technologies.
Additional information provided by Secunia Research.
ORIGINAL ADVISORY:
http://www.coresecurity.com/content/adobe-pixel-bender-toolkit-tbbmalloc-dll-hijacking-exploit-10-5
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0350 | CVE-2010-3920 | Vulnerability in Epson printer driver installer where access permissions are changed |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories. As a result, users that do not have permission to access that folder can gain access to that folder. According to the developer, printer drivers that were included with the product or downloaded from the developer website from the initial release of May 2010 through November 25, 2010 are affected by this vulnerability. Also, users of Windows Vista and later operating systems are not affected. The Epson LP-S7100 / LP-S9000 is a family of high performance printers. There is a problem with the Epson LP-S7100 / LP-S9000 driver installation, allowing local users to increase privileges. Because the default permissions for \"C:\\Program Files\" and its subdirectories are not set correctly (\"Everyone\" group is fully controlled), local users can exploit the vulnerability to overwrite any file in these folders, resulting in elevation of privilege.
Local attackers can exploit this issue to gain elevated privileges on affected devices.
The following driver versions are vulnerable:
LP-S7100 4.1.0fi through 4.1.7fi and 4.1.0hi through 4.1.7hi
LP-S9000 4.1.0fc through 4.1.11fc and 4.1.0hc through 4.1.11hc. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Epson LP-S7100 / LP-S9000 Drivers Insecure Default Permissions
SECUNIA ADVISORY ID:
SA42540
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42540/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42540
RELEASE DATE:
2010-12-08
DISCUSS ADVISORY:
http://secunia.com/advisories/42540/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42540/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42540
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A security issue has been reported in Epson LP-S7100 / LP-S9000
drivers, which can be exploited by malicious, local users to gain
escalated privileges.
The security issue is reported in the following versions:
* LP-S7100 32bit edition versions 4.1.0fi through 4.1.7fi
* LP-S7100 64bit edition versions 4.1.0hi through 4.1.7hi
* LP-S9000 32bit edition versions 4.1.0fc through 4.1.11fc
* LP-S9000 64bit edition versions 4.1.0hc through 4.1.11hc
SOLUTION:
Update to a patched version and reset permissions. Please see the
vendor's advisory for more details.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.epson.jp/support/misc/lps7100_9000/index.htm
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0106 | CVE-2010-4557 | Invensys Wonderware InBatch lm_tcp Service Buffer Overflow Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8.1 and 9.0, as used in Invensys Foxboro I/A Series Batch 8.1 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request to port 9001. Invensys Wonderware InBatch and Foxboro I/A Series Batch of lm_tcp The service can experience buffer overflow. Wonderware InBatch and Foxboro I/A Batch of database lock manager (lm_tcp) The service includes 150 When copying a string to a byte buffer, a buffer overflow can occur. This service is 9001/tcp using.lm_tcp Service disruption by a third party with access to the service (DoS) An attacker may be able to attack or execute arbitrary code. RDM Embedded is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. The issue affects the 'lm_tcp' service. Failed exploit attempts may crash the application, denying service to legitimate users.
The issue affects lm_tcp <= 9.0.0 0248.18.0.0; other versions may also be affected. Wonderware InBatch is prone to a denial-of-service vulnerability. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Wonderware InBatch / Foxboro I/A Series "lm_tcp" Buffer Overflow
Vulnerability
SECUNIA ADVISORY ID:
SA42528
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42528/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42528
RELEASE DATE:
2010-12-24
DISCUSS ADVISORY:
http://secunia.com/advisories/42528/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42528/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42528
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Wonderware InBatch and Foxboro
I/A Series Batch, which can be exploited by malicious people to cause
a DoS (Denial of Service) and potentially compromise a vulnerable
system. write 16bits with the value 0 (0x0000) to an arbitrary
memory location by sending a specially crafted packet to port 9001.
SOLUTION:
Apply patches when available. See vendor's advisory for possible
mitigation steps.
PROVIDED AND/OR DISCOVERED BY:
Luigi Auriemma
ORIGINAL ADVISORY:
Luigi Auriemma:
http://aluigi.altervista.org/adv/inbatch_1-adv.txt
Invensys:
http://iom.invensys.com/EN/Pages/IOM_CyberSecurityUpdates.aspx
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0213 | CVE-2010-3801 | Apple QuickTime Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file. User interaction is required in that a user must be coerced into opening up a malicious document or visiting a malicious website.The specific flaw exists within the way the application parses a particular property out of a flashpix file. The application will explicitly trust a field in the property as a length for a loop over an array of data structures. If this field's value is larger than the number of objects, the application will utilize objects outside of this array. Successful exploitation can lead to code execution under the context of the application.
Versions prior to QuickTime 7.6.9 on both Mac OS X and Windows platforms are vulnerable. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. ZDI-10-259: Apple QuickTime FPX Subimage Count Out-of-bounds Counter Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-259
December 7, 2010
-- CVE ID:
CVE-2010-3801
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Apple
-- Affected Products:
Apple Quicktime
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 10654.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT4447
-- Disclosure Timeline:
2010-06-01 - Vulnerability reported to vendor
2010-12-07 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Damian Put
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
. Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/
Apple Quicktime Memory Corruption when parsing FPX files
CVE-2010-3801
INTRODUCTION
Apple Quicktime is a "powerful media technology that works on Mac and PC with just about
every popular video or audio format you come across. So you can play the digital media
you want to play".
QuickTime player does not properly parse .fpx media files, which causes a memory corruption by
opening a malformed file with an invalid value located in PoC repro.fpx at offset 0x49.
This problem was confirmed in the following versions of Apple Quicktime and browsers, other
versions may be also affected.
QuickTime Player version 7.6.8 (1675) in all Operating Systems
QuickTime Player version 7.6.6 (1671) in all Operating Systems
CVSS Scoring System
The CVSS score is: 9
Base Score: 10
Temporal Score: 9
We used the following values to calculate the scores:
Base score is: AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal score is: E:POC/RL:U/RC:C
TRIGGERING THE PROBLEM
The problem is triggered by PoC repro.fpx which causes invalid memory access in all the
refered versions and is available to interested parties only.
DETAILS
Disassembly:
668E2387 F7C7 03000000 TEST EDI,3
668E238D 75 15 JNZ SHORT QuickT_1.668E23A4
668E238F C1E9 02 SHR ECX,2
668E2392 83E2 03 AND EDX,3
668E2395 83F9 08 CMP ECX,8
668E2398 72 2A JB SHORT QuickT_1.668E23C4
668E239A F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] <----- Crash Here
EDI = 0x089A0020
ESI = 0x61626364
(3e8.e3c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=61626560 ebx=00000000 ecx=0000007f edx=00000000 esi=61626364 edi=06d80020
eip=668e239a esp=0012dfbc ebp=0012dfc4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
668e239a f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
0:000> !exploitable
Exploitability Classification: PROBABLY_EXPLOITABLE
Recommended Bug Title: Probably Exploitable - Read Access Violation on Block Data Move starting at QuickTime!CallComponentFunctionWithStorage+0x000000000003f20a (Hash=0x4b1e3917.0x4f031b17)
This is a read access violation in a block data move, and is therefore classified as probably exploitable.
CREDITS
This vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT).
