VARIoT IoT vulnerabilities database

VAR-200912-0285 | CVE-2009-4409 | SEIL/B1 authentication issue |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack. As a result, the third party may gain access to the network. According the developer, when L2TP/IPsec is being used, the authentication challenges are protected by the encryption provided by IPsec, and therefore the probability of being affected by this issue are reduced. SEIL/B1 is prone to an authentication-bypass vulnerability affecting CHAP and MS-CHAP-V2 authentication.
Versions prior to SEIL/B1 2.60 are vulnerable. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
SEIL Routers PPP Access Concentrator Replay Vulnerability
SECUNIA ADVISORY ID:
SA37628
VERIFY ADVISORY:
http://secunia.com/advisories/37628/
DESCRIPTION:
A vulnerability has been reported in the SEIL B1 router, which can be
exploited by malicious people to bypass certain security
restrictions.
SOLUTION:
Update to version 2.60.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
SEIL:
http://www.seil.jp/seilseries/security/2009/a00697.php
JVN:
http://jvn.jp/en/jp/JVN49602378/index.html
http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000079.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200912-0769 | CVE-2009-3563 |
NTP mode 7 denial-of-service vulnerability
Related entries in the VARIoT exploits database: VAR-E-200912-0107 |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. NTP contains a vulnerability in the handling of mode 7 requests, which can result in a denial-of-service condition. A novel traffic-loop vulnerability has been identified against certain implementations of UDP-based applications protocols. An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources.CVE-2009-3563 Unknown
CVE-2024-1309 Unknown
CVE-2024-2169 AffectedCVE-2009-3563 Unknown
CVE-2024-1309 Unknown
CVE-2024-2169 Affected. NTP is prone to a remote denial-of-service vulnerability because it fails to properly handle certain incoming network packets.
An attacker can exploit this issue to cause the application to consume excessive CPU resources and fill disk space with log messages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0004
Synopsis: ESX Service Console and vMA third party updates
Issue date: 2010-03-03
Updated on: 2010-03-03 (initial release of advisory)
CVE numbers: CVE-2009-2905 CVE-2008-4552 CVE-2008-4316
CVE-2009-1377 CVE-2009-1378 CVE-2009-1379
CVE-2009-1386 CVE-2009-1387 CVE-2009-0590
CVE-2009-4022 CVE-2009-3560 CVE-2009-3720
CVE-2009-2904 CVE-2009-3563 CVE-2009-2695
CVE-2009-2849 CVE-2009-2695 CVE-2009-2908
CVE-2009-3228 CVE-2009-3286 CVE-2009-3547
CVE-2009-3613 CVE-2009-3612 CVE-2009-3620
CVE-2009-3621 CVE-2009-3726 CVE-2008-3916
CVE-2009-1189 CVE-2009-0115
- ------------------------------------------------------------------------
1. Summary
ESX Service Console updates for newt, nfs-utils, and glib2 packages.
vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id,
device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl,
bind, expat, openssh, ntp and kernel packages.
2. Relevant releases
VMware ESX 4.0.0 without patch ESX400-201002404-SG, ESX400-201002407-SG,
ESX400-201002406-SG
VMware vMA 4.0 before patch 3
3. Problem Description
a. vMA and Service Console update for newt to 0.52.2-12.el5_4.1
Newt is a programming library for color text mode, widget based
user interfaces. Newt can be used to add stacked windows, entry
widgets, checkboxes, radio buttons, labels, plain text fields,
scrollbars, etc., to text mode user interfaces.
A heap-based buffer overflow flaw was found in the way newt
processes content that is to be displayed in a text dialog box.
A local attacker could issue a specially-crafted text dialog box
display request (direct or via a custom application), leading to a
denial of service (application crash) or, potentially, arbitrary
code execution with the privileges of the user running the
application using the newt library.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-2905 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-201002406-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 3
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. vMA and Service Console update for vMA package nfs-utils to
1.0.9-42.el5
The nfs-utils package provides a daemon for the kernel NFS server
and related tools.
It was discovered that nfs-utils did not use tcp_wrappers
correctly. Certain hosts access rules defined in "/etc/hosts.allow"
and "/etc/hosts.deny" may not have been honored, possibly allowing
remote attackers to bypass intended access restrictions.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2008-4552 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-201002407-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 3
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
c. vMA and Service Console package glib2 updated to 2.12.3-4.el5_3.1
GLib is the low-level core library that forms the basis for projects
such
as GTK+ and GNOME. It provides data structure handling for C,
portability wrappers, and interfaces for such runtime functionality
as an event loop, threads, dynamic loading, and an object system.
Multiple integer overflows in glib/gbase64.c in GLib before 2.20
allow context-dependent attackers to execute arbitrary code via a
long string that is converted either from or to a base64
representation.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2008-4316 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-201002404-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 3
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
d. vMA and Service Console update for openssl to 0.9.8e-12.el5
SSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-
strength cryptography world-wide.
Multiple denial of service flaws were discovered in OpenSSL's DTLS
implementation. A remote attacker could use these flaws to cause a
DTLS server to use excessive amounts of memory, or crash on an
invalid memory access or NULL pointer dereference.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the names CVE-2009-1377, CVE-2009-1378,
CVE-2009-1379, CVE-2009-1386, CVE-2009-1387 to these issues.
An input validation flaw was found in the handling of the BMPString
and UniversalString ASN1 string types in OpenSSL's
ASN1_STRING_print_ex() function. An attacker could use this flaw to
create a specially-crafted X.509 certificate that could cause
applications using the affected function to crash when printing
certificate contents.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-0590 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 3
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
e. vMA and Service Console package bind updated to 9.3.6-4.P1.el5_4.1
It was discovered that BIND was incorrectly caching responses
without performing proper DNSSEC validation, when those responses
were received during the resolution of a recursive client query
that requested DNSSEC records but indicated that checking should be
disabled. A remote attacker could use this flaw to bypass the DNSSEC
validation check and perform a cache poisoning attack if the target
BIND server was receiving such client queries.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-4022 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not applicable
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 3
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
f. vMA and Service Console package expat updated to 1.95.8-8.3.el5_4.2.
