VARIoT IoT vulnerabilities database
| VAR-200808-0320 | CVE-2008-3438 | Apple Mac OS X Vulnerability to execute arbitrary code in |
CVSS V2: 7.5 CVSS V3: 8.1 Severity: HIGH |
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Mac OS X is the operating system of Apple Computer
| VAR-200808-0238 | CVE-2008-1810 | Linux Run on SAP MaxDB of dbmsrv Vulnerability gained in |
CVSS V2: 4.4 CVSS V3: - Severity: MEDIUM |
Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable. SAP MaxDB is prone to a local privilege-escalation vulnerability that occurs in the 'dbmsrv' process because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary code with 'sdb:sdba' privileges. Successfully exploiting this issue will compromise the affected application and possibly the underlying computer.
SAP MaxDB 7.6.03.15 on Linux is vulnerable; other versions running on different platforms may also be affected. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
MaxDB "dbmsrv" Privilege Escalation Vulnerability
SECUNIA ADVISORY ID:
SA31318
VERIFY ADVISORY:
http://secunia.com/advisories/31318/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
SOFTWARE:
MaxDB 7.x
http://secunia.com/product/4012/
DESCRIPTION:
A vulnerability has been reported in MaxDB, which can be exploited by
malicious, local users to gain escalated privileges.
PROVIDED AND/OR DISCOVERED BY:
anonymous researcher, reported via iDefense
ORIGINAL ADVISORY:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=729
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. iDefense Security Advisory 07.30.08
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 30, 2008
I. BACKGROUND
SAP's MaxDB is a database software product. MaxDB was released as open
source from version 7.5 up to version 7.6.00. Later versions are no
longer open source but are available for download from the SAP SDN
website (sdn.sap.com) as a community edition with free community
support for public use beyond the scope of SAP applications. The
"dbmsrv" program is set-uid "sdb", set-gid "sdba", and installed by
default. For more information, visit the product's website at the
following URL.
https://www.sdn.sap.com/irj/sdn/maxdb
II.
When a local user runs the "dbmcli" program, the MaxDB executes a
"dbmsrv" process on the user's behalf. The "dbmsrv" process, which is
responsible for executing user commands, runs as the user "sdb" with
group "sdba".
III.
IV. Other versions may also be vulnerable.
V. WORKAROUND
iDefense is currently unaware of any workaround for this issue.
VI. VENDOR RESPONSE
SAP AG has addressed this vulnerability by releasing a new version of
MaxDB. For more information, consult SAP note 1178438.
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-1810 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
03/27/2008 Initial vendor notification
04/01/2008 Initial vendor response
07/30/2008 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information
| VAR-200808-0313 | CVE-2008-3482 | Panasonic NetworkCamera Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiple Panasonic Communications Co., Ltd. network cameras contain a cross-site scripting vulnerability. Panasonic Communications Co., Ltd. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.An arbitrary script could be executed on the user's web browser. Panasonic Network Cameras are prone to multiple cross-site scripting vulnerabilities because the devices fails to properly sanitize user-supplied input before using it in dynamically generated content.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The following versions of Panasonic Network Cameras are vulnerable:
BL-C111 Ver.3.14R02 and prior
BL-C131 Ver.3.14R03 and prior
BB-HCM511 Ver.3.20R01 and prior
BB-HCM531 Ver.3.20R01 and prior
BB-HCM580 Ver.3.21R00 and prior
BB-HCM581 Ver.3.21R00 and prior
BB-HCM527 Ver.3.30R00 and prior
BB-HCM515 Ver.3.20R01 and prior.
Input passed to unspecified parameters in the error page is not
properly sanitised before being returned to the user.
The vulnerability is reported in the following products and
versions:
* BL-C111 Ver.3.14R02 and earlier
* BL-C131 Ver.3.14R03 and earlier
* BB-HCM511 Ver.3.20R01 and earlier
* BB-HCM531 Ver.3.20R01 and earlier
* BB-HCM580 Ver.3.21R00 and earlier
* BB-HCM581 Ver.3.21R00 and earlier
* BB-HCM527 Ver.3.30R00 and earlier
* BB-HCM515 Ver.3.20R01 and earlier
SOLUTION:
Reportedly, a fixed firmware version is available. Contact the vendor
for details.
PROVIDED AND/OR DISCOVERED BY:
NetAgent Co., Ltd.
ORIGINAL ADVISORY:
http://jvn.jp/en/jp/JVN33706820/index.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0585 | CVE-2008-2235 | OpenSC In PIN Vulnerability to be changed |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN. OpenSC insecurely initializes smart cards and USB crypto tokens based on Seimens CardOS M4.
Attackers can leverage this issue to change the PIN number on a card without having knowledge of the existing PIN or PUK number. Successfully exploiting this issue allows attackers to use the card in further attacks.
NOTE: This issue cannot be leveraged to access an existing PIN number.
This issue occurs in versions prior to OpenSC 0.11.6. OpenSC Insecure Permission Vulnerability.
A security issue has been reported in OpenSC, which can be exploited by malicious people
to bypass certain security restrictions.
Affected packages:
Pardus 2008:
opensc, all before 0.11.6-7-2
Resolution
==========
There are update(s) for opensc. You can update them via Package Manager
or with a single command from console:
pisi up opensc
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=8066
* http://permalink.gmane.org/gmane.comp.security.oss.general/863
* http://www.opensc-project.org/pipermail/opensc-announce/2008-July/000020.html
* http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2235
* http://secunia.com/advisories/31330
------------------------------------------------------------------------
--
Pınar Yanardağ
Pardus Security Team
http://security.pardus.org.tr
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/.
The updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2235
http://www.opensc-project.org/security.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
77f7d7afda2b14397fd49eb9a40fe277 2007.1/i586/libopensc2-0.11.1-3.1mdv2007.1.i586.rpm
63ac5b681a7c32ff5fa5a19eaacd99c4 2007.1/i586/libopensc2-devel-0.11.1-3.1mdv2007.1.i586.rpm
70e9d0aa9fd4ee98e44acb640cca7334 2007.1/i586/mozilla-plugin-opensc-0.11.1-3.1mdv2007.1.i586.rpm
9990fd668eb0db7a2c3a067663935e6c 2007.1/i586/opensc-0.11.1-3.1mdv2007.1.i586.rpm
2ef9d3fd31d521b775f36480608f5494 2007.1/SRPMS/opensc-0.11.1-3.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
7ff78a629ff3fc4ebae26081445476b5 2007.1/x86_64/lib64opensc2-0.11.1-3.1mdv2007.1.x86_64.rpm
d782522d41b4c9c3740d6d3917560a9f 2007.1/x86_64/lib64opensc2-devel-0.11.1-3.1mdv2007.1.x86_64.rpm
6e7cc1f3c8dd8485a182704d64a59c8b 2007.1/x86_64/mozilla-plugin-opensc-0.11.1-3.1mdv2007.1.x86_64.rpm
9337e42a69c15124642ed8f9756fd3c2 2007.1/x86_64/opensc-0.11.1-3.1mdv2007.1.x86_64.rpm
2ef9d3fd31d521b775f36480608f5494 2007.1/SRPMS/opensc-0.11.1-3.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
4ce42db0e198b6ce9c9287594ee3fafd 2008.0/i586/libopensc2-0.11.3-2.1mdv2008.0.i586.rpm
70546abd01b00bab812fa6fea4ae4d16 2008.0/i586/libopensc-devel-0.11.3-2.1mdv2008.0.i586.rpm
eba548b0a0547b26056233f5e8ca6adb 2008.0/i586/mozilla-plugin-opensc-0.11.3-2.1mdv2008.0.i586.rpm
7220fd9c1e95158f787cc8369826ec32 2008.0/i586/opensc-0.11.3-2.1mdv2008.0.i586.rpm
ce97f832256d12037e51bafb9d70e5ef 2008.0/SRPMS/opensc-0.11.3-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
5378764b2b2d3cd848ac0ac542287b94 2008.0/x86_64/lib64opensc2-0.11.3-2.1mdv2008.0.x86_64.rpm
a6dbaabff7dbd6cabc1202a334c663b2 2008.0/x86_64/lib64opensc-devel-0.11.3-2.1mdv2008.0.x86_64.rpm
f3b2891c740068fa7f328690f8a53c0a 2008.0/x86_64/mozilla-plugin-opensc-0.11.3-2.1mdv2008.0.x86_64.rpm
9ad409a7e667a9bc7c448ad207ce2afd 2008.0/x86_64/opensc-0.11.3-2.1mdv2008.0.x86_64.rpm
ce97f832256d12037e51bafb9d70e5ef 2008.0/SRPMS/opensc-0.11.3-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
d2f1aecf3d76a0de1eb2314467e8039c 2008.1/i586/libopensc2-0.11.3-2.1mdv2008.1.i586.rpm
25cbd704341f975c3608b2415f73876a 2008.1/i586/libopensc-devel-0.11.3-2.1mdv2008.1.i586.rpm
afeb1a983ab5dc9175abe9a3d4d2a043 2008.1/i586/mozilla-plugin-opensc-0.11.3-2.1mdv2008.1.i586.rpm
2e4f8fbf6baf274e24d0d68713c20bb0 2008.1/i586/opensc-0.11.3-2.1mdv2008.1.i586.rpm
53c7c0bc38eb3210137ce329559705cf 2008.1/SRPMS/opensc-0.11.3-2.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
78655b07b2736207d38d165f695f5e72 2008.1/x86_64/lib64opensc2-0.11.3-2.1mdv2008.1.x86_64.rpm
55f4a5fe2db33ec43b74353b92b01c6d 2008.1/x86_64/lib64opensc-devel-0.11.3-2.1mdv2008.1.x86_64.rpm
70d7f144e01d25f79b622484db2ef0bd 2008.1/x86_64/mozilla-plugin-opensc-0.11.3-2.1mdv2008.1.x86_64.rpm
807e29fd2d0560f65eff7fff274aa5e2 2008.1/x86_64/opensc-0.11.3-2.1mdv2008.1.x86_64.rpm
53c7c0bc38eb3210137ce329559705cf 2008.1/SRPMS/opensc-0.11.3-2.1mdv2008.1.src.rpm
Corporate 4.0:
f429cd809bb72592a21b37921ef4c3a0 corporate/4.0/i586/libopensc2-0.10.1-2.1.20060mlcs4.i586.rpm
f91cc391ac3c574701b27d65ff2f14eb corporate/4.0/i586/libopensc2-devel-0.10.1-2.1.20060mlcs4.i586.rpm
7eb7c1057b2c47306482d0afc1e6e859 corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.1.20060mlcs4.i586.rpm
4c69219b2f389fe050df05985deecb86 corporate/4.0/i586/opensc-0.10.1-2.1.20060mlcs4.i586.rpm
8830d7341d49f9da956a907e21e9a7a0 corporate/4.0/SRPMS/opensc-0.10.1-2.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
d92325b44dbf5deb8cfcd0cbf4f59012 corporate/4.0/x86_64/lib64opensc2-0.10.1-2.1.20060mlcs4.x86_64.rpm
2944306bed9b725e7c0bc196416de3c2 corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.1.20060mlcs4.x86_64.rpm
424b680dbde7f548b731ecc4bf8021fc corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.1.20060mlcs4.x86_64.rpm
70c9f7f70ca3e6635c80608189a220e0 corporate/4.0/x86_64/opensc-0.10.1-2.1.20060mlcs4.x86_64.rpm
8830d7341d49f9da956a907e21e9a7a0 corporate/4.0/SRPMS/opensc-0.10.1-2.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIvX6MmqjQ0CJFipgRAoRWAKDJeFahAQ2AR414gjXP8O5e9kA+IQCdGkgV
NXjfAeIK16LGCRR9/DHUvlU=
=BPKk
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200812-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenSC: Insufficient protection of smart card PIN
Date: December 10, 2008
Bugs: #233543
ID: 200812-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Smart cards formatted using OpenSC do not sufficiently protect the PIN,
allowing attackers to reset it.
Background
==========
OpenSC is a smart card application that allows reading and writing via
PKCS#11.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenSC users should upgrade to the latest version, and then check
and update their smart cards:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.11.6"
# pkcs15-tool --test-update
# pkcs15-tool --test-update --update
References
==========
[ 1 ] CVE-2008-2235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2235
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200812-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1627-2 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
August 31, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : opensc
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-2235
The previous security update for opensc had a too strict check for
vulnerable smart cards. It could flag cards as safe even though they may
be affected. This update corrects that problem. We advise users of the
smart cards concerned to re-check their card after updating the package,
following the procedure outlined in the original advisory text below.
Chaskiel M Grundman discovered that opensc, a library and utilities to
handle smart cards, would initialise smart cards with the Siemens CardOS M4
card operating system without proper access rights. This allowed everyone
to change the card's PIN. However it can not be used to figure out the
PIN. If the PIN on your card is still the same you always had, there's a
reasonable chance that this vulnerability has not been exploited.
After upgrading the package, running
pkcs15-tool -T
will show you whether the card is fine or vulnerable. If the card is
vulnerable, you need to update the security setting using:
pkcs15-tool -T -U
For the stable distribution (etch), this problem has been fixed in
version 0.11.1-2etch2.
For the unstable distribution (sid), this problem has been fixed in
version 0.11.4-5.