Rodrigo Rubira Branco
Senior Security Researcher
Vulnerability Discovery Team (VDT)
Check Point Software Technologies
http://www.checkpoint.com/defense
| VAR-201012-0212 | CVE-2010-3800 | Apple QuickTime Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the application's implementation of a custom compression algorithm. The application will trust a field within a DirectBitsRect structure which is used for an allocation, and later attempt to decompress data into this buffer. Due to the value for the allocation being different from the length of the data being decompressed a buffer overflow will occur which can lead to code execution with the privileges of the application. This can lead to code execution under the context of the application.
Versions prior to QuickTime 7.6.9 on both Mac OS X and Windows platforms are vulnerable. The software is capable of handling multiple sources such as digital video, media segments, and more. More
details can be found at:
http://support.apple.com/kb/HT4447
-- Disclosure Timeline:
2010-11-05 - Vulnerability reported to vendor
2010-12-07 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Moritz Jodeit of n.runs AG
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
. iDefense Security Advisory 12.07.10
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 07, 2010
I. BACKGROUND
QuickTime is Apple's media player product used to render video and other
media. The PICT file format was developed by Apple Inc. in 1984. PICT
files can contain both object-oriented images and bitmaps. For more
information visit http://www.apple.com/quicktime/
II.
The vulnerability specifically exists in the way specially crafted PICT
image files are handled by the QuickTime PictureViewer.
When processing specially crafted PICT image files, Quicktime
PictureViewer uses a set value from the file to control the length of a
byte swap operation. The byte swap operation is used to convert big
endian data to little endian data. QuickTime fails to validate the
length value properly before using it.
III. To exploit this vulnerability, an
attacker must persuade a victim into using QuickTime to open a
specially crafted PICT picture file. This could be accomplished by
either direct link or referenced from a website under the attacker's
control. An attacker could host a Web page containing a malformed PICT
file. Upon visiting the malicious Web page exploitation would occur and
execution of arbitrary code would be possible. Alternatively a PICT file
could be attached within an e-mail file.
IV.
V. WORKAROUND
iDefense recommends disabling the QuickTime Plugin and altering the
.pct, .pic and .pict filetype associations within the registry.
Disabling the plugin will prevent Web browsers from utilizing QuickTime
Player to view associated media files. Removing the filetype
associations within the registry will prevent QuickTime Player and
Picture Viewer from opening .pct, .pic and .pict files.
VI. VENDOR RESPONSE
Apple Inc. has released patches which addresses this issue. For more
information, consult their advisory at the following URL:
http://support.apple.com/kb/HT4447
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2010-3800 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
03/31/2010 Initial Vendor Notification
03/31/2010 Initial Vendor Reply
12/07/2010 Coordinated Public Disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Hossein Lotfi (s0lute).
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2010 iDefense, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information
| VAR-201012-0209 | CVE-2010-3802 | Apple QuickTime Integer sign error vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file. User interaction is required to exploit this vulnerability in that a user must be coerced into visiting a malicious page or opening a malicious file.The specific flaw exists within Apple's support for Panoramic Images and occurs due to the application trusting a particular field for calculation of an offset. Due to the field being treated as a signed integer, the calculated offset can result in a pointer outside the bounds of the expected buffer. Upon usage of this out-of-bounds pointer, the application will write proceed to write image data to the invalid location. Successful exploitation can lead to code execution under the context of the application.
Successful exploits allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
Versions prior to QuickTime 7.6.9 on both Mac OS X and Windows platforms are vulnerable. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT4447
-- Disclosure Timeline:
2010-03-22 - Vulnerability reported to vendor
2010-12-07 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
| VAR-201012-0195 | CVE-2010-1508 | Windows Run on Apple QuickTime Heap-based buffer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Quicktime.qts module responsible for parsing media files. While handling 3GP streams a function within this module a loop trusts a value directly from the media file and uses it during memory copy operations. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution under the context of the user accessing the file.
Successful exploits allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
Versions prior to QuickTime 7.6.9 on both Mac OS X and Windows platforms are vulnerable. Apple QuickTime is a very popular multimedia player. A heap overflow vulnerability exists in QuickTime's handling of Track Header (tkhd) atoms. Viewing a specially crafted video could cause an unexpected application termination or arbitrary code execution. ======================================================================
Secunia Research 08/12/2010
- QuickTime Track Dimensions Buffer Overflow Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10
======================================================================
1) Affected Software
* Apple QuickTime 7.6.6 and 7.6.8
NOTE: Other versions may also be affected.
======================================================================
2) Severity
Rating: Highly critical
Impact: System compromise
Where: Remote
======================================================================
3) Vendor's Description of Software
"When you hop aboard QuickTime 7 Player, you\x92re assured of a truly
rich multimedia experience.".
Product Link:
http://www.apple.com/quicktime/player/
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in QuickTime, which
can be exploited by malicious people to compromise a user's system.
The vulnerability is caused by a boundary error when copying track
content based on the track's dimensions and can be exploited to cause
a heap-based buffer overflow.
Successful exploitation may allow execution of arbitrary code.
======================================================================
5) Solution
Update to version 7.6.9
======================================================================
6) Time Table
04/05/2010 - Vendor notified.
05/05/2010 - Vendor response.
12/10/2010 - Vendor provides status update.
08/12/2010 - Public disclosure.
======================================================================
7) Credits
Discovered by Carsten Eiram, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2010-1508 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2010-72/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT4447
-- Disclosure Timeline:
2010-01-06 - Vulnerability reported to vendor
2010-12-07 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Moritz Jodeit of n.runs AG
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
| VAR-201012-0046 | CVE-2010-4009 | Apple QuickTime Integer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. Apple QuickTime is prone to a remote code-execution vulnerability because of an integer-overflow error.
Successful exploits allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
Versions prior to QuickTime 7.6.9 on both Mac OS X and Windows platforms are vulnerable. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more
| VAR-201012-0018 | CVE-2010-0530 | Windows Run on Apple QuickTime Vulnerability in which important information is obtained |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory. Apple QuickTime for Windows is prone to a local information-disclosure vulnerability.
A local attacker can exploit this issue to obtain sensitive information that may aid in further attacks.
Versions prior to Apple QuickTime 7.6.9 are vulnerable. The software is capable of handling multiple sources such as digital video, media segments, and more
| VAR-201012-0374 | No CVE | D-Link DIR-615 \"tools_admin.php\" does not properly filter vulnerabilities |
CVSS V2: - CVSS V3: - Severity: - |
The D-Link DIR-615 is a small wireless router. D-Link DIR-615 has a bug in its implementation. The input to the \"pingIP\" parameter passed to tools_vct.php was not properly filtered before being returned to the user. A malicious attacker could exploit this vulnerability to bypass certain security restrictions and control the affected device. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
D-Link DIR-615 "tools_admin.php" Security Issue
SECUNIA ADVISORY ID:
SA42439
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42439/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42439
RELEASE DATE:
2010-12-02
DISCUSS ADVISORY:
http://secunia.com/advisories/42439/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42439/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42439
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Karol Celinski has reported a vulnerability in D-Link DIR-615, which
can be exploited by malicious people to bypass certain security
restrictions and compromise a vulnerable device.
For more information see vulnerability #4:
SA33692
The vulnerability is reported in firmware versions prior to revision
D.4-13B01.
SOLUTION:
Update to the latest firmware version.
PROVIDED AND/OR DISCOVERED BY:
Karol Celinski
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0193 | CVE-2010-4180 | Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a security weakness that may allow attackers to downgrade the ciphersuite.
Successfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information or gain unauthorized access to an affected application that uses OpenSSL.