Two buffer over-read flaws were found in the way Expat handled
malformed UTF-8 sequences when processing XML files. A specially-
crafted XML file could cause applications using Expat to fail while
parsing the file.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the names CVE-2009-3560 and CVE-2009-3720 to these
issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not applicable
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 3
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
g. vMA and Service Console package openssh update to 4.3p2-36.el5_4.2
A Red Hat specific patch used in the openssh packages as shipped in
Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain
ownership requirements for directories used as arguments for the
ChrootDirectory configuration options. A malicious user that also
has or previously had non-chroot shell access to a system could
possibly use this flaw to escalate their privileges and run
commands as any system user.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-2904 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not applicable
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 3
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
h. vMA and Service Console package ntp updated to
ntp-4.2.2p1-9.el5_4.1.i386.rpm
A flaw was discovered in the way ntpd handled certain malformed NTP
packets. ntpd logged information about all such packets and replied
with an NTP packet that was treated as malformed when received by
another ntpd.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-3563 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not applicable
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 3
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
i. vMA update for package kernel to 2.6.18-164.9.1.el5
Updated vMA package kernel addresses the security issues listed
below.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2849 to the security issue fixed in
kernel 2.6.18-128.2.1
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228,
CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues
fixed in kernel 2.6.18-128.6.1
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621,
CVE-2009-3726 to the security issues fixed in kernel
2.6.18-128.9.1
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 3 **
* hosted products are VMware Workstation, Player, ACE, Fusion.
** vMA is updated to kernel version 2.6.18-164.9.1
j. vMA 4.0 updates for the packages kpartx, libvolume-id,
device-mapper-multipath, fipscheck, dbus, dbus-libs, and ed
kpartx updated to 0.4.7-23.el5_3.4, libvolume-id updated to
095-14.20.el5 device-mapper-multipath package updated to
0.4.7-23.el5_3.4, fipscheck updated to 1.0.3-1.el5, dbus
updated to 1.1.2-12.el5, dbus-libs updated to 1.1.2-12.el5,
and ed package updated to 0.2-39.el5_2.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the names CVE-2008-3916, CVE-2009-1189 and
CVE-2009-0115 to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 3
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX 4.0
-------
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-192-20100228-732
240/ESX400-201002001.zip
md5sum: de62cbccaffa4b2b6831617f18c1ccb4
sha1sum: 4083f191fa4acd6600c9a87e4852f9f5700e91ab
http://kb.vmware.com/kb/1018403
Note: ESX400-201002001 contains the following security bulletins
ESX400-201002404-SG, ESX400-201002407-SG, and ESX400-201002406-SG.
To install an individual bulletin use esxupdate with the -b option.
esxupdate --bundle ESX400-201002001.zip -b ESX400-201002404-SG \
-b ESX400-201002407-SG -b ESX400-201002406-SG update
vMA 4.0
-------
To update VIMA
1 Log in to VIMA as vi-admin.
2 type 'sudo /usr/sbin/vima-update update' this will apply all
currently available updates. See http://tinyurl.com/yfekgrx
for more information.
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115
- ------------------------------------------------------------------------
6. Change log
2010-03-03 VMSA-2010-0004
Initial security advisory after release of bulletins for ESX 4.0
on 2010-03-03 and release of vMA Patch 3 on 2010-02-25.
- -----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2010 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wj8DBQFLj1c6S2KysvBH1xkRAnl5AJ9RcHVB7qooSwOPFdVoDFTjohDypgCfZ44O
2z0ICIcntM88ZONMfDNUM6Y=
=14fN
-----END PGP SIGNATURE-----
.
An unexpected NTP mode 7 packets (MODE_PRIVATE) with spoofed IP data can lead
ntpd to reply with a mode 7 response to the spoofed address.
For the oldstable distribution (etch), this problem has been fixed in
version 1:4.2.2.p4+dfsg-2etch4.
For the stable distribution (lenny), this problem has been fixed in
version 1:4.2.4p4+dfsg-8lenny3.
For the testing (squeeze) and unstable (sid) distribution, this problem
will be fixed soon.
We recommend that you upgrade your ntp packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.dsc
Size/MD5 checksum: 906 115e93f010e32aa1c90231461487503a
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz
Size/MD5 checksum: 2199764 ad746cda2d90dbb9ed06fe164273c5d0
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.diff.gz
Size/MD5 checksum: 182632 80aa236bd0a39096c5e5d462c0b9b279
Architecture independent packages:
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.2.p4+dfsg-2etch4_all.deb
Size/MD5 checksum: 28596 df605f89c08a01116c2ff799777f6a2c
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-2etch4_all.deb
Size/MD5 checksum: 28594 0c683ac7e7f5b131515f956aed87de3d
http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.2.p4+dfsg-2etch4_all.deb
Size/MD5 checksum: 912886 1af5a623cbf5f145f34dab7beefcd183
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_alpha.deb
Size/MD5 checksum: 408070 ca33235c58a26ad1a839084b4f2d385c
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_alpha.deb
Size/MD5 checksum: 65056 e527eb4c93d427c025374805fb5288cb
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_amd64.deb
Size/MD5 checksum: 62258 13a4f4faaf699913e421c093e598f2a9
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_amd64.deb
Size/MD5 checksum: 359384 1a289aa1f8439e2ef736cbf29bbe140f
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_arm.deb
Size/MD5 checksum: 59784 8a84cae4e8f643cbd3ed684e5a7eb0ff
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_arm.deb
Size/MD5 checksum: 344316 57066e8abfdf51c36d63600c993f3c20
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_hppa.deb
Size/MD5 checksum: 372448 0b8f9b90bb03a2f572066fe8b47c7202
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_hppa.deb
Size/MD5 checksum: 62160 88dc964fa357187ddc97d37513a863ba
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_i386.deb
Size/MD5 checksum: 58316 90fc92e7a8f6582ee21076849ae0dfba
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_i386.deb
Size/MD5 checksum: 333772 e5fbae24686d444fff118f3ce9cc45db
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_ia64.deb
Size/MD5 checksum: 523358 0032e3c9bcb4a27a312a47fb95d1f9a1
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_ia64.deb
Size/MD5 checksum: 74712 72c1b601f4beb41c6c04a54534ba9c51
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mips.deb
Size/MD5 checksum: 382868 2980d63a9ca6344e6a76698d0e808f8c
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mips.deb
Size/MD5 checksum: 63610 d523930b9b98d6353bf4e6fb7d7e57f5
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mipsel.deb