We recommend that you upgrade your opensc package and check your card(s)
with the command described above.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1.orig.tar.gz
Size/MD5 checksum: 1263611 94ce00a6bda38fac10ab06f5d5d1a8c3
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.diff.gz
Size/MD5 checksum: 57088 9ce4247af885d39a5e76ac3e7e34f0e4
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.dsc
Size/MD5 checksum: 780 33700596584c295d4f27a8f6b8d6df93
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_alpha.deb
Size/MD5 checksum: 296964 e8ba9833e1d3c00bb4dafc08648faf6d
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_alpha.deb
Size/MD5 checksum: 205002 7146068470dd3c5bbacae9f48751d8fb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_alpha.deb
Size/MD5 checksum: 1077872 1a1963d40c9a03ea0dc1453a27e873af
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_alpha.deb
Size/MD5 checksum: 727634 58de552b33ff885aee0193de0534563e
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_alpha.deb
Size/MD5 checksum: 508256 94ea135b646b89c6dac6defd2bc931ac
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_amd64.deb
Size/MD5 checksum: 483304 a375efabe5edf419f4f1419ee085ddb1
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_amd64.deb
Size/MD5 checksum: 200004 84f28dc19675f1f8823b03151cbba47e
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_amd64.deb
Size/MD5 checksum: 576968 fb1c4b415d1377ceac61661919cbebff
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_amd64.deb
Size/MD5 checksum: 281180 c67f956ac36c4d65ec21ab91ba749866
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_amd64.deb
Size/MD5 checksum: 1069138 ee204a5d9633f19d89347761b06aa21c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_arm.deb
Size/MD5 checksum: 1012086 fe7a7a2eaf19f7e83dd38991a5c5204b
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_arm.deb
Size/MD5 checksum: 450916 95c8301ca36a08ca0521df8a25267689
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_arm.deb
Size/MD5 checksum: 269182 acc05dce62d94e247043ae804abac541
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_arm.deb
Size/MD5 checksum: 529988 840e3aab09d7abde5b8060ceebf2dbd1
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_arm.deb
Size/MD5 checksum: 187988 13b7a94850732fd4d46f6cdf875ffb31
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_hppa.deb
Size/MD5 checksum: 205576 a24fccd7e1772647d563a520b7417976
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_hppa.deb
Size/MD5 checksum: 512374 dc2ad0c4dc8df1b4058818cc65b0ec10
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_hppa.deb
Size/MD5 checksum: 1036394 7f83a52f5917cd3fcdbacdbd5cb27ea2
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_hppa.deb
Size/MD5 checksum: 624512 a66dd86f267fd09099501d5b3154782c
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_hppa.deb
Size/MD5 checksum: 283434 a852d66ff8c4c271b37bbcc0a746dac0
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_i386.deb
Size/MD5 checksum: 537992 3fec817bfea6d558f42d2c2e107ca8b3
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_i386.deb
Size/MD5 checksum: 1019214 1ed6d07cb743c73042bab5151146b076
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_i386.deb
Size/MD5 checksum: 189454 445a4781859aef3414590f5e8481fdba
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_i386.deb
Size/MD5 checksum: 269976 e2e5124e70bf580c221e137b50f8ba48
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_i386.deb
Size/MD5 checksum: 453582 288dfd7b6c042abed22f167dba7a1125
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_ia64.deb
Size/MD5 checksum: 1062184 c561302cc8a65b1fe98c71ba013880db
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_ia64.deb
Size/MD5 checksum: 354024 5899f17bbab07f5a00c0ec6a740b3756
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_ia64.deb
Size/MD5 checksum: 769910 e49ff6a5f80122aff066f3b290af9b84
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_ia64.deb
Size/MD5 checksum: 620292 bb01c6292f364889da4225ba23cc78cb
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_ia64.deb
Size/MD5 checksum: 206140 d34b648d6540c0d63b3fe581e1f9ac67
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_mips.deb
Size/MD5 checksum: 458414 275ae6b9f162e0852091d0e7836ae16c
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_mips.deb
Size/MD5 checksum: 195516 db0ce446bfb07303da80a9b8f274c1af
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_mips.deb
Size/MD5 checksum: 283004 e8b63a99a79a2d9dd6f734c1a8aa7b0d
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_mips.deb
Size/MD5 checksum: 1082506 14430ab357fed7616e4c186880752f4d
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_mips.deb
Size/MD5 checksum: 632954 b9556af01375a44f195e048a616cf21a
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_mipsel.deb
Size/MD5 checksum: 458378 3385aedc113e5593e349ebe4e6ba2098
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_mipsel.deb
Size/MD5 checksum: 284064 30e52ee872a4e8ccedee22bbdcbe3942
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_mipsel.deb
Size/MD5 checksum: 629272 796fd245c3afcf85ebeb6bdc7a465d7b
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_mipsel.deb
Size/MD5 checksum: 1060840 d500da50fe3a7aa346a12d9adb056c66
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_mipsel.deb
Size/MD5 checksum: 194570 20b4f260392f924ead7e4dcb236e450b
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_powerpc.deb
Size/MD5 checksum: 599502 6bc486604c352ae1d6c34d17383166b4
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_powerpc.deb
Size/MD5 checksum: 1084300 21bad9d0eb8ce4b8f1399e9cdc266d06
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_powerpc.deb
Size/MD5 checksum: 473780 b9816427fdd321db40b8b393f4edfe9f
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_powerpc.deb
Size/MD5 checksum: 294664 0fa2e8c94c3039f3926df840d219a97c
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_powerpc.deb
Size/MD5 checksum: 205094 c300b7771a01300bf18849a22d250f60
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_s390.deb
Size/MD5 checksum: 217104 ff287b6aada1ff7552facbe6a71f317e
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_s390.deb
Size/MD5 checksum: 279122 124aa0833b5fc7d75b5404383064ddf2
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_s390.deb
Size/MD5 checksum: 485506 3ea3f682d8a0edf18cd51318c3d6e2a1
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_s390.deb
Size/MD5 checksum: 1050130 2de96bab485f9df0f88a87b945735fd7
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_s390.deb
Size/MD5 checksum: 552728 b14d87c97023f843b3a73805b4a05ea5
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_sparc.deb
Size/MD5 checksum: 193650 7902081b0d97cae8dfceb35d778d010e
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_sparc.deb
Size/MD5 checksum: 967974 084cfb2ce4ca9edb655dd849fbb543d4
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_sparc.deb
Size/MD5 checksum: 544394 d7313b12e4fbe347ea4717af780d81f8
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_sparc.deb
Size/MD5 checksum: 268122 19dd2ba72b9a01b804ee0173b3cacafc
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_sparc.deb
Size/MD5 checksum: 442356 8e613a8e25f046b3218d350f47a27919
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSLp0FWz0hbPcukPfAQJHJggAvxoTpcwKezudh39JK5kOs11Hghx2Guxl
Cs+NP5Rgeq3bATRuHk9WFx4QaEwF1Znah3+9W5+WEiPYgWQ7/uMwqOMHovipVD/s
wqAik8iAukhwWdt7nsZ7I3D6MsvMt/+dkXOrkxZwAli3MArf0lt+/5x0kLgaIteL
Wz5moAIM/e7way/k66iajbcw4ltC+kSfneNHP/Mi/i16sz0aADcEBdxzxNygnR4C
6sd11hWmWa4qJ1dNw4gDm7M088Xv6UH3BcC0OoXgH0wxophj34Bf6yYWjCni9V16
EfGvYIuXrhBBN5J1tLJsFB4m6NfBNk09B8ndY5wSKggBUuNFGPEx2Q==
=qNCp
-----END PGP SIGNATURE-----
| VAR-200808-0007 | CVE-2008-2324 | Apple Mac OS X Elevation of privilege vulnerability in Disk Utility |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-005.
The security update addresses a total of six new vulnerabilities that affect the CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, and QuickLook components of Mac OS X. The advisory also contains security updates for 11 previously reported issues.
NOTE: This BID is being retired; the following individual records have been created to better document these issues:
30487 Apple Mac OS X CarbonCore Stack Based Buffer Overflow
30488 Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities
30489 Apple Mac OS X CoreGraphics Heap Based Buffer Overflow Vulnerability
30490 Apple Mac OS X Data Detectors Engine Denial Of Service Vulnerability
30492 Apple Mac OS X Disk Utility Privilege Escalation Vulnerability
30493 Apple Mac OS X QuickLook Multiple Memory Corruption Vulnerabilities.
An unprivileged local user may exploit this issue to run commands with system-level privileges.