Releases prior to OpenSSL 1.0.0c are affected. ===========================================================
Ubuntu Security Notice USN-1029-1 December 08, 2010
openssl vulnerabilities
CVE-2008-7270, CVE-2010-4180
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libssl0.9.8 0.9.8a-7ubuntu0.14
Ubuntu 8.04 LTS:
libssl0.9.8 0.9.8g-4ubuntu3.13
Ubuntu 9.10:
libssl0.9.8 0.9.8g-16ubuntu3.5
Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.5
Ubuntu 10.10:
libssl0.9.8 0.9.8o-1ubuntu4.3
After a standard system update you need to reboot your computer to make
all the necessary changes. An attacker could possibly take advantage of this to
force the use of a disabled cipher. This vulnerability only affects
the versions of OpenSSL in Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and
Ubuntu 9.10. (CVE-2008-7270)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14.diff.gz
Size/MD5: 67296 3de8e480bcec0653b94001366e2f1f27
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14.dsc
Size/MD5: 1465 a5f93020840f693044eb64af528fd01e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_amd64.udeb
Size/MD5: 572012 b3792d19d5f7783929e473b6eb1e239c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_amd64.deb
Size/MD5: 2181644 746b74e9b6c42731ff2021c396789708
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_amd64.deb
Size/MD5: 1696628 abe942986698bf86938312c5e344e0ba
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_amd64.deb
Size/MD5: 880292 9d6d854dcef14c90ce24c1aa232a418a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_amd64.deb
Size/MD5: 998466 9c51c334fd6c0b7c7b73340a01af61c8
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_i386.udeb
Size/MD5: 509644 e1617d062d546f7dad2298bf6463bc3c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_i386.deb
Size/MD5: 2031000 6755c67294ab2ff03255a3bf7079ab26
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_i386.deb
Size/MD5: 5195206 37fcd0cdefd012f0ea7d79d0e6a1b48f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_i386.deb
Size/MD5: 2660326 9083ddc71b89e4f4e95c4ca999bcedba
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_i386.deb
Size/MD5: 979408 518eaad303d089ab7dcc1b89fd019f19
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_powerpc.udeb
Size/MD5: 558018 0e94d5f570a83f4b41bef642e032c256
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_powerpc.deb
Size/MD5: 2189034 6588292725cfa33c8d56a61c3d8120b1
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_powerpc.deb
Size/MD5: 1740524 0b98e950e59c538333716ee939710150
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_powerpc.deb
Size/MD5: 865778 d1e44ecc73dea8a8a11cd4d6b7c38abf
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_powerpc.deb
Size/MD5: 984342 a3ff875c30b6721a1d6dd59d9a6393e0
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_sparc.udeb
Size/MD5: 531126 7f598ce48b981eece01e0a1044bbdcc5
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_sparc.deb
Size/MD5: 2099640 38d18490bd40fcc6ee127965e460e6aa
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_sparc.deb
Size/MD5: 3977666 f532337b8bc186ee851d69f8af8f7fe3
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_sparc.deb
Size/MD5: 2101356 501fd6e860368e3682f9d6035ed3413d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_sparc.deb
Size/MD5: 992232 52bd2a78e8d2452fbe873658433fbe45
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13.diff.gz
Size/MD5: 73984 2e4386a45d0f3a7e3bbf13f1cd4f62fb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13.dsc
Size/MD5: 1563 40d181ca10759fb3d78a24d3b61d6055
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz
Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.13_all.deb
Size/MD5: 631720 68f4c61790241e78736eb6a2c2280a0d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_amd64.udeb
Size/MD5: 604222 f1aeb30abc9ff9f73749dced0982c312
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_amd64.deb
Size/MD5: 2084282 472728da8f3b8474d23e128ab686b777
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_amd64.deb
Size/MD5: 1621532 4aad22d7f98d57f9d582123f354bb499
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_amd64.deb
Size/MD5: 941454 fbeb5e8cc138872158931bbde0be2336
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_amd64.deb
Size/MD5: 392758 e337373509761ee9c3e54d26c3867cd6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_i386.udeb
Size/MD5: 564986 a9cfb58458322b5c3253f5f21fcdff83
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_i386.deb
Size/MD5: 1951390 187734df71deb12de0aa6ba3da3ddfb2
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_i386.deb
Size/MD5: 5415092 1919e018dc2473d10f05626cfdd4385a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_i386.deb
Size/MD5: 2859870 7b5ef116df18489408becd21d9d52649
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_i386.deb
Size/MD5: 387802 2fb486f8f17dfc6d384e54465f66f8a9
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_lpia.udeb
Size/MD5: 535616 d196d8b0dc3d0c9864862f88a400f46e
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_lpia.deb
Size/MD5: 1932070 bc1a33e24ce141477caf0a4145d10284
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_lpia.deb
Size/MD5: 1532992 6e69c3e3520bafbdbfbf2ff09a822530
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_lpia.deb
Size/MD5: 852392 07d0adb80cd03837fd9d8ecbda86ea09
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_lpia.deb
Size/MD5: 392096 c90b67fc5dbc0353a60b840ccdd632bd
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_powerpc.udeb
Size/MD5: 610446 e5db78f8999ea4da0e5ac1b6fdc35618
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_powerpc.deb
Size/MD5: 2091338 70f449d9738b0a05d293d97facb87f5e
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_powerpc.deb
Size/MD5: 1658830 5dba0f3b3eb2e8ecc9953a5eba7e9339
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_powerpc.deb
Size/MD5: 953732 406c11752e6a69cea4f7c65e5c23f2bb
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_powerpc.deb
Size/MD5: 401076 c7572a53be4971e4537e1a3c52497a85
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_sparc.udeb
Size/MD5: 559792 69edc52b1e3b34fcb302fc7a9504223e
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_sparc.deb
Size/MD5: 1995782 dbf2c667cf2be687693d435e52959cfa
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_sparc.deb
Size/MD5: 3927018 4a16b21b3e212031f4bd6e618197f8e2
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_sparc.deb
Size/MD5: 2264418 d0e9ea2c9df5406bf0b94746ce34a189
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_sparc.deb
Size/MD5: 400272 6adb67ab18511683369b980fddb15e94
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5.diff.gz
Size/MD5: 75247 09b8215b07ab841c39f8836ca47ee01d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5.dsc
Size/MD5: 2078 0f11b8b1f104fdd3b7ef98b8f289e57a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz
Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-16ubuntu3.5_all.deb
Size/MD5: 642466 eecc336759fa7b99eaed2ef541499e97
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_amd64.udeb
Size/MD5: 628186 29b1c5d8b32a0678a48d0a89556508e3
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_amd64.deb
Size/MD5: 2119392 d6862813a343ee9472b90f7139e7dc48
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_amd64.deb
Size/MD5: 1642856 2d76609a9262f9b5f2784c23e451baff
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_amd64.deb
Size/MD5: 967526 afc32aefadd062851e456216d11d5a97
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_amd64.deb
Size/MD5: 402562 5aa66b898f890baac5194ada999ab1d3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_i386.udeb
Size/MD5: 571494 c6ac5d5bce8786699abf9fd852c46393
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_i386.deb
Size/MD5: 1979806 bdeb6615f192f714451544068c74812d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_i386.deb
Size/MD5: 5630550 f26ccb94e593f7086a4e3b71cff68e3f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_i386.deb
Size/MD5: 2927046 5e0b91471526f867012b362cdcda1068
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_i386.deb
Size/MD5: 397776 07f6c0d04be2bd89d8e40fd8c13285bc
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_armel.udeb
Size/MD5: 541448 2491f890b8dd2e0a93416d423ec5cc1b
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_armel.deb
Size/MD5: 1965226 20c3261921cd9d235ed2647f0756b045
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_armel.deb
Size/MD5: 1540070 9ffa955952e4d670ad29a9b39243d629
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_armel.deb
Size/MD5: 856998 0be4e4cd43bed15fc8363a879bf58c39
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_armel.deb
Size/MD5: 393692 802f3c5abea68a6054febb334452a7c0
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_lpia.udeb
Size/MD5: 547524 6c19d36e99270da89d4adf0f76bdb0eb
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_lpia.deb