Size/MD5 checksum: 64134 e4042de5af081701911a7cece69c6cce
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mipsel.deb
Size/MD5 checksum: 390142 b50dc2bd5970f224b6994c460f8f560a
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_powerpc.deb
Size/MD5 checksum: 358860 432b58ad621ac266455f7e5124d2eb1c
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_powerpc.deb
Size/MD5 checksum: 61760 2c9dd1b3a8d61bece4f420e533b7a6eb
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_s390.deb
Size/MD5 checksum: 350300 40a28748d5016101c179bd4a22c08390
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_s390.deb
Size/MD5 checksum: 61242 14c08344bfd0561ced0d54aa2cd23a2e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_sparc.deb
Size/MD5 checksum: 58584 0e573ef22b1514b12e01fa6ac2bb1ddb
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_sparc.deb
Size/MD5 checksum: 332284 4589ff44bc97ad73513d8ba5419c7845
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3.dsc
Size/MD5 checksum: 1459 81e70fe84f27e3bfabdbfb9f3122492b
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
Size/MD5 checksum: 2835029 dc2b3ac9cc04b0f29df35467514c9884
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3.diff.gz
Size/MD5 checksum: 300928 b568f39eda3e46f27239ad44021f968c
Architecture independent packages:
http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.4p4+dfsg-8lenny3_all.deb
Size/MD5 checksum: 927658 8db03976b7b105057ead2da4bae09219
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_alpha.deb
Size/MD5 checksum: 66706 9213dcba9a99fa363f0ce48c514a008b
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_alpha.deb
Size/MD5 checksum: 538492 de37b288ef933f34446ab78a8d8ed76b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_amd64.deb
Size/MD5 checksum: 63836 a0b5b030abe6a6c32591366febcec1d1
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_amd64.deb
Size/MD5 checksum: 479472 277efe45a76a24da6ca14ae581d0a3a2
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_arm.deb
Size/MD5 checksum: 61220 d4905eea52795330e517acca903059f4
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_arm.deb
Size/MD5 checksum: 448164 cc28e545eb359eba225abfcb02cc4377
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_armel.deb
Size/MD5 checksum: 62794 e5a43b8076a77643cc742348f0e63de1
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_armel.deb
Size/MD5 checksum: 458908 3721b8d7b7a67b31db6249521dd9f015
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_hppa.deb
Size/MD5 checksum: 63872 53a7009f1888c06b162c258a9bb5d6fb
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_hppa.deb
Size/MD5 checksum: 485744 b8e950ba02a13ecacfe332db56c0c887
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_i386.deb
Size/MD5 checksum: 434672 6ccfb060f39cc56f39ef8806865b767d
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_i386.deb
Size/MD5 checksum: 60114 2f0914ae2191ddf3f74529bc896299da
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_ia64.deb
Size/MD5 checksum: 707812 eb960c732894d56589ba62d76c5ba568
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_ia64.deb
Size/MD5 checksum: 76366 6b5b986e454276661e8b483f095bd16e
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_mips.deb
Size/MD5 checksum: 64116 ab287c70d2c2daf7b1a8808db8dcedc9
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_mips.deb
Size/MD5 checksum: 490394 0009cb5333123767dc3afcde682d9e10
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_mipsel.deb
Size/MD5 checksum: 500786 3b842b738e616f301c31cd025c595235
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_mipsel.deb
Size/MD5 checksum: 64776 fd31cdaa7a78d7e3fa072b746dd98e01
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_powerpc.deb
Size/MD5 checksum: 490620 21d03b435c327c2884fe587a56fe10fb
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_powerpc.deb
Size/MD5 checksum: 65470 6966f71002ae63c104e608af1a7daa3a
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_s390.deb
Size/MD5 checksum: 63678 4b143ad2444681bdb1ee44d395996a29
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_s390.deb
Size/MD5 checksum: 474000 6fb44a33381b0d582599eb33896d8f0f
These files will probably be moved into the stable distribution on
its next update.
Product/Patch kit
ITRC Download Location
MD5 and SHA1 Checksum
HP Tru64 UNIX v 5.1B-4 PK6 (BL27)
T64KIT1001787-V51BB27-ES-20100817
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001787-V51BB27-ES-20100817
MD5 results: 2b3a21a96b7855d9ca223f483bd5bfed
SHA1 results: ac2221c9d025008b258ac8592a210e16e775fbcf
HP Tru64 UNIX v 5.1B-5 PK7 (BL28)
T64KIT1001786-V51BB28-ES-20100816
http://www13.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001786-V51BB28-ES-20100816
MD5 results: b34d028797577408d565da27d93c30a9
SHA1 results: b34d028797577408d565da27d93c30a9
Note:
The patch kit installation instructions and the Patch Summary and Release Notes documents provide patch kit installation and removal instructions and a summary of each patch. Please read these documents prior to installing patches. ===========================================================
Ubuntu Security Notice USN-867-1 December 08, 2009
ntp vulnerability
CVE-2009-3563
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
ntp 1:4.2.0a+stable-8.1ubuntu6.3
ntp-server 1:4.2.0a+stable-8.1ubuntu6.3
Ubuntu 8.04 LTS:
ntp 1:4.2.4p4+dfsg-3ubuntu2.3
Ubuntu 8.10:
ntp 1:4.2.4p4+dfsg-6ubuntu2.4
Ubuntu 9.04:
ntp 1:4.2.4p4+dfsg-7ubuntu5.2
Ubuntu 9.10:
ntp 1:4.2.4p6+dfsg-1ubuntu5.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Robin Park and Dmitri Vinokurov discovered a logic error in ntpd.
HP TCP/IP Services for OpenVMS v5.4, v5.5, v5.6, and v5.7 (only affected by CVE-2009-3563) on Itanium and Alpha platforms.
Patch kit installation instructions are provided in the file readme.txt . ESXi userworld update for ntp
The Network Time Protocol (NTP) is used to synchronize the time of
a computer client or server to another server or reference time
source.
A vulnerability was discovered which may allow remote attackers to
spoof certificates by using MD2 design flaws to generate a hash
collision in less than brute-force time. NOTE: the scope of this
issue is currently limited because the amount of computation
required is still large.
This update also includes security fixes that were first addressed
in version openssl-0.9.8e-12.el5.i386.rpm.
Kerberos is a network authentication protocol. It is designed to
provide strong authentication for client/server applications by
using secret-key cryptography. This update fixes a flaw found in pam_krb5. In
some non-default configurations (specifically, where pam_krb5 would
be the first module to prompt for a password), a remote attacker
could use this flaw to recognize valid usernames, which would aid a
dictionary-based password guess attack. Service Console package bind updated to 9.3.6-4.P1.el5_4.2
BIND (Berkeley Internet Name Daemon) is by far the most widely used
Domain Name System (DNS) software on the Internet.
A vulnerability was discovered which could allow remote attacker to
add the Authenticated Data (AD) flag to a forged NXDOMAIN response
for an existing domain.
A vulnerability was found in the way that bind handles out-of-
bailiwick data accompanying a secure response without re-fetching
from the original source, which could allow remote attackers to
have an unspecified impact via a crafted response.