The following versions are affected:
Mac OS X v10.4.11 and prior
Mac OS X Server v10.4.11 and prior
This issue does not affect systems running Mac OS X v10.5 and later.
1) A vulnerability in BIND can be exploited to poison the DNS cache.
For more information:
SA30973
2) A boundary error exists in CarbonCore when handling filenames.
This can be exploited to cause a stack-based buffer overflow via
overly long filenames.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
3) Multiple errors exist in CoreGraphics when processing received
arguments. These can be exploited to trigger a memory corruption by
e.g. tricking a user into visiting a specially crafted website.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
4) An integer overflow error exists in CoreGraphics when handling PDF
files. This can be exploited to cause a heap-based buffer overflow via
a specially crafted PDF file.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
5) Multiple errors in QuickLook when downloading Microsoft Office
files can be exploited to cause a memory corruption.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
6) An error exists in the Data Detectors engine when viewing a
specially crafted message. This can be exploited to consume overly
large resources and trigger an application using the engine to
terminate.
7) The problem is that the "Repair Permissions" tool included in Disk
Utility sets the "setuid" bit on "/usr/bin/emacs". This can be
exploited to execute arbitrary commands with system privileges.
8) An error in OpenLDAP when parsing ASN.1 BER encoded packets can be
exploited to cause a DoS.
For more information:
SA30853
9) A boundary error exists in the OpenSSL "SSL_get_shared_ciphers()"
function.
For more information see vulnerability #4 in:
SA22130
10) Some vulnerabilities in PHP can be exploited malicious users to
bypass certain security restrictions, and potentially by malicious
people to cause a DoS (Denial of Service) or to compromise a
vulnerable system.
For more information:
SA30048
11) Two vulnerabilities in rsync can be exploited by malicious users
to bypass certain security restrictions.
For more information:
SA27863
SOLUTION:
Apply Security Update 2008-005.
Security Update 2008-005 Server (PPC):
http://www.apple.com/support/downloads/securityupdate2008005serverppc.html
Security Update 2008-005 Server (Intel):
http://www.apple.com/support/downloads/securityupdate2008005serverintel.html
Security Update 2008-005 (PPC):
http://www.apple.com/support/downloads/securityupdate2008005ppc.html
Security Update 2008-005 (Intel):
http://www.apple.com/support/downloads/securityupdate2008005intel.html
Security Update 2008-005 (Leopard):
http://www.apple.com/support/downloads/securityupdate2008005leopard.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Dan Kaminsky of IOActive
2) Thomas Raffetseder of the International Secure Systems Lab and
Sergio 'shadown' Alvarez of n.runs AG.
3) Michal Zalewski, Google
4) Pariente Kobi, reported via iDefense
7) Anton Rang and Brian Timares
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT2647
OTHER REFERENCES:
SA22130:
http://secunia.com/advisories/22130/
SA27863:
http://secunia.com/advisories/27863/
SA30048:
http://secunia.com/advisories/30048/
SA30973:
http://secunia.com/advisories/30973/
SA30853:
http://secunia.com/advisories/30853/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200808-0008 | CVE-2008-2325 | Apple Mac OS X of QuickLook Service disruption in (DoS) Vulnerabilities |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking.". Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-005.
The security update addresses a total of six new vulnerabilities that affect the CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, and QuickLook components of Mac OS X. The advisory also contains security updates for 11 previously reported issues.
NOTE: This BID is being retired; the following individual records have been created to better document these issues:
30487 Apple Mac OS X CarbonCore Stack Based Buffer Overflow
30488 Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities
30489 Apple Mac OS X CoreGraphics Heap Based Buffer Overflow Vulnerability
30490 Apple Mac OS X Data Detectors Engine Denial Of Service Vulnerability
30492 Apple Mac OS X Disk Utility Privilege Escalation Vulnerability
30493 Apple Mac OS X QuickLook Multiple Memory Corruption Vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the affected application or cause denial-of-service conditions.
The following versions are affected:
Mac OS X v10.5.4 and prior
Mac OS X Server v10.5.4 and prior
This issue does not affect systems prior to Mac OS X v10.5.
1) A vulnerability in BIND can be exploited to poison the DNS cache.
For more information:
SA30973
2) A boundary error exists in CarbonCore when handling filenames.
This can be exploited to cause a stack-based buffer overflow via
overly long filenames.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
3) Multiple errors exist in CoreGraphics when processing received
arguments. These can be exploited to trigger a memory corruption by
e.g. tricking a user into visiting a specially crafted website.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
4) An integer overflow error exists in CoreGraphics when handling PDF
files. This can be exploited to cause a heap-based buffer overflow via
a specially crafted PDF file.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
5) Multiple errors in QuickLook when downloading Microsoft Office
files can be exploited to cause a memory corruption.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
6) An error exists in the Data Detectors engine when viewing a
specially crafted message. This can be exploited to consume overly
large resources and trigger an application using the engine to
terminate.
7) The problem is that the "Repair Permissions" tool included in Disk
Utility sets the "setuid" bit on "/usr/bin/emacs". This can be
exploited to execute arbitrary commands with system privileges.
8) An error in OpenLDAP when parsing ASN.1 BER encoded packets can be
exploited to cause a DoS.
For more information:
SA30853
9) A boundary error exists in the OpenSSL "SSL_get_shared_ciphers()"
function.
For more information see vulnerability #4 in:
SA22130
10) Some vulnerabilities in PHP can be exploited malicious users to
bypass certain security restrictions, and potentially by malicious
people to cause a DoS (Denial of Service) or to compromise a
vulnerable system.
For more information:
SA30048
11) Two vulnerabilities in rsync can be exploited by malicious users
to bypass certain security restrictions.
For more information:
SA27863
SOLUTION:
Apply Security Update 2008-005.
Security Update 2008-005 Server (PPC):
http://www.apple.com/support/downloads/securityupdate2008005serverppc.html
Security Update 2008-005 Server (Intel):
http://www.apple.com/support/downloads/securityupdate2008005serverintel.html
Security Update 2008-005 (PPC):
http://www.apple.com/support/downloads/securityupdate2008005ppc.html
Security Update 2008-005 (Intel):
http://www.apple.com/support/downloads/securityupdate2008005intel.html
Security Update 2008-005 (Leopard):
http://www.apple.com/support/downloads/securityupdate2008005leopard.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Dan Kaminsky of IOActive
2) Thomas Raffetseder of the International Secure Systems Lab and
Sergio 'shadown' Alvarez of n.runs AG.
3) Michal Zalewski, Google
4) Pariente Kobi, reported via iDefense
7) Anton Rang and Brian Timares
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT2647
OTHER REFERENCES:
SA22130:
http://secunia.com/advisories/22130/
SA27863:
http://secunia.com/advisories/27863/
SA30048:
http://secunia.com/advisories/30048/
SA30973:
http://secunia.com/advisories/30973/
SA30853:
http://secunia.com/advisories/30853/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200808-0006 | CVE-2008-2323 | Apple Mac OS X of Data Detectors Engine Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-005. The advisory also contains security updates for 11 previously reported issues.
Attackers can exploit this issue to cause denial-of-service conditions in applications using Data Detectors.
The following versions are affected:
Mac OS X v10.5.4 and prior
Mac OS X Server v10.5.4 and prior
This issue does not affect systems prior to Mac OS X v10.5.
1) A vulnerability in BIND can be exploited to poison the DNS cache.