Size/MD5: 1957254 5ee4cfcae8860529992874afc9f325fb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_lpia.deb
Size/MD5: 1590464 11e400cf0cc2c2e465adaecc9d477c75
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_lpia.deb
Size/MD5: 868712 06e54b85b80b5f367bde9743d1aedbff
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_lpia.deb
Size/MD5: 399902 0efbc32f3738c140b1c3efe2b1113aeb
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_powerpc.udeb
Size/MD5: 619104 e40b223ab89356348cf4c1de46bd8d77
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_powerpc.deb
Size/MD5: 2115846 01770253efeca9c2f7c5e432c6d6bf95
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_powerpc.deb
Size/MD5: 1697564 24d665973abab4ecbe08813d226556f2
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_powerpc.deb
Size/MD5: 951140 f59e1d23b2b21412d8f068b0475fe773
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_powerpc.deb
Size/MD5: 399376 3703f492fe145305ee7766e2a0d52c5c
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_sparc.udeb
Size/MD5: 563630 1df247a9584dbeb62fffde7b42c21a2f
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_sparc.deb
Size/MD5: 2008260 d79476e6fa043ad83bd12fe9531f8b22
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_sparc.deb
Size/MD5: 3995256 b60bf440e4e598947db86c4bf020e6fa
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_sparc.deb
Size/MD5: 2283532 0799ba2774806fead522ef6972cde580
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_sparc.deb
Size/MD5: 409314 82165b0cf05d27e318f0d64df876f8f8
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5.diff.gz
Size/MD5: 112331 02b0f3bdc024b25dc2cb168628a42dac
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5.dsc
Size/MD5: 2102 de69229286f2c7eb52183e2ededb0a48
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k.orig.tar.gz
Size/MD5: 3852259 e555c6d58d276aec7fdc53363e338ab3
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8k-7ubuntu8.5_all.deb
Size/MD5: 640566 023f6b5527052d0341c40cbbf64f8e54
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_amd64.udeb
Size/MD5: 630234 2d2c5a442d4d2abc2e49feaef783c710
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_amd64.deb
Size/MD5: 2143676 c9bf70ec94df02a89d99591471e44787
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_amd64.deb
Size/MD5: 1650636 485f318a2457012aa489823e87d4f9b1
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_amd64.udeb
Size/MD5: 136130 e16feacb49a52ef72aa69da4f63718a8
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_amd64.deb
Size/MD5: 979624 6a0c5f93f6371c4b41c0bccbc1e9b217
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_amd64.deb
Size/MD5: 406378 2aee12190747b060f4ad6bfd3a182bd6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_i386.udeb
Size/MD5: 582640 ce87be9268c6ce3550bb7935460b3976
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_i386.deb
Size/MD5: 2006462 cb6fe50961fe89ee67f0c13c26d424f5
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_i386.deb
Size/MD5: 5806248 7c21c1a2ea1ce8201904b2a99537cad6
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_i386.udeb
Size/MD5: 129708 77ff3896e3c541f1d9c0eb161c919882
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_i386.deb
Size/MD5: 3014932 4e61de0d021f49ac5fc2884d2d252854
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_i386.deb
Size/MD5: 400398 7654a219a640549e8d34bb91e34a815b
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_armel.udeb
Size/MD5: 532306 9a4d5169e5e3429581bb16d6e61e334a
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_armel.deb
Size/MD5: 1935426 fb725096f798314e1cd76248599ec61a
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_armel.deb
Size/MD5: 1624382 6833d33bed6fbe0ad61d8615d56089f7
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_armel.udeb
Size/MD5: 115630 55449ab904a6b52402a3cd88b763f384
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_armel.deb
Size/MD5: 849068 ace9af9701bd1aa8078f8371bb5a1249
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_armel.deb
Size/MD5: 394182 198be7154104014118c0bee633ad3524
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_powerpc.udeb
Size/MD5: 627050 1057f1e1b4c7fb2129064149fdc15e7e
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_powerpc.deb
Size/MD5: 2147452 41e5eb249a3a2619d0add96808c9e6e4
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_powerpc.deb
Size/MD5: 1718790 6161e426e833e984a2dbe5fbae29ceec
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_powerpc.udeb
Size/MD5: 135530 26aba12ee4ba7caff0f2653c12318e92
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_powerpc.deb
Size/MD5: 969544 822b91a90cf91650f12a3ce9200e9dc0
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_powerpc.deb
Size/MD5: 402878 79e80d92494b2f74241edcd18ba6f994
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_sparc.udeb
Size/MD5: 597964 a4e6860a52c0681b36b1ca553bccd805
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_sparc.deb
Size/MD5: 2065638 05c803f4fd599d46162db5de530236f5
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_sparc.deb
Size/MD5: 4094390 8a1251f546bf8e449fe2952b25029f53
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_sparc.udeb
Size/MD5: 125862 75b8bdc987cf37a65d73b31c74c664ee
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_sparc.deb
Size/MD5: 2353876 6ef537e63f9551a927f52cc87befbc60
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_sparc.deb
Size/MD5: 419348 b17aeb96b578e199d33b02c5eab2ae19
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3.debian.tar.gz
Size/MD5: 92255 055df7f147cbad0066f88a0f2fa62cf5
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3.dsc
Size/MD5: 2118 8a81f824f312fb4033e1ab28a27ff99e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o.orig.tar.gz
Size/MD5: 3772542 63ddc5116488985e820075e65fbe6aa4
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8o-1ubuntu4.3_all.deb
Size/MD5: 645798 04eb700e0335d703bd6f610688bc3374
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_amd64.udeb
Size/MD5: 620316 df1d96cf5dbe9ea0b5ab1ef6f09b9194
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_amd64.deb
Size/MD5: 2159884 a8fc3df0bf6af3350fe8f304eb29d90d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_amd64.deb
Size/MD5: 1550444 f51ab29ef9e5e2636eb9b943d6e1d4b1
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_amd64.udeb
Size/MD5: 137384 72d04c14a09c287978aec689872bde8c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_amd64.deb
Size/MD5: 923380 91e5f4df1c1e011ee449ff6424ecb832
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_amd64.deb
Size/MD5: 406978 e9a055390d250ffc516518b53bb8bb36
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_i386.udeb
Size/MD5: 570730 42ed7f9d05ca2b4d260cb3eb07832306
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_i386.deb
Size/MD5: 2012542 2132edd3a3e0eecd04efd4645b8f583f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_i386.deb
Size/MD5: 1553718 a842382c89c5a0ad0a88f979b9ffbd7e
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_i386.udeb
Size/MD5: 130462 4d2506b23b5abfa3be3e7fb8543c8d70
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_i386.deb
Size/MD5: 866348 3c2ea45d798374c21b800dcf59d0a4c1
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_i386.deb
Size/MD5: 400064 b1b5e14e431ae7c6c5fad917f6ce596f
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_armel.udeb
Size/MD5: 566054 5561d1894ad32ac689593ddd4b4a0609
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_armel.deb
Size/MD5: 2012710 fd1d0612b6a89b26b0d32c72087538fd
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_armel.deb
Size/MD5: 1542334 7609e92dc5d8d3030a65f4be81b862b2
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_armel.udeb
Size/MD5: 120434 8d289d3446bdcdc8c297066608e72322
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_armel.deb
Size/MD5: 851396 f5c3eb4c55ef9a9985a88bbaed3ec2ca
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_armel.deb
Size/MD5: 406412 3bd3e64fd628b294b6ea47eb5f3c6a27
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_powerpc.udeb
Size/MD5: 616138 19c9d86e43e2680921dd0a726a4dc955
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_powerpc.deb
Size/MD5: 2154670 b22a1c4b9b05a87ab3b3ad494d5627f6
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_powerpc.deb
Size/MD5: 1618586 3b2e33b46a007144b61c2469c7a2cbc7
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_powerpc.udeb
Size/MD5: 136044 37e9e3fdc5d3dd5a9f931f33e523074e
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_powerpc.deb
Size/MD5: 917582 674b2479c79c72b479f91433a34cb0fb
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_powerpc.deb
Size/MD5: 402026 a9001ad881ad996d844b12bd7d427d76
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02824483
Version: 1
HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-05-05
Last Updated: 2011-05-05
Potential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses.