NOTE: ESX does not use the BIND name service daemon by default. Service Console package gcc updated to 3.2.3-60
The GNU Compiler Collection includes front ends for C, C++,
Objective-C, Fortran, Java, and Ada, as well as libraries for these
languages
GNU Libtool's ltdl.c attempts to open .la library files in the
current working directory. This could allow a local user to gain
privileges via a Trojan horse file. The GNU C Compiler collection
(gcc) provided in ESX contains a statically linked version of the
vulnerable code, and is being replaced. Service Console package sudo updated to 1.6.9p17-6.el5_4
Sudo (su "do") allows a system administrator to delegate authority
to give certain users (or groups of users) the ability to run some
(or all) commands as root or another user while providing an audit
trail of the commands and their arguments.
When a pseudo-command is enabled, sudo permits a match between the
name of the pseudo-command and the name of an executable file in an
arbitrary directory, which allows local users to gain privileges
via a crafted executable file.
When the runas_default option is used, sudo does not properly set
group memberships, which allows local users to gain privileges via
a sudo command.
Corrected: 2010-01-06 21:45:30 UTC (RELENG_8, 8.0-STABLE)
2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2)
2010-01-06 21:45:30 UTC (RELENG_7, 7.2-STABLE)
2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6)
2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10)
2010-01-06 21:45:30 UTC (RELENG_6, 6.4-STABLE)
2010-01-06 21:45:30 UTC (RELENG_6_4, 6.4-RELEASE-p9)
2010-01-06 21:45:30 UTC (RELENG_6_3, 6.3-RELEASE-p15)
CVE Name: CVE-2009-3563
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
II. Problem Description
If ntpd receives a mode 7 (MODE_PRIVATE) request or error response
from a source address not listed in either a 'restrict ... noquery'
or a 'restrict ... ignore' section it will log the even and send
a mode 7 error response.
III.
IV. Workaround
Proper filtering of mode 7 NTP packets by a firewall can limit the
number of systems used to attack your resources. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE,
or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or
RELENG_6_3 security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 6.3, 6.4,
7.1, 7.2, and 8.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch
# fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/usr.sbin/ntp/ntpd
# make obj && make depend && make && make install
# /etc/rc.d/ntpd restart
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.2
RELENG_6_4
src/UPDATING 1.416.2.40.2.13
src/sys/conf/newvers.sh 1.69.2.18.2.15
src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.1.2.1
RELENG_6_3
src/UPDATING 1.416.2.37.2.20
src/sys/conf/newvers.sh 1.69.2.15.2.19
src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.20.1
RELENG_7
src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.2
RELENG_7_2
src/UPDATING 1.507.2.23.2.9
src/sys/conf/newvers.sh 1.72.2.11.2.10
src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.4.1
RELENG_7_1
src/UPDATING 1.507.2.13.2.13
src/sys/conf/newvers.sh 1.72.2.9.2.14
src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.2.1
RELENG_8
src/contrib/ntp/ntpd/ntp_request.c 1.2.2.1
RELENG_8_0
src/UPDATING 1.632.2.7.2.5
src/sys/conf/newvers.sh 1.83.2.6.2.5
src/contrib/ntp/ntpd/ntp_request.c 1.2.4.1
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/6/ r201679
releng/6.4/ r201679
releng/6.3/ r201679
stable/7/ r201679
releng/7.2/ r201679
releng/7.1/ r201679
stable/8/ r201679
releng/8.0/ r201679
head/ r200576
- -------------------------------------------------------------------------
VII.
The upgrade is available by downloading from software.hp.com -> HPUX 11i
Software -> Internet ready and networking -> HP-UX Network Time Protocol
version 4 or directly from https://h20392.www2.hp.com/portal/swdepot/displayP
roductInfo.do?productNumber=HPUX-NTP
Please review the Installation link at the bottom of the page. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Release Date: 2011-03-28
Last Updated: 2011-03-24
------------------------------------------------------------------------------
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS).
References: CVE-2009-3563
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running XNTP.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-3563 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following patches to resolve this vulnerability.
The patches are available by contacting HP Support.
http://itrc.hp.com
HP-UX Release / Patch ID
B.11.11 (11i v1) / PHNE_41907
B.11.23 (11i v2) / PHNE_41908
B.11.31 (11i v3) / PHNE_41177
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
==================
InternetSrvcs.INETSVCS-BOOT
action: install patch PHNE_41907 or subsequent
HP-UX B.11.23
==================
InternetSrvcs.INETSVCS2-BOOT
action: install patch PHNE_41908 or subsequent
HP-UX B.11.31
==================
NTP.NTP-RUN
action: install patch PHNE_41177 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 28 March 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All NTP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p7-r1"
References
==========
[ 1 ] CVE-2009-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201001-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us.
License
=======
Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
VAR-200912-0137 | CVE-2009-4197 | Huawei MT882 modem firmware of rpwizPppoe.htm Password acquisition vulnerability |
CVSS V2: 4.7 CVSS V3: - Severity: MEDIUM |
rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete. Huawei MT882l is a small ADSL modem. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Huawei MT882 Multiple Cross-Site Scripting Vulnerabilities
SECUNIA ADVISORY ID:
SA37568
VERIFY ADVISORY:
http://secunia.com/advisories/37568/
DESCRIPTION:
DecodeX01 has reported multiple vulnerabilities in Huawei MT882,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Input passed to the "BackButton" parameter in Forms/error_1,
"wzConnFlag" in Forms/fresh_pppoe_1, "diag_pppindex_argen" and
"DiagStartFlag" in Forms/rpDiag_argen_1, "wzdmz_active" and
"wzdmzHostIP" in Forms/rpNATdmz_argen_1, "wzVIRTUALSVR_endPort",
"wzVIRTUALSVR_endPortLocal", "wzVIRTUALSVR_IndexFlag",
"wzVIRTUALSVR_localIP", "wzVIRTUALSVR_startPort", and
"wzVIRTUALSVR_startPortLocal" in Forms/rpNATvirsvr_argen_1,
"Connect_DialFlag", "Connect_DialHidden", and "Connect_Flag" in
Forms/rpStatus_argen_1, "Telephone_select" and "wzFirstFlag" in
Forms/rpwizard_1, and "wzConnectFlag" in Forms/rpwizPppoe_1 is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
The vulnerabilities are reported in version 3.7.9.98. Other version
may also be affected.
SOLUTION:
Filter malicious characters and character sequences in a proxy.