For more information:
SA30973
2) A boundary error exists in CarbonCore when handling filenames.
This can be exploited to cause a stack-based buffer overflow via
overly long filenames.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
3) Multiple errors exist in CoreGraphics when processing received
arguments. These can be exploited to trigger a memory corruption by
e.g. tricking a user into visiting a specially crafted website.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
4) An integer overflow error exists in CoreGraphics when handling PDF
files. This can be exploited to cause a heap-based buffer overflow via
a specially crafted PDF file.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
5) Multiple errors in QuickLook when downloading Microsoft Office
files can be exploited to cause a memory corruption.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
6) An error exists in the Data Detectors engine when viewing a
specially crafted message. This can be exploited to consume overly
large resources and trigger an application using the engine to
terminate.
7) The problem is that the "Repair Permissions" tool included in Disk
Utility sets the "setuid" bit on "/usr/bin/emacs". This can be
exploited to execute arbitrary commands with system privileges.
8) An error in OpenLDAP when parsing ASN.1 BER encoded packets can be
exploited to cause a DoS.
For more information:
SA30853
9) A boundary error exists in the OpenSSL "SSL_get_shared_ciphers()"
function.
For more information see vulnerability #4 in:
SA22130
10) Some vulnerabilities in PHP can be exploited malicious users to
bypass certain security restrictions, and potentially by malicious
people to cause a DoS (Denial of Service) or to compromise a
vulnerable system.
For more information:
SA30048
11) Two vulnerabilities in rsync can be exploited by malicious users
to bypass certain security restrictions.
For more information:
SA27863
SOLUTION:
Apply Security Update 2008-005.
Security Update 2008-005 Server (PPC):
http://www.apple.com/support/downloads/securityupdate2008005serverppc.html
Security Update 2008-005 Server (Intel):
http://www.apple.com/support/downloads/securityupdate2008005serverintel.html
Security Update 2008-005 (PPC):
http://www.apple.com/support/downloads/securityupdate2008005ppc.html
Security Update 2008-005 (Intel):
http://www.apple.com/support/downloads/securityupdate2008005intel.html
Security Update 2008-005 (Leopard):
http://www.apple.com/support/downloads/securityupdate2008005leopard.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Dan Kaminsky of IOActive
2) Thomas Raffetseder of the International Secure Systems Lab and
Sergio 'shadown' Alvarez of n.runs AG.
3) Michal Zalewski, Google
4) Pariente Kobi, reported via iDefense
7) Anton Rang and Brian Timares
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT2647
OTHER REFERENCES:
SA22130:
http://secunia.com/advisories/22130/
SA27863:
http://secunia.com/advisories/27863/
SA30048:
http://secunia.com/advisories/30048/
SA30973:
http://secunia.com/advisories/30973/
SA30853:
http://secunia.com/advisories/30853/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200808-0005 | CVE-2008-2322 | Apple Mac OS X of CoreGraphics Integer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-005.
The security update addresses a total of six new vulnerabilities that affect the CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, and QuickLook components of Mac OS X. The advisory also contains security updates for 11 previously reported issues.
NOTE: This BID is being retired; the following individual records have been created to better document these issues:
30487 Apple Mac OS X CarbonCore Stack Based Buffer Overflow
30488 Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities
30489 Apple Mac OS X CoreGraphics Heap Based Buffer Overflow Vulnerability
30490 Apple Mac OS X Data Detectors Engine Denial Of Service Vulnerability
30492 Apple Mac OS X Disk Utility Privilege Escalation Vulnerability
30493 Apple Mac OS X QuickLook Multiple Memory Corruption Vulnerabilities.
Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause denial-of-service conditions.
1) A vulnerability in BIND can be exploited to poison the DNS cache.
For more information:
SA30973
2) A boundary error exists in CarbonCore when handling filenames.
This can be exploited to cause a stack-based buffer overflow via
overly long filenames.
3) Multiple errors exist in CoreGraphics when processing received
arguments. These can be exploited to trigger a memory corruption by
e.g. tricking a user into visiting a specially crafted website. This can be exploited to cause a heap-based buffer overflow via
a specially crafted PDF file.
5) Multiple errors in QuickLook when downloading Microsoft Office
files can be exploited to cause a memory corruption.
6) An error exists in the Data Detectors engine when viewing a
specially crafted message. This can be exploited to consume overly
large resources and trigger an application using the engine to
terminate.
7) The problem is that the "Repair Permissions" tool included in Disk
Utility sets the "setuid" bit on "/usr/bin/emacs". This can be
exploited to execute arbitrary commands with system privileges.
8) An error in OpenLDAP when parsing ASN.1 BER encoded packets can be
exploited to cause a DoS.
For more information:
SA30853
9) A boundary error exists in the OpenSSL "SSL_get_shared_ciphers()"
function.
For more information see vulnerability #4 in:
SA22130
10) Some vulnerabilities in PHP can be exploited malicious users to
bypass certain security restrictions, and potentially by malicious
people to cause a DoS (Denial of Service) or to compromise a
vulnerable system.
For more information:
SA30048
11) Two vulnerabilities in rsync can be exploited by malicious users
to bypass certain security restrictions.
For more information:
SA27863
SOLUTION:
Apply Security Update 2008-005.
Security Update 2008-005 Server (PPC):
http://www.apple.com/support/downloads/securityupdate2008005serverppc.html
Security Update 2008-005 Server (Intel):
http://www.apple.com/support/downloads/securityupdate2008005serverintel.html
Security Update 2008-005 (PPC):
http://www.apple.com/support/downloads/securityupdate2008005ppc.html
Security Update 2008-005 (Intel):
http://www.apple.com/support/downloads/securityupdate2008005intel.html
Security Update 2008-005 (Leopard):
http://www.apple.com/support/downloads/securityupdate2008005leopard.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Dan Kaminsky of IOActive
2) Thomas Raffetseder of the International Secure Systems Lab and
Sergio 'shadown' Alvarez of n.runs AG.
3) Michal Zalewski, Google
4) Pariente Kobi, reported via iDefense
7) Anton Rang and Brian Timares
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT2647
OTHER REFERENCES:
SA22130:
http://secunia.com/advisories/22130/
SA27863:
http://secunia.com/advisories/27863/
SA30048:
http://secunia.com/advisories/30048/
SA30973:
http://secunia.com/advisories/30973/
SA30853:
http://secunia.com/advisories/30853/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. iDefense Security Advisory 07.31.08
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 31, 2008
I. For more information, see the vendor's site
found at the following link URL.
http://www.apple.com/macosx/
II.
This vulnerability exists due to the way PDF files containing Type 1
fonts are handled. When processing a font with an overly large length,
integer overflow could occur.
III.
An attacker could exploit this issue via multiple attack vectors. The
most appealing vector for attack is Safari. An attacker could host a
malformed PDF file on a website and entice a targeted user to open a
URL. Upon opening the URL in Safari the PDF file will be automatically
parsed and exploitation will occur. While this is the most appealing
attack vector, the file can also be attached to an e-mail. Any
application which uses the Apple libraries for file open dialogs will
crash upon previewing the malformed PDF document.
IV. Previous versions may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workarounds for this issue.
VI. More information is available at the following URL.
http://support.apple.com/kb/HT2647
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-2322 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
07/09/2008 Initial vendor notification
07/10/2008 Initial vendor response
07/31/2008 Public disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Pariente Kobi.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information
| VAR-200807-0646 | CVE-2008-2320 | Apple Mac OS X of CarbonCore Vulnerable to stack-based buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API.
Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause denial-of-service conditions. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-005.
The security update addresses a total of six new vulnerabilities that affect the CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, and QuickLook components of Mac OS X. The advisory also contains security updates for 11 previously reported issues.
1) A vulnerability in BIND can be exploited to poison the DNS cache.
For more information:
SA30973
2) A boundary error exists in CarbonCore when handling filenames.
This can be exploited to cause a stack-based buffer overflow via
overly long filenames.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
3) Multiple errors exist in CoreGraphics when processing received
arguments. These can be exploited to trigger a memory corruption by
e.g. tricking a user into visiting a specially crafted website.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
4) An integer overflow error exists in CoreGraphics when handling PDF
files. This can be exploited to cause a heap-based buffer overflow via
a specially crafted PDF file.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
5) Multiple errors in QuickLook when downloading Microsoft Office
files can be exploited to cause a memory corruption.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
6) An error exists in the Data Detectors engine when viewing a
specially crafted message. This can be exploited to consume overly
large resources and trigger an application using the engine to
terminate.
7) The problem is that the "Repair Permissions" tool included in Disk
Utility sets the "setuid" bit on "/usr/bin/emacs". This can be
exploited to execute arbitrary commands with system privileges.
8) An error in OpenLDAP when parsing ASN.1 BER encoded packets can be
exploited to cause a DoS.
For more information:
SA30853
9) A boundary error exists in the OpenSSL "SSL_get_shared_ciphers()"
function.
For more information see vulnerability #4 in:
SA22130
10) Some vulnerabilities in PHP can be exploited malicious users to
bypass certain security restrictions, and potentially by malicious
people to cause a DoS (Denial of Service) or to compromise a
vulnerable system.
For more information:
SA30048
11) Two vulnerabilities in rsync can be exploited by malicious users
to bypass certain security restrictions.
For more information:
SA27863
SOLUTION:
Apply Security Update 2008-005.
Security Update 2008-005 Server (PPC):
http://www.apple.com/support/downloads/securityupdate2008005serverppc.html
Security Update 2008-005 Server (Intel):
http://www.apple.com/support/downloads/securityupdate2008005serverintel.html
Security Update 2008-005 (PPC):
http://www.apple.com/support/downloads/securityupdate2008005ppc.html
Security Update 2008-005 (Intel):
http://www.apple.com/support/downloads/securityupdate2008005intel.html
Security Update 2008-005 (Leopard):
http://www.apple.com/support/downloads/securityupdate2008005leopard.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Dan Kaminsky of IOActive
2) Thomas Raffetseder of the International Secure Systems Lab and
Sergio 'shadown' Alvarez of n.runs AG.
3) Michal Zalewski, Google
4) Pariente Kobi, reported via iDefense
7) Anton Rang and Brian Timares
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT2647
OTHER REFERENCES:
SA22130:
http://secunia.com/advisories/22130/
SA27863:
http://secunia.com/advisories/27863/
SA30048:
http://secunia.com/advisories/30048/
SA30973:
http://secunia.com/advisories/30973/
SA30853:
http://secunia.com/advisories/30853/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35379
VERIFY ADVISORY:
http://secunia.com/advisories/35379/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to disclose sensitive information or
compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to
corrupt memory when a user visits a web site embedding a specially
crafted font.
2) Some vulnerabilities in FreeType can potentially be exploited to
compromise a user's system.
For more information:
SA33970
4) An error in the processing of external entities in XML files can
be exploited to read files from the user's system when a users visits
a specially crafted web page.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc
| VAR-200807-0648 | CVE-2008-2321 | Apple Mac OS X of CoreGraphics Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments.". Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-005.
The security update addresses a total of six new vulnerabilities that affect the CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, and QuickLook components of Mac OS X. The advisory also contains security updates for 11 previously reported issues.
NOTE: This BID is being retired; the following individual records have been created to better document these issues:
30487 Apple Mac OS X CarbonCore Stack Based Buffer Overflow
30488 Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities
30489 Apple Mac OS X CoreGraphics Heap Based Buffer Overflow Vulnerability
30490 Apple Mac OS X Data Detectors Engine Denial Of Service Vulnerability
30492 Apple Mac OS X Disk Utility Privilege Escalation Vulnerability
30493 Apple Mac OS X QuickLook Multiple Memory Corruption Vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the affected application or cause denial-of-service conditions.
1) A vulnerability in BIND can be exploited to poison the DNS cache.
For more information:
SA30973
2) A boundary error exists in CarbonCore when handling filenames.
This can be exploited to cause a stack-based buffer overflow via
overly long filenames.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
3) Multiple errors exist in CoreGraphics when processing received
arguments. These can be exploited to trigger a memory corruption by
e.g. tricking a user into visiting a specially crafted website.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
4) An integer overflow error exists in CoreGraphics when handling PDF
files. This can be exploited to cause a heap-based buffer overflow via
a specially crafted PDF file.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
5) Multiple errors in QuickLook when downloading Microsoft Office
files can be exploited to cause a memory corruption.
Successful exploitation of the vulnerability may allow execution of
arbitrary code.
6) An error exists in the Data Detectors engine when viewing a
specially crafted message. This can be exploited to consume overly
large resources and trigger an application using the engine to
terminate.
7) The problem is that the "Repair Permissions" tool included in Disk
Utility sets the "setuid" bit on "/usr/bin/emacs". This can be
exploited to execute arbitrary commands with system privileges.
8) An error in OpenLDAP when parsing ASN.1 BER encoded packets can be
exploited to cause a DoS.
For more information:
SA30853
9) A boundary error exists in the OpenSSL "SSL_get_shared_ciphers()"
function.
For more information see vulnerability #4 in:
SA22130
10) Some vulnerabilities in PHP can be exploited malicious users to
bypass certain security restrictions, and potentially by malicious
people to cause a DoS (Denial of Service) or to compromise a
vulnerable system.
For more information:
SA30048
11) Two vulnerabilities in rsync can be exploited by malicious users
to bypass certain security restrictions.
For more information:
SA27863
SOLUTION:
Apply Security Update 2008-005.
Security Update 2008-005 Server (PPC):
http://www.apple.com/support/downloads/securityupdate2008005serverppc.html
Security Update 2008-005 Server (Intel):
http://www.apple.com/support/downloads/securityupdate2008005serverintel.html
Security Update 2008-005 (PPC):
http://www.apple.com/support/downloads/securityupdate2008005ppc.html
Security Update 2008-005 (Intel):
http://www.apple.com/support/downloads/securityupdate2008005intel.html
Security Update 2008-005 (Leopard):
http://www.apple.com/support/downloads/securityupdate2008005leopard.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Dan Kaminsky of IOActive
2) Thomas Raffetseder of the International Secure Systems Lab and
Sergio 'shadown' Alvarez of n.runs AG.