References: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP SSL for OpenVMS v 1.4 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2010-4252 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve these vulnerabilities.
HP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
HISTORY
Version:1 (rev.1) - 5 May 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk3C8qwACgkQ4B86/C0qfVmTyACeI0cAPKAuu2dSVEZs1P0A/HP1
nR4An0Fi+F9yPWsVHhM8pkgrG376ShnM
=DCj7
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2141-1 security@debian.org
http://www.debian.org/security/ Stefan Fritsch
January 06, 2011 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openssl
Vulnerability : SSL/TLS insecure renegotiation protocol design flaw
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-3555 CVE-2010-4180
Debian Bug : 555829
CVE-2009-3555:
Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS
and SSLv3 protocols. If an attacker could perform a man in the middle
attack at the start of a TLS connection, the attacker could inject
arbitrary content at the beginning of the user's session. This update
adds backported support for the new RFC5746 renegotiation extension
which fixes this issue.
If openssl is used in a server application, it will by default no
longer accept renegotiation from clients that do not support the
RFC5746 secure renegotiation extension. A separate advisory will add
RFC5746 support for nss, the security library used by the iceweasel
web browser. For apache2, there will be an update which allows to
re-enable insecure renegotiation.
This version of openssl is not compatible with older versions of tor.
You have to use at least tor version 0.2.1.26-1~lenny+1, which has
been included in the point release 5.0.7 of Debian stable.
Currently we are not aware of other software with similar compatibility
problems.
CVE-2010-4180:
In addition, this update fixes a flaw that allowed a client to bypass
restrictions configured in the server for the used cipher suite.
For the stable distribution (lenny), this problem has been fixed
in version 0.9.8g-15+lenny11.
For the unstable distribution (sid), and the testing distribution
(squeeze), this problem has been fixed in version 0.9.8o-4.
We recommend that you upgrade your openssl package. In some cases the ciphersuite can be downgraded to a weaker one
on subsequent connections.
The OpenSSL security team would like to thank Martin Rex for reporting this
issue.
This vulnerability is tracked as CVE-2010-4180
OpenSSL JPAKE validation error
===============================
Sebastian Martini found an error in OpenSSL's J-PAKE implementation
which could lead to successful validation by someone with no knowledge
of the shared secret. This error is fixed in 1.0.0c. Details of the
problem can be found here:
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf
Note that the OpenSSL Team still consider our implementation of J-PAKE
to be experimental and is not compiled by default.
Any OpenSSL based SSL/TLS server is vulnerable if it uses
OpenSSL's internal caching mechanisms and the
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG flag (many applications enable this
by using the SSL_OP_ALL option).
All users of OpenSSL's experimental J-PAKE implementation are vulnerable
to the J-PAKE validation error.
Alternatively do not set the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
and/or SSL_OP_ALL flags.
Users of OpenSSL 1.0.0 releases should update to the OpenSSL 1.0.0c release
which contains a patch to correct this issue and also contains a corrected
version of the CVE-2010-3864 vulnerability fix.
If upgrading is not immediately possible, the relevant source code patch
provided in this advisory should be applied.
Any user of OpenSSL's J-PAKE implementaion (which is not compiled in by
default) should upgrade to OpenSSL 1.0.0c.
Patch
=====
Index: ssl/s3_clnt.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.129.2.16
diff -u -r1.129.2.16 s3_clnt.c
--- ssl/s3_clnt.c 10 Oct 2010 12:33:10 -0000 1.129.2.16
+++ ssl/s3_clnt.c 24 Nov 2010 14:32:37 -0000
@@ -866,8 +866,11 @@
s->session->cipher_id = s->session->cipher->id;
if (s->hit && (s->session->cipher_id != c->id))
{
+/* Workaround is now obsolete */
+#if 0
if (!(s->options &
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+#endif
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
Index: ssl/s3_srvr.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/s3_srvr.c,v
retrieving revision 1.171.2.22
diff -u -r1.171.2.22 s3_srvr.c
--- ssl/s3_srvr.c 14 Nov 2010 13:50:29 -0000 1.171.2.22
+++ ssl/s3_srvr.c 24 Nov 2010 14:34:28 -0000
@@ -985,6 +985,10 @@
break;
}
}
+/* Disabled because it can be used in a ciphersuite downgrade
+ * attack: CVE-2010-4180.
+ */
+#if 0
if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
{
/* Special case as client bug workaround: the previously used cipher may
@@ -999,6 +1003,7 @@
j = 1;
}
}
+#endif
if (j == 0)
{
/* we need to have the cipher in the cipher
References
===========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20101202.txt
URL for updated CVS-2010-3864 Security Advisory:
http://www.openssl.org/news/secadv_20101116-2.txt
.