PROVIDED AND/OR DISCOVERED BY:
DecodeX01
ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/10276
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200912-0129 | CVE-2009-4189 |
HP Operations Manager Vulnerable to arbitrary code execution
Related entries in the VARIoT exploits database: VAR-E-201009-0027, VAR-E-201012-1020 |
CVSS V2: 10.0 CVSS V3: - Severity: High |
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843. Operations Manager is prone to a file-upload vulnerability
VAR-200912-0136 | CVE-2009-4196 | Huawei MT882 V100R002B020 ARG-T of Forms/ Cross-site scripting vulnerability in underlying script |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to fresh_pppoe_1; (3) diag_pppindex_argen and (4) DiagStartFlag parameters to rpDiag_argen_1; (5) wzdmz_active and (6) wzdmzHostIP parameters to rpNATdmz_argen_1; (7) wzVIRTUALSVR_endPort, (8) wzVIRTUALSVR_endPortLocal, (9) wzVIRTUALSVR_IndexFlag, (10) wzVIRTUALSVR_localIP, (11) wzVIRTUALSVR_startPort, and (12) wzVIRTUALSVR_startPortLocal parameters to rpNATvirsvr_argen_1; (13) Connect_DialFlag, (14) Connect_DialHidden, and (15) Connect_Flag parameters to rpStatus_argen_1; (16) Telephone_select, and (17) wzFirstFlag parameters to rpwizard_1; and (18) wzConnectFlag parameter to rpwizPppoe_1. (1) error_1 To BackButton Parameters (2) fresh_pppoe_1 To wzConnFlag Parameters (3) rpDiag_argen_1 To diag_pppindex_argen Parameters (4) rpDiag_argen_1 To DiagStartFlag Parameters (5) rpNATdmz_argen_1 To wzdmz_active Parameters (6) rpNATdmz_argen_1 To wzdmzHostIP Parameters (7) rpNATvirsvr_argen_1 To wzVIRTUALSVR_endPort Parameters (8) rpNATvirsvr_argen_1 To wzVIRTUALSVR_endPortLocal Parameters (9) rpNATvirsvr_argen_1 To wzVIRTUALSVR_IndexFlag Parameters (10) rpNATvirsvr_argen_1 To wzVIRTUALSVR_localIP Parameters (11) rpNATvirsvr_argen_1 To wzVIRTUALSVR_startPort Parameters (12) rpNATvirsvr_argen_1 To wzVIRTUALSVR_startPortLocal Parameters (13) rpStatus_argen_1 To Connect_DialFlag Parameters (14) rpStatus_argen_1 To Connect_DialHidden Parameters (15) rpStatus_argen_1 To Connect_Flag Parameters (16) rpwizard_1 To Telephone_select Parameters (17) rpwizard_1 To wzFirstFlag Parameters (18) rpwizPppoe_1 To wzConnectFlag Parameters. Huawei MT882 is prone to multiple cross-site scripting vulnerabilities and an information-disclosure vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The attacker may also obtain sensitive information.
Huawei MT882 firmware 3.7.9.98 is vulnerable; other versions may also be affected. Huawei MT882l is a small ADSL modem. Multiple scripts in Forms/ of the MT882l cat do not properly filter parameter requests submitted by users. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Huawei MT882 Multiple Cross-Site Scripting Vulnerabilities
SECUNIA ADVISORY ID:
SA37568
VERIFY ADVISORY:
http://secunia.com/advisories/37568/
DESCRIPTION:
DecodeX01 has reported multiple vulnerabilities in Huawei MT882,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Input passed to the "BackButton" parameter in Forms/error_1,
"wzConnFlag" in Forms/fresh_pppoe_1, "diag_pppindex_argen" and
"DiagStartFlag" in Forms/rpDiag_argen_1, "wzdmz_active" and
"wzdmzHostIP" in Forms/rpNATdmz_argen_1, "wzVIRTUALSVR_endPort",
"wzVIRTUALSVR_endPortLocal", "wzVIRTUALSVR_IndexFlag",
"wzVIRTUALSVR_localIP", "wzVIRTUALSVR_startPort", and
"wzVIRTUALSVR_startPortLocal" in Forms/rpNATvirsvr_argen_1,
"Connect_DialFlag", "Connect_DialHidden", and "Connect_Flag" in
Forms/rpStatus_argen_1, "Telephone_select" and "wzFirstFlag" in
Forms/rpwizard_1, and "wzConnectFlag" in Forms/rpwizPppoe_1 is not
properly sanitised before being returned to the user.
The vulnerabilities are reported in version 3.7.9.98.
SOLUTION:
Filter malicious characters and character sequences in a proxy.
PROVIDED AND/OR DISCOVERED BY:
DecodeX01
ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/10276
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200912-0425 | CVE-2009-2843 | Mac OS X For Java Vulnerable to arbitrary code execution |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.
Successful exploits will allow attackers to bypass certain security restrictions and trick users into running untrusted Java applets with the privileges of trusted applets.
The issue affects the following:
Mac OS X v10.5.8
Mac OS X Server v10.5.8
Mac OS X v10.6.2
Mac OS X Server v10.6.2. Mac OS is an operating system that runs on Apple's Macintosh series of computers. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia. This fixes some
vulnerabilities, which can be exploited by malicious people to
potentially disclose sensitive information, bypass certain security
restrictions, cause a DoS (Denial of Service), or to compromise a
user's system.
SOLUTION:
Apply updates.
http://support.apple.com/kb/DL971
PROVIDED AND/OR DISCOVERED BY:
2) The vendor credits Simon Heimlicher, ETH Zurich.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3969
http://support.apple.com/kb/HT3970
OTHER REFERENCES:
SA37231:
http://secunia.com/advisories/37231/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200912-0424 | CVE-2009-2631 |
Clientless SSL VPN products break web browser domain-based security models
Related entries in the VARIoT exploits database: VAR-E-200911-0275 |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design. An attacker could use these devices to bypass authentication or conduct other web-based attacks. plural SSL VPN (Web VPN) There is a problem with the product that can bypass the security mechanism of the web browser. SL VPN (Web VPN) Network resources within an organization using a web browser ( Web server, mail server, etc. ) It is a product to provide a safe access method. SSL VPN (Web VPN) The product rewrites content as necessary as a proxy between the web browser and the server. SSL VPN (Web VPN) Web browser security mechanisms by accessing crafted web pages through (Same Origin Policy) May be bypassed. SSL VPN (Web VPN) Products that implement may be affected by this vulnerability.When a user views a specially crafted page, a remote third party VPN Or hijacking your session SSL VPN (Web VPN) There is a possibility that the content accessed through the site may be viewed or altered.