3) Michal Zalewski, Google
4) Pariente Kobi, reported via iDefense
7) Anton Rang and Brian Timares
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT2647
OTHER REFERENCES:
SA22130:
http://secunia.com/advisories/22130/
SA27863:
http://secunia.com/advisories/27863/
SA30048:
http://secunia.com/advisories/30048/
SA30973:
http://secunia.com/advisories/30973/
SA30853:
http://secunia.com/advisories/30853/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. Hi all,
I am way behind on this, so I wanted to drop a quick note regarding
some of my vulnerabilities recently addressed by browser vendors - and
provide some possibly interesting PoCs / fuzzers to go with them:
Summary : MSIE same-origin bypass race condition (CVE-2007-3091)
Impact : security bypass, possibly more
Reported : June 2007 (publicly)
PoC URL : http://lcamtuf.coredump.cx/ierace/
Bulletin : http://www.microsoft.com/technet/security/bulletin/MS09-019.mspx
Notes : additional credit to David Bloom for developing an improved
proof-of-concept exploit
Summary : MSIE memory corruption on page transitions
Impact : memory corruption, potential code execution
Reported : April 2008 (privately)
PoC URL : http://lcamtuf.coredump.cx/stest/ (fuzzers)
Bulletin : http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx
Notes : -
Summary : multiple browsers <CANVAS> implementation crashes
(CVE-2008-2321, ???)
Impact : memory corruption, potential code execution
Reported : February 2008 (privately)
PoC URL : http://lcamtuf.coredump.cx/canvas/ (fuzzer)
Bulletin : http://lists.apple.com/archives/security-announce/2009/Jun/msg00002.html
Bulletin : http://www.opera.com/support/kb/view/882/
Notes : also some DoS issues in Firefox
Summary : Safari page transition tailgating (CVE-2009-1684)
Impact : page spoofing, navigation target disclosure
Reported : February 2008 (privately)
PoC URL : http://lcamtuf.coredump.cx/sftrap2/
Bulletin : http://lists.apple.com/archives/security-announce/2009/Jun/msg00002.html
Notes : -
Cheers,
/mz
.
1) A vulnerability in CoreGraphics can potentially be exploited to
compromise a vulnerable system.
For more information:
SA31610
3) An error in the processing of TIFF images can cause a device
reset.
4) An unspecified error can result in the encryption level for PPTP
VPN connections to be lower than expected.
5) A signedness error in the Office Viewer component can potentially
be exploited to execute arbitrary code via a specially crafted
Microsoft Excel file.
This is related to vulnerability #10 in:
SA32222
6) A weakness exists in the handling of emergency calls, which can be
exploited to bypass the Passcode lock and call arbitrary numbers when
physical access to the device is provided.
7) A weakness causes the Passcode lock not to be restored properly.
8) A security issue can result in the content of an SMS message being
displayed when the message arrives while the emergency call screen is
shown.
9) An error in Safari when handling HTML table elements can be
exploited to cause a memory corruption and potentially execute
arbitrary code when a user visits a specially crafted web site.
10) An error in Safari when handling embedded iframe elements can be
exploited to spoof the user interface via content being displayed
outside its boundaries.
11) An error exists in Safari when launching an application while a
call approval dialog is shown. It is also possible to
block the user's ability to cancel the call.
12) An error in Webkit can be exploited to disclose potentially
sensitive data from form fields, although the "Autocomplete" feature
is disabled.
This is related to vulnerability #8 in:
SA32706
SOLUTION:
Update to iPhone OS 2.2 or iPhone OS for iPod touch 2.2 (downloadable
and installable via iTunes). ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
Other vulnerabilities have also been reported of which some may also
affect Safari version 3.x.
SOLUTION:
Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
1-3) Tavis Ormandy
4) Chris Evans of Google Inc
| VAR-200808-0118 | CVE-2008-3731 | Serv-U File Server Service disruption in (DoS) Vulnerabilities |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging. RhinoSoft Serv-U is prone to a remote denial-of-service vulnerability when handling certain SFTP commands.
Exploiting this issue can cause the server to crash and deny service to legitimate users.
Versions prior to Serv-U 7.2.0.1 are vulnerable.
The vulnerability is caused due to an error within the logging
functionality when creating directories via SFTP. This can be
exploited to crash the service.
Successful exploitation requires a valid account with write
permissions.
SOLUTION:
Update to version 7.2.0.1.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.serv-u.com/releasenotes/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200807-0520 | No CVE | Cross-Site Scripting Vulnerability in Hitachi Collaboration - Online Community Management |
CVSS V2: 5.0 CVSS V3: - Severity: Medium |
A cross-site scripting vulnerability has been found in Hitachi Collaboration - Online Community Management.An attacker could execute a cross-site scripting attack.
| VAR-200902-0225 | CVE-2008-6295 | Camera Life Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.php and (2) rss.php; the query string after the image name in (3) photos/photo; the path parameter to (4) folder.php; page parameter and REQUEST_URI to (5) login.php; ver parameter to (6) media.php; theme parameter to (7) modules/iconset/iconset-debug.php; and the REQUEST_URI to (8) index.php. Camera Life Contains a cross-site scripting vulnerability.By any third party, via Web Script or HTML May be inserted.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.
Camera Life 2.6.2b8 is vulnerable to these issues; earlier versions may also be affected. Camera Life is an open source PHP-based photo management and organization plugin. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Camera Life "id" SQL Injection Vulnerability
SECUNIA ADVISORY ID:
SA31234
VERIFY ADVISORY:
http://secunia.com/advisories/31234/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data
WHERE:
>From remote
SOFTWARE:
Camera Life 2.x
http://secunia.com/product/15165/
DESCRIPTION:
nuclear has discovered a vulnerability in Camera Life, which can be
exploited by malicious people to conduct SQL injection attacks.
Input passed to the "id" parameter in sitemap.xml.php is not properly
sanitised before being used in an SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is confirmed in version 2.6. Other versions may
also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
nuclear
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6132
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200808-0363 | CVE-2008-3434 | Apple iTunes Updates for vulnerabilities in |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Apple From iTunes An update for has been released.Man-in-the-middle attacks (man-in-the-middle attack) Any software iTunes May appear to be an update.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Successful exploits will compromise the affected application and possibly the underlying computer. iTunes is a free application for iPod and iPhone media file management. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-11-14-1 iTunes 10.5.1
iTunes 10.5.1 is now available and addresses the following:
iTunes
Available for: Mac OS X v10.5 or later, Windows 7, Vista,
XP SP2 or later
Impact: A man-in-the-middle attacker may offer software that appears
to originate from Apple
Description: iTunes periodically checks for software updates using
an HTTP request to Apple. If Apple Software Update for Windows is
not installed, clicking the Download iTunes button may open the URL
from the HTTP response in the user's default browser. This issue has
been mitigated by using a secured connection when checking for
available updates. For OS X systems, the user's default browser is
not used because Apple Software Update is included with OS X,
however this change adds additional defense-in-depth.