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
a4b19ac2810b464392bb2f3b5292fe67 2009.0/i586/libopenssl0.9.8-0.9.8h-3.9mdv2009.0.i586.rpm
6169959e4a5f0acbdab7269ac99baa8d 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.9mdv2009.0.i586.rpm
64195ec5f2e7868a49c280d3a32168cd 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.9mdv2009.0.i586.rpm
7a1c151567d7f9d364a79ecd63322d47 2009.0/i586/openssl-0.9.8h-3.9mdv2009.0.i586.rpm
6e96fc588f1921571046fbc14928e5a1 2009.0/SRPMS/openssl-0.9.8h-3.9mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
a77409f3bedc0446f8eda39281dbf7a4 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.9mdv2009.0.x86_64.rpm
feffaacd70224326c3582eb93156864b 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.9mdv2009.0.x86_64.rpm
e2cb3f77f36b8b0a6ca214861bf79be3 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.9mdv2009.0.x86_64.rpm
d6e667e012727d34442e23f91b005b40 2009.0/x86_64/openssl-0.9.8h-3.9mdv2009.0.x86_64.rpm
6e96fc588f1921571046fbc14928e5a1 2009.0/SRPMS/openssl-0.9.8h-3.9mdv2009.0.src.rpm
Mandriva Linux 2010.0:
86223cb60de3ea76f185425da6b299f2 2010.0/i586/libopenssl0.9.8-0.9.8k-5.4mdv2010.0.i586.rpm
7624aa325a944ee5f4898dfd3a1c4340 2010.0/i586/libopenssl0.9.8-devel-0.9.8k-5.4mdv2010.0.i586.rpm
95ac866a31973ccf4c2e6d04012e7e67 2010.0/i586/libopenssl0.9.8-static-devel-0.9.8k-5.4mdv2010.0.i586.rpm
445c417e7de8145daefedf113b343ff5 2010.0/i586/openssl-0.9.8k-5.4mdv2010.0.i586.rpm
27fc76be287e1cd06adb2725df0c4167 2010.0/SRPMS/openssl-0.9.8k-5.4mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
391cb84677230e2c39708db0797b2e87 2010.0/x86_64/lib64openssl0.9.8-0.9.8k-5.4mdv2010.0.x86_64.rpm
7f251668cfd04bd1e2a634030c28929f 2010.0/x86_64/lib64openssl0.9.8-devel-0.9.8k-5.4mdv2010.0.x86_64.rpm
9110c45d54ce48c4ad0c8fe231f7f027 2010.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-5.4mdv2010.0.x86_64.rpm
43e7eae967aad5b140eed29dab277aa2 2010.0/x86_64/openssl-0.9.8k-5.4mdv2010.0.x86_64.rpm
27fc76be287e1cd06adb2725df0c4167 2010.0/SRPMS/openssl-0.9.8k-5.4mdv2010.0.src.rpm
Mandriva Linux 2010.1:
9cf211d5095ca7a5a82aa980d4eebd5d 2010.1/i586/libopenssl1.0.0-1.0.0a-1.6mdv2010.1.i586.rpm
788019361b199d0b6a0f3331294ac154 2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.6mdv2010.1.i586.rpm
b2372b8919a8ab458ade4ce47080f7ff 2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.6mdv2010.1.i586.rpm
cd5929de815b6eec25d1d683f4363db0 2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.6mdv2010.1.i586.rpm
60fee57d944361e4fa369412c71a59a9 2010.1/i586/openssl-1.0.0a-1.6mdv2010.1.i586.rpm
2f28a567af2f44df1fbac7006d27db5d 2010.1/SRPMS/openssl-1.0.0a-1.6mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
ab021cadcaa131053ba5ac3940298f86 2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.6mdv2010.1.x86_64.rpm
a2119fefbe8cfb649e88b3faf85ffba1 2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.6mdv2010.1.x86_64.rpm
067878d8ff9ec0002c0a7653a1b87b05 2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.6mdv2010.1.x86_64.rpm
60a8142259ee202b6327e8a2c0f86755 2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.6mdv2010.1.x86_64.rpm
a4c77c129fd43f7918075fadf461fe8b 2010.1/x86_64/openssl-1.0.0a-1.6mdv2010.1.x86_64.rpm
2f28a567af2f44df1fbac7006d27db5d 2010.1/SRPMS/openssl-1.0.0a-1.6mdv2010.1.src.rpm
Corporate 4.0:
3f7610ee9ee7aa4b8d1ed3997e28d09b corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.13.20060mlcs4.i586.rpm
25a4686ef5ca8302eebf2f1b4fe67e35 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.13.20060mlcs4.i586.rpm
c5f5a562293eae123b05a96d3ba663d7 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.13.20060mlcs4.i586.rpm
e50aac28cc844b0184f3203bb34fa682 corporate/4.0/i586/openssl-0.9.7g-2.13.20060mlcs4.i586.rpm
646cced4e21e4bf657254040ddbc1a47 corporate/4.0/SRPMS/openssl-0.9.7g-2.13.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
f68f167e440886222c949078044281eb corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.13.20060mlcs4.x86_64.rpm
ab7cc2cc749717199afb25c094035945 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.13.20060mlcs4.x86_64.rpm
f7f9a378a4e77af084330d2206c86e5e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.13.20060mlcs4.x86_64.rpm
fdcc7edc730c1ec56424328cefcbdfae corporate/4.0/x86_64/openssl-0.9.7g-2.13.20060mlcs4.x86_64.rpm
646cced4e21e4bf657254040ddbc1a47 corporate/4.0/SRPMS/openssl-0.9.7g-2.13.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
09c73809185dfb05bd8545e46bb8b215 mes5/i586/libopenssl0.9.8-0.9.8h-3.9mdvmes5.1.i586.rpm
cefb1c9e7fbc54ef678c3cbb16fb4983 mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.9mdvmes5.1.i586.rpm
1f1810faa0ec3f1cf298882752826903 mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.9mdvmes5.1.i586.rpm
48ce5b2ac3e114dd33d8274d01baf357 mes5/i586/openssl-0.9.8h-3.9mdvmes5.1.i586.rpm
487d48389d5b8bd2486e29f052749651 mes5/SRPMS/openssl-0.9.8h-3.9mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
4ad42bf2e7beae5a935649df07c000e6 mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.9mdvmes5.1.x86_64.rpm
709be621d6080125c051d9793cb92b26 mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.9mdvmes5.1.x86_64.rpm
000098b8f9b1778bcb3ff01b504e697b mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.9mdvmes5.1.x86_64.rpm
ab35ec2ae8b1482722baee700b16f121 mes5/x86_64/openssl-0.9.8h-3.9mdvmes5.1.x86_64.rpm
487d48389d5b8bd2486e29f052749651 mes5/SRPMS/openssl-0.9.8h-3.9mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
| VAR-201012-0280 | CVE-2010-4487 | Google Chrome Vulnerabilities associated with incomplete blacklists \ |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file.". Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, gain access to sensitive information, and bypass intended security restrictions; other attacks are also possible.
Versions prior to Chrome 8.0.552.215 are vulnerable. Google Chrome is a web browser developed by Google (Google). Remote attackers can use \"dangerous files\" to cause unknown effects. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA42472
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42472/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42472
RELEASE DATE:
2010-12-04
DISCUSS ADVISORY:
http://secunia.com/advisories/42472/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42472/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42472
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities and weaknesses have been reported in Google
Chrome, where some have an unknown impact and other can potentially
be exploited by malicious people to compromise a vulnerable system.
1) An unspecified error exists, which can lead to cross-origin video
theft with canvas.
2) An unspecified error can be exploited to cause a crash with HTML5
databases.
3) An unspecified error can be exploited to cause excessive file
dialogs, potentially leading to a crash.
4) A use-after-free error in the history handling can be exploited to
corrupt memory.
5) An unspecified error related to HTTP proxy authentication can be
exploited to cause a crash.
6) An unspecified error in WebM video support can be exploited to
trigger an out-of-bounds read.
7) An error related to incorrect indexing with malformed video data
can be exploited to cause a crash.
8) An unspecified error in the handling of privileged extensions can
be exploited to corrupt memory.
9) An use-after-free error in the handling of SVG animations can be
exploited to corrupt memory.
10) A use-after-free error in the mouse dragging event handling can
be exploited to corrupt memory.
11) A double-free error in the XPath handling can be exploited to
corrupt memory.
SOLUTION:
Fixed in version 8.0.552.215.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
2) Google Chrome Security Team (Inferno)
3) Cezary Tomczak (gosu.pl)
4) Stefan Troger
5) Mohammed Bouhlel
6) Google Chrome Security Team (Chris Evans)
7) miaubiz
8, 10) kuzzcc
9) Sławomir Błażek
11) Yang Dingning from NCNIPC, Graduate University of Chinese Academy
of Sciences
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201012-0287 | CVE-2010-4494 | libxml2 Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. libxml2 Is XPath Service operation disruption due to inadequate handling (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected.Service disruption by a third party (DoS) May result in a condition or other unclear effects. The 'libxml2' library is prone to a memory-corruption vulnerability.