Attackers may exploit this issue to violate the same-origin policy to obtain VPN session tokens, read or modify cookie-based authentication credentials, or perform unauthorized actions with the privileges of the web-based VPN domain. Other attacks may also be possible.
Clientless SSL VPN products from Cisco, Juniper Networks, and SonicWall are vulnerable. Other vendors' products may also be affected. We will update this BID as more information emerges. 2. Web VPN authenticates the user and assigns an ID to the session, which is sent to the user's browser in the form of a cookie. 3. For example, http://<www.intranet.example.com>/mail.html link becomes https://<webvpnserver>/www.intranet.example.com/mail.html. The cookie set by the requested web server will be converted into a completely unique cookie before being sent to the user's browser to prevent two cookies with the same name from conflicting. For example, a session ID cookie set by intranet.example.com is renamed intranet.example.com_sessionid before being sent to the user's browser. Additionally, Web VPN replaces references to specific HTML DOM objects like document.cookie. These DOM objects are replaced by scripts that return the value of the DOM object, so that they can be accessed within the security context of the requested site domain.
SOLUTION:
Disable content rewriting for untrusted web servers.
The vulnerability is reported in CallPilot 201i, 202i, 600r, 703t,
1002rp, and 1005r.
SOLUTION:
The vendor recommends to avoid browsing other web sites while logged
in to CallPilot Manager or My CallPilot. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Citrix Access Gateway Web VPN Same Origin Policy Bypass
SECUNIA ADVISORY ID:
SA37696
VERIFY ADVISORY:
http://secunia.com/advisories/37696/
DESCRIPTION:
A vulnerability has been reported in Citrix Access Gateway, which can
be exploited by malicious people to bypass certain security
restrictions.
The vulnerability is caused due to the web-based VPN implementation
prepending the same domain to all opened websites. This can be
exploited to bypass a browser's same origin policy and e.g. access
cookies for normally restricted domains by tricking a user into
browsing to a malicious website via the VPN.
The vulnerability is reported in Citrix Access Gateway Enterprise
Edition versions 8.1 and later, and all supported Citrix Access
Gateway Advanced Edition versions.
SOLUTION:
Do not allow access to untrusted domains via the VPN. Please see the
vendor's advisory for more information.
PROVIDED AND/OR DISCOVERED BY:
US-CERT credits Michal Zalewski and Mike Zusman for the original
report.
Additional vulnerability details provided by David Warren and Ryan
Giobbi of US-CERT.
ORIGINAL ADVISORY:
Citrix:
http://support.citrix.com/article/CTX123610
US-CERT VU#261869:
http://www.kb.cert.org/vuls/id/261869
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200911-0052 | CVE-2009-3842 | HP Color LaserJet M3530 Denial of service in multi-function printers (DoS) Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction Printer with firmware 05.058.4 and the Color LaserJet CP3525 Printer with firmware 53.021.2 allows remote attackers to obtain "access to data" or cause a denial of service via unknown vectors. Multiple HP LaserJet printers are prone to a security vulnerability that may result in a denial-of-service condition or unauthorized access.
Successful exploits will allow attackers to gain unauthorized access to data or crash the affected device. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBPI02472 SSRT090196:
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01886100
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01886100
Version: 1
HPSBPI02472 SSRT090196 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
References: CVE-2009-3842
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
To Locate the Firmware Update
Browse to http://www.hp.com and do the following:
1. Select "Support & Drivers"
In Step 1 select "Download drivers and software (and firmware)"
In Step 2 enter one of the following:
HP Color LaserJet CM3530 Multifunction Printer
HP Color LaserJet CP3525 Printer
Click on "Go"
Click on the desired product if necessary
Click on the desired operating system
Click on "Firmware"
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) - 18 November 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksFZ7MACgkQ4B86/C0qfVlm5gCfSpdHp4UqX3mHXM7n3D8rYxjE
qF8An2y98XhxLNqIEv1q4a73xfZ09pYD
=c638
-----END PGP SIGNATURE-----
VAR-200912-0074 | CVE-2009-4118 | Cisco VPN client for Windows of StartServiceCtrlDispatcher Service disruption in functions (DoS) Vulnerabilities |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. Cisco VPN Client for Windows is prone to a local denial-of-service vulnerability.
A local attacker can exploit this issue to crash the 'cvpnd' service and terminate all active VPN sessions, resulting in denial-of-service conditions.
This issue affects versions prior to VPN Client 5.0.06.0100 for Windows. Cause a denial of service vulnerability. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
The vulnerability is reported in versions prior to 5.0.06.0100.
SOLUTION:
Update to version 5.0.06.0100.
PROVIDED AND/OR DISCOVERED BY:
Alex Hernandez
ORIGINAL ADVISORY:
Cisco:
http://tools.cisco.com/security/center/viewAlert.x?alertId=19445
Alex Hernandez:
http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200911-0053 | CVE-2009-3843 |
Windows upper HP Operations Manager Vulnerable to unlimited file upload attacks
Related entries in the VARIoT exploits database: VAR-E-201009-0027, VAR-E-201012-1020 |
CVSS V2: 10.0 CVSS V3: - Severity: High |
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload. Authentication is not required to exploit this vulnerability.The specific flaw exists due to a hidden account present within the Tomcat users XML file. Using this account a malicious user can access the org.apache.catalina.manager.HTMLManagerServlet class. This is defined within the catalina-manager.jar file installed with the product. This servlet allows a remote user to upload a file via a POST request to /manager/html/upload. If an attacker uploads malicious content it can then be accessed and executed on the server which leads to arbitrary code execution under the context of the SYSTEM user. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01931960
Version: 1
HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-11-18
Last Updated: 2009-11-18
Potential Security Impact: Remote unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Operations Manager for Windows. The vulnerability could be exploited remotely to gain unauthorized access.
References: CVE-2009-3843
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Operations Manager for Windows v8.10
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-3843 (AV:N/AC:L/Au:N/C:C/I:C/A:N) 9.4
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Stephen Fewer of Harmony Security working with TippingPoint's Zero Day initiative for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made the following patch available to resolve the vulnerability. The patch is available for download from http://support.openview.hp.com/selfsolve/patches
Product
Version
Patch
HP Operations Manager for Windows
8.10
OMW_00032 or subsequent
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) - 18 November 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksERwAACgkQ4B86/C0qfVnibACgmYvkL5wCSUtU9mVpWPSwQWAY
lx8AoL0P1iOjGRgCdvWxEnlNM9tKr71j
=p9gT
-----END PGP SIGNATURE-----
. ZDI-09-085: Hewlett-Packard Operations Manager Server Backdoor Account Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-085
November 20, 2009
-- CVE ID:
CVE-2009-3843
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Operations Manager for Windows
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 9261.