CVE-ID
CVE-2008-3434 : Francisco Amato of Infobyte Security Research
iTunes 10.5.1 may be obtained from:
http://www.apple.com/itunes/download/
For Mac OS X:
The download file is named: "iTunes10.5.1.dmg"
Its SHA-1 digest is: 08f8ebe3f75d7b98a215750c08b7d6eff7c9ceb9
For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: bbe7ed41e62ef1eb345a12a68c1a81d351057952
For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: c3e70eb77ab400470ef9451803c0e411eed6a689
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJOwLKNAAoJEGnF2JsdZQeecIgH/3TTYRa3C8GPQMDZJgdD0Wgh
sktAAH3DWj3HbEluuieTyLkoIzXLluVrJCaLOIt0G79gF0wkW7fB6eXU3i2MFtS2
QYy6dKzZHEKSWlez+pPDnvBLD7KWFg74rz0MBDhhgmpxqHOfJ6CU0xFuojoIYvtP
7WpLtqRpEc1R2dR/y4ACwZWfhpdatZ+mv7Gjq++Nem3/+1MU3M88eGGmX/95qGTv
F6dwxf0c2jhL/5mRqC7A0ybn6VQm0oeTxEN8lgr+NQ+BQdXpH4wNzxmhtRP0AmZ6
A8sENF6QBXf4J3+fCX6NqwvAwhTNUav7ApC4TMvN6fcAHzoTECvUIdpOBSKUD3E=
=7US+
-----END PGP SIGNATURE-----
| VAR-200807-0474 | CVE-2008-3355 | Camera Life 'sitemap.xml.php' SQL Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. Camera Life is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Camera Life 2.6.2 is vulnerable; other versions may also be affected. Camera Life is a photo album management system developed in PHP.
Input passed to the "id" parameter in sitemap.xml.php is not properly
sanitised before being used in an SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is confirmed in version 2.6.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
nuclear
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6132
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200807-0232 | CVE-2008-3245 | phpHoo3 'phpHoo3.php' SQL Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter. phpHoo3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. phpHoo3 is a yahoo-like link management software. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
phpHoo3 "viewCat" SQL Injection Vulnerability
SECUNIA ADVISORY ID:
SA31130
VERIFY ADVISORY:
http://secunia.com/advisories/31130/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data
WHERE:
>From remote
SOFTWARE:
phpHoo3
http://secunia.com/product/19341/
DESCRIPTION:
Mr.SQL has discovered a vulnerability in phpHoo3, which can be
exploited by malicious people to conduct SQL injection attacks.
Input passed to the "viewCat" parameter in phpHoo3.php is not
properly sanitised before being used in SQL queries.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
Mr.SQL
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/6091
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200807-0313 | CVE-2008-3171 | Apple Safari HTTPS to HTTPS Referer Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
Information gathered by an attacker who exploits this vulnerability can aid in further attacks.
Safari 3.1.2 is vulnerable; other versions may also be affected. Apple Safari is the world's fastest, most innovative web browser for Mac and PC
| VAR-200807-0312 | CVE-2008-3170 | Apple Safari In HTTP Session hijack vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. Apple Safari is prone to a vulnerability that allows attackers to set cookies for certain domain extensions.
The browser does not have any security provisions to prevent cookies from being set for extensions with embedded dots. Attackers can leverage this issue to set cookies in a manner that could aid in other web-based attacks.
Safari 3.1.2 is vulnerable; other versions may also be affected. Safari is the web browser bundled by default in the Apple family machine operating system. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple Safari Cross-Domain Cookie Injection Vulnerability
SECUNIA ADVISORY ID:
SA31128
VERIFY ADVISORY:
http://secunia.com/advisories/31128/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From remote
SOFTWARE:
Safari 3.x
http://secunia.com/product/17989/
Safari for Windows 3.x
http://secunia.com/product/17978/
DESCRIPTION:
A vulnerability has been discovered in Apple Safari, which can be
exploited by malicious people to bypass certain security
restrictions. This can e.g. be
exploited to fix a session by setting a known session ID in a cookie,
which the browser sends to all web sites operating under an affected
domain (e.g. co.uk, com.au).
The vulnerability is confirmed in Apple Safari for Windows 3.1.2.
SOLUTION:
Do not browse untrusted web sites or follow untrusted links.
PROVIDED AND/OR DISCOVERED BY:
kuza55
ORIGINAL ADVISORY:
http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-350A
Apple Updates for Multiple Vulnerabilities
Original release date: December 15, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)
* Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)
Overview
Apple has released Security Update 2008-008 and Mac OS X version
10.5.6 to correct multiple vulnerabilities affecting Apple Mac OS X
and Mac OS X Server. Attackers could exploit these vulnerabilities
to execute arbitrary code, gain access to sensitive information, or
cause a denial of service.
I. Description
Apple Security Update 2008-008 and Apple Mac OS X version 10.5.6
address a number of vulnerabilities affecting Apple Mac OS X and
Mac OS X Server versions prior to and including 10.4.11 and 10.5.5.
The update also addresses vulnerabilities in other vendors'
products that ship with Apple Mac OS X or Mac OS X Server.
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.
III. Solution
Install Apple Security Update 2008-008 or Apple Mac OS X version
10.5.6. These and other updates are available via Software Update
or via Apple Downloads.
IV. References
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* About the security content of Security Update 2008-008 / Mac OS X
v10.5.6 -
<https://support.apple.com/kb/HT3338>
* Mac OS X: Updating your software -
<https://support.apple.com/kb/HT1338?viewlocale=en_US>
* Apple Downloads - <http://support.apple.com/downloads/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-350A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-350A Feedback VU#901332" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
December 15, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK
g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2
ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon
Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d
fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE
ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw==
=yvkk
-----END PGP SIGNATURE-----
| VAR-200807-0013 | CVE-2008-2318 | Apple Xcode Tool WebObjects Local sessions at ID Improper addition vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. Apple WebObjects is prone to an information-disclosure vulnerability when generating URIs for HTML documents.
To exploit this issue an affected application would have to contain a URI to an arbitrary website that an attacker has control of or on which the attacker can view activity logs. Harvested session ID data can aid in attacks.
Versions of WebObjects that are affected are currently unspecified, however those included in Xcode versions prior to 3.1 are affected. Xcode is the development tool used on Apple machines. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple Xcode tools Vulnerability and Security Issue
SECUNIA ADVISORY ID:
SA31060
VERIFY ADVISORY:
http://secunia.com/advisories/31060/
CRITICAL:
Moderately critical
IMPACT:
Exposure of sensitive information, System access
WHERE:
>From remote
SOFTWARE:
Apple Xcode 2.x
http://secunia.com/product/10144/
Apple Xcode 3.x
http://secunia.com/product/19297/
DESCRIPTION:
A vulnerability and a security issue have been reported in Xcode
tools, which can be exploited by malicious people to disclose
sensitive information or to compromise a user's system.
1) A boundary error in the handling of .funhouse files in CoreImage
Examples can be exploited to cause a buffer overflow when a user is
tricked into opening a specially crafted .funhouse file.
Successful exploitation allows execution of arbitrary code.
2) An error in WebObjects exists within the handling of session IDs
where the session ID is always appended to the URL generated by
WOHyperlink. This may lead to the disclosure of session IDs when
generating URLs to other web sites.
SOLUTION:
Update to version 3.1.
PROVIDED AND/OR DISCOVERED BY:
1) Kevin Finisterre, Netragard
2) Reported by the vendor.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT2352
Netragard:
http://www.netragard.com/pdfs/research/NETRAGARD-20080630-FUNHOUSE.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200901-0302 | CVE-2009-0070 | Apple Safari of Integer signedness Arbitrary memory location in error is read and service operation is interrupted (DoS) Vulnerabilities |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307. This vulnerability is CVE-2008-2307 Vulnerability related to. Apple iPhone and iPod touch are prone to multiple remote vulnerabilities:
1. A vulnerability that may allow users to spoof websites.
2.
3.
4.
Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible.
These issues affect iPhone 1.0 through 1.1.4 and iPod touch 1.1 through 1.1.4. Apple Safari has an integer symbol type error vulnerability