An attacker can exploit this issue by tricking a victim into opening a specially crafted XML file.
A successful attack can allow attacker-supplied code to run in the context of the application using the vulnerable library or can cause a denial-of-service condition.
NOTE: This issue was previously discussed in BID 45170 (Google Chrome prior to 8.0.552.215 Multiple Security Vulnerabilities) but has been given its own record to better document it. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc.
Packages for 2009.0 are provided as of the Extended Maintenance
Program. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNG1vlmqjQ0CJFipgRAk8hAJ4wwNOcgIDPvZpECml6UDoJAh7FbACgu/e5
KLbVXnunIbjMTSm3GPo/LxQ=
=xSaB
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. 6) - i386, x86_64
3. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821,
CVE-2011-2834)
Note: Red Hat does not ship any applications that use libxml2 in a way that
would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821,
and CVE-2011-2834 flaws to be exploited; however, third-party applications
may allow XPath expressions to be passed which could trigger these flaws.
This update also fixes the following bugs:
* A number of patches have been applied to harden the XPath processing code
in libxml2, such as fixing memory leaks, rounding errors, XPath numbers
evaluations, and a potential error in encoding conversion. The desktop must
be restarted (log out, then log back in) for this update to take effect. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201110-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: libxml2: Multiple vulnerabilities
Date: October 26, 2011
Bugs: #345555, #370715, #386985
ID: 201110-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities were found in libxml2 which could lead to
execution of arbitrary code or a Denial of Service.
Background
==========
libxml2 is the XML C parser and toolkit developed for the Gnome
project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxml2 < 2.7.8-r3 >= 2.7.8-r3
Description
===========
Multiple vulnerabilities have been discovered in libxml2. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All libxml2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.8-r3"
References
==========
[ 1 ] CVE-2010-4008
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4008
[ 2 ] CVE-2010-4494
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4494
[ 3 ] CVE-2011-1944
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1944
[ 4 ] CVE-2011-2821
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2821
[ 5 ] CVE-2011-2834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2834
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-26.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. Relevant releases
ESX 5.0 without patch ESXi500-201207101-SG
3. Problem Description
a. ESXi update to third party component libxml2
The libxml2 third party library has been updated which addresses
multiple security issues
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-4008, CVE-2010-4494, CVE-2011-0216,
CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905,
CVE-2011-3919 and CVE-2012-0841 to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
========== ======== ======== =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 5.0 any ESXi500-201207101-SG
ESXi 4.1 any patch pending
ESXi 4.0 any patch pending
ESXi 3.5 any patch pending
ESX any any not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
Note: "patch pending" means that the product is affected,
but no patch is currently available. The advisory will be
updated when a patch is available. Solution
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.
ESXi 5.0
--------
ESXi500-201207001
md5sum: 01196c5c1635756ff177c262cb69a848
sha1sum: 85936f5439100cd5fb55c7add574b5b3b937fe86
http://kb.vmware.com/kb/2020571
ESXi500-201207001 contains ESXi500-201207101-SG
5. Change log
2012-07-12 VMSA-2012-0012
Initial security advisory in conjunction with the release of a patch
for ESXi 5.0 on 2012-07-12. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2012 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04135307
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04135307
Version: 1
HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control
Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality,
Integrity and Availability
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2014-03-10
Last Updated: 2014-03-10
Potential Security Impact: Multiple remote vulnerabilities affecting
confidentiality, integrity and availability
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential vulnerabilities have been identified with HP Rapid Deployment Pack
(RDP) or HP Insight Control Server Deployment. The vulnerabilities could be
exploited remotely affecting confidentiality, integrity and availability.
References: CVE-2010-4008
CVE-2010-4494
CVE-2011-2182
CVE-2011-2213
CVE-2011-2492
CVE-2011-2518
CVE-2011-2689
CVE-2011-2723
CVE-2011-3188
CVE-2011-4077
CVE-2011-4110
CVE-2012-0058
CVE-2012-0879
CVE-2012-1088
CVE-2012-1179
CVE-2012-2137
CVE-2012-2313
CVE-2012-2372
CVE-2012-2373
CVE-2012-2375
CVE-2012-2383
CVE-2012-2384
CVE-2013-6205
CVE-2013-6206
SSRT101443
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Rapid Deployment Pack (RDP) -- All versions
HP Insight Control Server Deployment -- All versions
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2013-6205 (AV:L/AC:M/Au:S/C:P/I:P/A:P) 4.1
CVE-2013-6206 (AV:N/AC:L/Au:N/C:C/I:P/A:P) 9.0
CVE-2010-4008 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2010-4494 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2011-2182 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2
CVE-2011-2213 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9
CVE-2011-2492 (AV:L/AC:M/Au:N/C:P/I:N/A:N) 1.9
CVE-2011-2518 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9
CVE-2011-2689 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9
CVE-2011-2723 (AV:A/AC:M/Au:N/C:N/I:N/A:C) 5.7
CVE-2011-3188 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2011-4077 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9
CVE-2011-4110 (AV:L/AC:L/Au:N/C:N/I:N/A:P) 2.1
CVE-2012-0058 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9
CVE-2012-0879 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9
CVE-2012-1088 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3
CVE-2012-1179 (AV:A/AC:M/Au:S/C:N/I:N/A:C) 5.2
CVE-2012-2137 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9
CVE-2012-2313 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2
CVE-2012-2372 (AV:L/AC:M/Au:S/C:N/I:N/A:C) 4.4
CVE-2012-2373 (AV:L/AC:H/Au:N/C:N/I:N/A:C) 4.0
CVE-2012-2375 (AV:A/AC:H/Au:N/C:N/I:N/A:C) 4.6
CVE-2012-2383 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9
CVE-2012-2384 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP recommends that HP Rapid Deployment Pack (RDP) or HP Insight Control
Server Deployment should only be run on private secure networks to prevent
the risk of security compromise.
HISTORY
Version:1 (rev.1) - 10 March 2014 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: mingw32-libxml2 security update
Advisory ID: RHSA-2013:0217-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0217.html
Issue date: 2013-01-31
CVE Names: CVE-2010-4008 CVE-2010-4494 CVE-2011-0216
CVE-2011-1944 CVE-2011-2821 CVE-2011-2834
CVE-2011-3102 CVE-2011-3905 CVE-2011-3919
CVE-2012-0841 CVE-2012-5134
=====================================================================
1. Summary:
Updated mingw32-libxml2 packages that fix several security issues are now
available for Red Hat Enterprise Linux 6. This advisory also contains
information about future updates for the mingw32 packages, as well as the
deprecation of the packages with the release of Red Hat
Enterprise Linux 6.4.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch
Red Hat Enterprise Linux Server Optional (v. 6) - noarch
Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch
3. Description:
These packages provide the libxml2 library, a development toolbox providing
the implementation of various XML standards, for users of MinGW (Minimalist
GNU for Windows).
IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no
longer be updated proactively and will be deprecated with the release of
Red Hat Enterprise Linux 6.4. These packages were provided to support other
capabilities in Red Hat Enterprise Linux and were not intended for direct
customer use. Customers are advised to not use these packages with
immediate effect. Future updates to these packages will be at Red Hat's
discretion and these packages may be removed in a future minor release.