Authentication is not required to exploit this vulnerability.
-- Vendor Response:
Hewlett-Packard has issued an update to correct this vulnerability. More
details can be found at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01931960
-- Disclosure Timeline:
2009-11-09 - Vulnerability reported to vendor
2009-11-20 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
HP Operations Manager Unauthorised Access
SECUNIA ADVISORY ID:
SA37444
VERIFY ADVISORY:
http://secunia.com/advisories/37444/
DESCRIPTION:
A vulnerability has been reported in HP Operations Manager, which can
be exploited by malicious people to bypass certain security
restrictions. Further information is
currently not available.
SOLUTION:
Apply patch OMW_00032 or subsequent.
http://support.openview.hp.com/selfsolve/patches
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Stephen Fewer of Harmony Security working with the
ZDI.
ORIGINAL ADVISORY:
HPSBMA02478 SSRT090251:
http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01931960
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200911-0246 | CVE-2009-4053 | Home FTP Server directory traversal vulnerability in |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Home Ftp Server is an easy to use FTP server. Home FTP Server does not properly filter the input provided by the user in the MKD command. The authenticated user can create a directory outside the FTP root directory by following the steps below: 1.sock.connect((hostname, 21))2.sock. Send(\"user %s\" %username)3.sock.send(\"pass %s\" %passwd)4.sock.send(\"MKD ../A\")5.sock.close(). Successful exploits will allow the attacker to obtain sensitive information. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Home FTP Server "SITE INDEX" Denial of Service
SECUNIA ADVISORY ID:
SA37381
VERIFY ADVISORY:
http://secunia.com/advisories/37381/
DESCRIPTION:
A vulnerability has been discovered in Home FTP Server, which can be
exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the handling of
multiple "SITE INDEX" commands and can be exploited to stop the
server.
The vulnerability is confirmed in version 1.10.1.139.
SOLUTION:
Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY:
zhangmc
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200911-0244 | CVE-2009-4051 | Home FTP Server SITE INDEX Command Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Home FTP Server 1.10.1.139 allows remote attackers to cause a denial of service (daemon outage) via multiple invalid SITE INDEX commands. Home Ftp Server is an easy to use FTP server. After the user logs in to the Home FTP Server, performing the following steps will cause the server to stop responding: 1.sock.connect((hostname, 21))2.sock.send(\"user %s\" %username)3.sock.send (\"pass %s\" %passwd)4.for i in range(1,20): sock.send(\"SITE INDEX \"+ \"a\"*30*i +\"\")5.sock.close(). Home FTP Server is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.
Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
The vulnerability is confirmed in version 1.10.1.139. Other versions
may also be affected.
SOLUTION:
Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY:
zhangmc
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200911-0051 | CVE-2009-3841 | HP DDMI Vulnerable to arbitrary code execution |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors.
An attacker can exploit this issue to execute arbitrary code in the context of the application, resulting in a complete compromise of the affected system.
The issue affects DDMI 2.5x, 7.5x, and 7.60 running on Windows. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01861595
Version: 1
HPSBMA02456 SSRT090188 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
References: CVE-2009-3841
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Discovery & Dependency Mapping Inventory (DDMI) v2.5x, v7.5x , v7.60 running on Windows
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-3841 (AV:N/AC:L/Au:S/C:C/I:C/A:C) 9.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Damian Frizza of Core Security Technologies for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made the following software patches available to resolve the vulnerability.
The patches can be downloaded from http://support.openview.hp.com/selfsolve/patches
HP Discovery & Dependency Mapping Inventory (DDMI)
Patch Number
v2.5x
HPED_00356
v7.5x
HPED_00357
v7.60
HPED_00358
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) - 16 November 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksBsqsACgkQ4B86/C0qfVlc9wCfStAP/sHhVvHhRsJ0FZ6t1Gm3
gAcAoMqM6rgo81lgI+MHrG8LRgVOsJoH
=P/PZ
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
SOLUTION:
Apply patches:
http://support.openview.hp.com/selfsolve/patches
HP DDMI 2.5x:
Apply patch HPED_00356.
HP DDMI 7.5x:
Apply patch HPED_00357.
HP DDMI 7.60:
Apply patch HPED_00358.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Damian Frizza of Core Security Technologies.
ORIGINAL ADVISORY:
HPSBMA02456 SSRT090188:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01861595
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200911-0136 | CVE-2009-3944 | BlackBerry 8800 upper RIM BlackBerry Browser Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property. Blackberry Browser is prone to a denial-of-service vulnerability
VAR-200912-0126 | CVE-2009-4186 | Apple Safari Service disruption in (DoS) Vulnerabilities |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. Windows Run on Apple Safari In this case, a stack consumption state occurs, which disrupts service operation. Apple Safari is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
Safari 4.0.3 for Windows is vulnerable; other versions may also be affected. Safari is a web browser developed by Apple Inc
VAR-201002-0037 | CVE-2009-4653 | Novell eDirectory Multiple Remote Vulnerabilities |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:. Novell eDirectory is a cross-platform directory server. Novell eDirectory has multiple security vulnerabilities that allow malicious users to perform denial of service or control system attacks. - Unexplained errors in NDSD when dealing with malformed verbs can cause an application to crash. - Submit a specially constructed GET request, dhost.exe processing has a boundary error, which can cause a buffer overflow. - Partial security scan operation on the service, Dhost has an unspecified error, which can cause the application to crash. Novell eDirectory is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
Novell eDirectory 8.8 SP5 is vulnerable; other versions may also be affected. Novell eDirectory is prone to multiple remote vulnerabilities.
These issues affect eDirectory versions prior to 8.8 SP5 Patch 4. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
----------------------------------------------------------------------
TITLE:
Novell eDirectory Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA40041
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40041/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40041
RELEASE DATE:
2010-06-04
DISCUSS ADVISORY:
http://secunia.com/advisories/40041/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40041/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40041
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Novell eDirectory, which
can be exploited by malicious users and malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable
system.
by running a certain security scan against the server.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits ZDI.
2) HACKATTACK
3) Reported by the vendor.
ORIGINAL ADVISORY:
Novell:
http://www.novell.com/support/viewContent.do?externalId=3426981
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5076150.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5076151.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200911-0346 | No CVE | HP ProCurve Switch Management Interface Multiple HTML Injection Vulnerabilities |
CVSS V2: - CVSS V3: - Severity: - |
HP ProCurve Switch web management interface is prone to multiple HTML-injection vulnerabilities.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
VAR-200911-0002 | CVE-2009-0052 | Atheros AR9160-BC1A On chipset Netgear WNDAP330 Wi-Fi Used by access points Atheros Service disruption in wireless drivers (DoS) Vulnerabilities |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame. NETGEAR WNDAP330 is prone to a denial-of-service vulnerability because it fails to properly parse malformed reserved management frames.
Successful exploits will cause the affected device to crash or reboot, denying service to legitimate users.
WNDAP330 with firmware 2.1.11 is vulnerable.
Assigned CVE:
-------------
* CVE-2009-0052
Details:
--------
* The bug can be triggered by a malicious reserved management frame sent
to the wireless access point (truncated packet). This can be achieved
only after a successful 802.11 authentication (in "Open" mode according
to the configuration of the wireless access point) and a successful
802.11 association with appropriate security parameters (e.g. WPA w/
TKIP unicast, TKIP multicast) which depends on the configuration of the
wireless access point. Any other wireless device relying
on this vulnerable wireless driver is likely to be vulnerable.
Credits:
--------
* This vulnerability was discovered by Laurent Butti from France Telecom
/ Orange
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Netgear WNDAP330 Management Frame Denial of Service
SECUNIA ADVISORY ID:
SA37344
VERIFY ADVISORY:
http://secunia.com/advisories/37344/
DESCRIPTION:
A vulnerability has been reported in Netgear WNDAP330, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error in the
parsing of management frames, which can be exploited to reboot or
hang an affected device.
The vulnerability is reported in firmware version 2.1.11. Other
versions may also be affected.
SOLUTION:
Update to version 3.0.3.
http://kb.netgear.com/app/answers/detail/a_id/12199
PROVIDED AND/OR DISCOVERED BY:
Laurent Butti from France Telecom / Orange
ORIGINAL ADVISORY:
http://archives.neohapsis.com/archives/bugtraq/current/0070.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200911-0400 | CVE-2009-2841 | Apple Safari of WebKit In any Web Vulnerabilities requested by the site |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202. WebKit is prone to a remote information-disclosure weakness.
An attacker may be able to exploit this issue to determine if a message was read, which may help the attacker enumerate valid email addresses. Other attacks are also possible. A remote attacker can use a specially crafted HTML file to trigger a request to any web site. For example an HTML e-mail message using a media element for the X-Confirm-Reading-To function. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA37346
VERIFY ADVISORY:
http://secunia.com/advisories/37346/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to bypass certain security restrictions,
disclose sensitive information, or compromise a user's system.
1) An integer overflow error when processing ColorSync profiles
embedded in images can be exploited to potentially execute arbitrary
code.
For more information see vulnerability #4 in:
SA36701
2) An error exists when handling an "Open Image in New Tab", "Open
Image in New Window", or "Open Link in New Tab" shortcut menu action
performed on a link to a local file. This can be exploited to load a
local HTML file and disclose sensitive information by tricking a user
into performing the affected actions within a specially crafted
webpage.
3) An error exists in WebKit when sending "preflight" requests
originating from a page in a different origin. This can be exploited
to facilitate cross-site request forgery attacks by injecting custom
HTTP headers.
4) Multiple errors in WebKit when handling FTP directory listings on
Windows can be exploited to disclose sensitive information, cause a
crash, or potentially execute arbitrary code.
5) An error in WebKit when handling an HTML 5 Media Element on Mac OS
X can be exploited to bypass remote image loading restrictions via
e.g. HTML-formatted emails.
NOTE: Some errors leading to crashes, caused by the included libxml2
library, have also been reported.
SOLUTION:
Update to version 4.0.4.
PROVIDED AND/OR DISCOVERED BY:
1-3, 5) Reported by the vendor.
4) The vendor credits Michal Zalewski of Google Inc.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3949
OTHER REFERENCES:
SA36701:
http://secunia.com/advisories/36701/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:039
http://www.mandriva.com/security/
_______________________________________________________________________
Package : webkit
Date : March 2, 2011
Affected: 2010.1
_______________________________________________________________________
Problem Description:
Multiple cross-site scripting, denial of service and arbitrary code
execution security flaws were discovered in webkit.
Please consult the CVE web links for further information.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm
054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm
bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm
a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm
3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm
50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm
625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm
8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm
690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm
7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm
2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm
475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm
b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm
97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm
8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL
Yv/ButpYAcXsmnJWUG4ayxQ=
=GRM6
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List:
http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
----------------------------------------------------------------------
TITLE:
Ubuntu update for webkit
SECUNIA ADVISORY ID:
SA41856
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41856/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41856
RELEASE DATE:
2010-10-21
DISCUSS ADVISORY:
http://secunia.com/advisories/41856/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/41856/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41856
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Ubuntu has issued an update for webkit.
For more information:
SA36677
SA37346
SA37769
SA37931
SA38545
SA38932
SA39091
SA39651
SA40105
SA40196
SA40479
SA40664
SA41014
SA41085
SA41242
SA41328
SOLUTION:
Apply updated packages. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)
VAR-200911-0392 | CVE-2009-2842 | Apple Safari Shortcut Menu Options Information Disclosure Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. Apple Safari is prone to an information-disclosure vulnerability.
A remote attacker can exploit this issue to obtain sensitive information that may aid in further attacks.
This issue affects versions prior to Safari 4.0.4. Safari is the new browser in Mac OS X, Apple Computer's latest operating system. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA37346
VERIFY ADVISORY:
http://secunia.com/advisories/37346/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to bypass certain security restrictions,
disclose sensitive information, or compromise a user's system.
1) An integer overflow error when processing ColorSync profiles
embedded in images can be exploited to potentially execute arbitrary
code. This can be exploited to load a
local HTML file and disclose sensitive information by tricking a user
into performing the affected actions within a specially crafted
webpage.
3) An error exists in WebKit when sending "preflight" requests
originating from a page in a different origin. This can be exploited
to facilitate cross-site request forgery attacks by injecting custom
HTTP headers.
4) Multiple errors in WebKit when handling FTP directory listings on
Windows can be exploited to disclose sensitive information, cause a
crash, or potentially execute arbitrary code.
5) An error in WebKit when handling an HTML 5 Media Element on Mac OS
X can be exploited to bypass remote image loading restrictions via
e.g. HTML-formatted emails.
NOTE: Some errors leading to crashes, caused by the included libxml2
library, have also been reported.
SOLUTION:
Update to version 4.0.4.
PROVIDED AND/OR DISCOVERED BY:
1-3, 5) Reported by the vendor.
4) The vendor credits Michal Zalewski of Google Inc.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3949
OTHER REFERENCES:
SA36701:
http://secunia.com/advisories/36701/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------