A heap-based buffer overflow flaw was found in the way libxml2 decoded
entity references with long names. A remote attacker could provide a
specially-crafted XML file that, when opened in an application linked
against libxml2, would cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2011-3919)
A heap-based buffer underflow flaw was found in the way libxml2 decoded
certain entities. A remote attacker could provide a specially-crafted XML
file that, when opened in an application linked against libxml2, would
cause the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application. (CVE-2012-5134)
It was found that the hashing routine used by libxml2 arrays was
susceptible to predictable hash collisions. Sending a specially-crafted
message to an XML service could result in longer processing time, which
could lead to a denial of service. To mitigate this issue, randomization
has been added to the hashing function to reduce the chance of an attacker
successfully causing intentional collisions. (CVE-2012-0841)
Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path
Language) expressions. If an attacker were able to supply a
specially-crafted XML file to an application using libxml2, as well as an
XPath expression for that application to run against the crafted file, it
could cause the application to crash. (CVE-2010-4008, CVE-2010-4494,
CVE-2011-2821, CVE-2011-2834)
Two heap-based buffer overflow flaws were found in the way libxml2 decoded
certain XML files. A remote attacker could provide a specially-crafted XML
file that, when opened in an application linked against libxml2, would
cause the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application. (CVE-2011-0216,
CVE-2011-3102)
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way libxml2 parsed certain XPath expressions. If an attacker
were able to supply a specially-crafted XML file to an application using
libxml2, as well as an XPath expression for that application to run against
the crafted file, it could cause the application to crash or, possibly,
execute arbitrary code. (CVE-2011-1944)
An out-of-bounds memory read flaw was found in libxml2. A remote attacker
could provide a specially-crafted XML file that, when opened in an
application linked against libxml2, would cause the application to crash.
(CVE-2011-3905)
Red Hat would like to thank the Google Security Team for reporting the
CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the
original reporter of CVE-2010-4008.
All users of mingw32-libxml2 are advised to upgrade to these updated
packages, which contain backported patches to correct these issues.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis
665963 - CVE-2010-4494 libxml2: double-free in XPath processing code
709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets
724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding
735712 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT
735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT
767387 - CVE-2011-3905 libxml2 out of bounds read
771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name
787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS
822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation
880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
6. Package List:
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch:
mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch:
mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch:
mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch:
mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2010-4008.html
https://www.redhat.com/security/data/cve/CVE-2010-4494.html
https://www.redhat.com/security/data/cve/CVE-2011-0216.html
https://www.redhat.com/security/data/cve/CVE-2011-1944.html
https://www.redhat.com/security/data/cve/CVE-2011-2821.html
https://www.redhat.com/security/data/cve/CVE-2011-2834.html
https://www.redhat.com/security/data/cve/CVE-2011-3102.html
https://www.redhat.com/security/data/cve/CVE-2011-3905.html
https://www.redhat.com/security/data/cve/CVE-2011-3919.html
https://www.redhat.com/security/data/cve/CVE-2012-0841.html
https://www.redhat.com/security/data/cve/CVE-2012-5134.html
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRCujqXlSAg2UNWIIRAq0HAJ41YXDqlCpJkg97YuQmaF2MqKDIpACgn5j7
sLTqWGtUMTYIUvLH8YXGFX4=
=rOjB
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
For the stable distribution (lenny), this problem has been fixed
in version 2.6.32.dfsg-5+lenny3.
For the upcoming stable distribution (squeeze) and the unstable
distribution (sid), this problem has been fixed in version
2.7.8.dfsg-2
| VAR-201012-0373 | No CVE | Canon Digital Camera HMAC Unauthorized Access Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Canon EOS is a series of digital SLR cameras released by Canon. The mid- to high-end Canon digital camera has an \"Original Decision Data\" (ODD) function, which is a digital signature that can be used to verify that the photo has been changed or that the data time stamp or GPS data coordinates have changed. However, defects in digital signatures can lead to forgery. The second version of the Canon ODD system has a HMAC code of 256 bits. The problem is that the HMAC in Canon RAM exists in a confusing form and can be extracted. According to the Sklyarov report, the HAMC can be extracted from the Canon FLASH ROM and manually confusing. This problem is a design flaw that cannot be fixed. According to Sklyarov, he has been from EOS 20D, EOS 5D, EOS 30D, EOS 40D, EOS 450D, EOS 1000D, EOS 50D, EOS 5D Mark II, EOS 500D and EOS 7D series. Extract the HMAC key. An attacker can use these keys to modify a photo file without authorization. Multiple Canon digital cameras are prone to a vulnerability that may allow for the undetected modification of images
| VAR-201012-0367 | No CVE | Kerio Control Web Filter Unknown Remote Security Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Kerio WinRoute Firewall is a proxy server that enables multiple computers on a company to share a single Internet connection. The WEB filter component in Kerio WinRoute Firewall has an unspecified error and no detailed vulnerability details are available. Kerio Control (formerly Kerio WinRoute Firewall) is prone to an unspecified vulnerability.
Very few technical details are currently available. We will update this BID as more information emerges.
Versions prior to Kerio WinRoute Firewall 7.1.0 are vulnerable
| VAR-201011-0069 | CVE-2010-4354 | plural CIsco Run on product remote-access IPSec VPN Vulnerability that enumerates valid group names |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025. The problem is Bug IDs CSCtj96108 It is a problem. This vulnerability CVE-2005-2025 Is a different vulnerability.By a third party IKE Valid group names may be enumerated through the negotiation series. Cisco IPSec VPN is prone to a remote groupname enumeration weakness.
Attackers can exploit this issue to discover valid group names that may be used in group-based authentication. Successful exploits can aid the attacker in launching man-in-the-middle attacks against the affected device.
This issue is tracked by Cisco Bug ID CSCtj96108. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Cisco IPsec VPN Implementation Group Name Enumeration Weakness
SECUNIA ADVISORY ID:
SA42414
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42414/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42414
RELEASE DATE:
2010-12-01
DISCUSS ADVISORY:
http://secunia.com/advisories/42414/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42414/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42414
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness has been reported in Cisco ASA (Adaptive Security
Appliance) 5500 Series, which can be exploited by malicious people to
gain knowledge of certain information.
The problem is that the device returns different responses depending
on whether or not a valid group name is supplied when the device is
configured for group name authentication and using a pre-shared key.
This is related to:
SA15765
SOLUTION:
Update to a fixed version when it becomes available. Please see the
vendor's advisory for more details.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Gavin Jones, NGS Secure.
ORIGINAL ADVISORY:
http://www.cisco.com/en/US/products/products_security_response09186a0080b5992c.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201011-0288 | No CVE | Trend Micro Office Scan Elevation of Privilege |
CVSS V2: - CVSS V3: - Severity: LOW |
Trend Micro OfficeScan is an anti-virus/anti-spyware/firewall-protected application that is supported by an anti-virus service. The OfficeScan TMTDI module has an unspecified error that allows local users to execute arbitrary code with high privileges. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
Trend Micro Office Scan Privilege Escalation Vulnerability
SECUNIA ADVISORY ID:
SA42370
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42370/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42370
RELEASE DATE:
2010-11-24
DISCUSS ADVISORY:
http://secunia.com/advisories/42370/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/42370/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42370
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Trend Micro Office Scan, which
can be exploited by malicious, local users to gain escalated
privileges.
The vulnerability is reported in version 10.0 Service Pack 1 Patch 2
and version 10.5. Other versions may also be affected.
SOLUTION:
Apply patches.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Trend Micro:
http://www.trendmicro.com/ftp/documentation/readme/Readme_2820.txt
http://www.trendmicro.com/ftp/documentation/readme/Readme_1161.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------