VARIoT IoT vulnerabilities database
| VAR-200609-0297 | CVE-2006-4847 | Ipswitch WS_FTP Server Vulnerable to buffer overflow |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. Ipswitch WS_FTP Server is prone to a number of stack-overflow vulnerabilities. Updates are available.
A successful exploit may lead to remote arbitrary code execution with administrative privileges, facilitating the complete compromise of affected computers.
Ipswitch WS_FTP Server 5.04 and 5.05 are vulnerable to these issues; other versions may also be affected. Ipswitch WS_FTP Server is an FTP service program suitable for Windows systems. There is a typical stack overflow vulnerability in WS_FTP when processing super long XCRC/XSHA1/XMD5 extended command parameters. The exploitation of the vulnerability requires the user to log in to the system with a legal account, but No writable directory is required.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
WS_FTP Server FTP Commands Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA21932
VERIFY ADVISORY:
http://secunia.com/advisories/21932/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
WS_FTP Server 5.x
http://secunia.com/product/3853/
DESCRIPTION:
A vulnerability have been reported in WS_FTP Server, which can be
exploited by malicious users to compromise a vulnerable system.
The vulnerability is due to a boundary error when parsing arguments
to the "XCRC", "XSHA1", and "XMD5" commands. This can be exploited to
cause stack-based buffer overflows via overly long command arguments.
The vulnerability has been reported in version 5.05.
SOLUTION:
Apply patch.
http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200609-0484 | CVE-2006-4866 | Apple OS X of kextload Vulnerable to buffer overflow |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument. Apple Mac OS X kextload is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied data before copying it to a finite-sized memory buffer.
This issue is not exploitable by itself, because kextload is not installed as a setuid-superuser application by default. To exploit this issue, an attacker must use another program running with elevated privileges to directly manipulate the arguments passed to kextload.
An attacker can exploit this issue to execute arbitrary machine code with superuser privileges. A successful exploit may result in the complete compromise of the affect computer
| VAR-200609-0268 | CVE-2006-4802 | Symantec AntiVirus Corporate Edition Such as Real Time Virus Scan Format string vulnerability in service |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor. Symantec AntiVirus Corporate Edition is prone to multiple format-string vulnerabilities because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function.
Successfully exploiting these vulnerabilities may allow an attacker to execute arbitrary machine code with SYSTEM-level privileges. Attackers may also crash the Real Time Virus Scan service. Symantec AntiVirus is a very popular antivirus solution.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
2) Another format string error exists in the alert notification
process when displaying a notification message upon detection of a
malicious file.
SOLUTION:
Apply patches (see patch matrix in vendor advisory).
PROVIDED AND/OR DISCOVERED BY:
1) David Heiland, Layered Defense.
2) Reported by the vendor
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html
Layered Defense:
http://layereddefense.com/SAV13SEPT.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1216-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
November 20th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : flexbackup
Vulnerability : insecure temporary file
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-4802
Debian Bug : 334350
Eric Romang discovered that the flexbackup backup tool creates temporary
files in an insecure manner, which allows denial of service through a
symlink attack.
For the stable distribution (sarge) this problem has been fixed in
version 1.2.1-2sarge1
For the upcoming stable distribution (etch) this problem has been
fixed in version 1.2.1-3.
For the unstable distribution (sid) this problem has been fixed in
version 1.2.1-3.
We recommend that you upgrade your flexbackup package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1.dsc
Size/MD5 checksum: 587 06539319d0534272e216306562677723
http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1.diff.gz
Size/MD5 checksum: 3546 3365f545bd49464f4e58bacc503f8b28
http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1.orig.tar.gz
Size/MD5 checksum: 80158 4955c89dbee354248f354a9bf0a480dd
Architecture independent components:
http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1_all.deb
Size/MD5 checksum: 75836 240f8792a65a0d80b8ef85d4343a4827
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFYhMIXm3vHE4uyloRAjjTAKDCnxcy1cKXf1yBEbVCIyc3JANyMQCgz8JD
pz5K4X1ok9uom1/tmGPBFoU=
=WJOD
-----END PGP SIGNATURE-----
| VAR-200609-0008 | CVE-2006-3454 | Symantec AntiVirus Corporate Edition Format string vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. Symantec AntiVirus Corporate Edition is prone to multiple format-string vulnerabilities because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function.
Successfully exploiting these vulnerabilities may allow an attacker to execute arbitrary machine code with SYSTEM-level privileges. Attackers may also crash the Real Time Virus Scan service. Symantec AntiVirus is a very popular antivirus solution.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
2) Another format string error exists in the alert notification
process when displaying a notification message upon detection of a
malicious file.
SOLUTION:
Apply patches (see patch matrix in vendor advisory).
PROVIDED AND/OR DISCOVERED BY:
1) David Heiland, Layered Defense.
2) Reported by the vendor
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html
Layered Defense:
http://layereddefense.com/SAV13SEPT.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
09/13/2006 \x96 Vendor Public disclosure.
==================================================
6) Credits
Discovered by Deral Heiland, www.LayeredDefense.com
==================================================
7) References
CVE Reference:
CVE-2006-3454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3454
==================================================
9) About Layered Defense
Layered Defense, Is a group of security
professionals that work together on ethical
Research, Testing and Training within the information security arena.
http://www.layereddefense.com
==================================================
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
http://www.layereddefense.com
==================================================
| VAR-200609-0178 | CVE-2006-4774 | Cisco IOS fails to properly handle summary packets in the VLAN Trunking Protocol |
CVSS V2: 7.8 CVSS V3: - Severity: 12.40 |
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. (CVE-2006-4774) If exploited by a remote attacker, the device could go into a denial of service. 2) Since there is a flaw that the setting revision number is processed as a negative integer, VLAN There is a problem that changes in configuration information are not properly reflected. (CVE-2006-4775) If exploited by a remote attacker, VLAN Changing the setting information may be hindered. 3) VLAN There is a flaw in checking the length of the name, 100 There is a problem where heap overflow occurs when processing names longer than letters. (CVE-2006-4776) If exploited by a remote attacker, the device could go into a denial of service or potentially execute arbitrary code.Please refer to the “Overview” for the impact of this vulnerability.
These issues include two denial-of-service vulnerabilities and a buffer-overflow vulnerability.
Attackers require access to trunk ports on affected devices for VTP packets to be accepted. Attackers may reportedly use the Dynamic Trunk Protocol (DTP) to become a trunking peer to gain required access.
By exploiting these issues, attackers may crash affected routers, cause further VTP packets to be ignored, or potentially execute arbitrary machine code in the context of affected devices.
Cisco IOS 12.1(19) is vulnerable to these issues; other versions are also likely affected. 2 VTP Modified Version Integer Wrapping If an attacker can send VTP updates (digest and sub) to a Cisco IOS or CatOS device, he can choose the modified version number of the VTP message himself. IOS will accept the version number 0x7FFFFFFF. Therefore, this revision number is treated as a large negative value. From this point on the switch cannot communicate with the changed VLAN configuration, as all other switches will reject the generated update, 3 VLAN name heap overflow If an attacker is able to send VTP updates to the Cisco IOS device, type 2 frames contain record of. One field of the VTP record contains the name of the VLAN, and the other field is the length of the name. If the updated VLAN name is larger than 100 bytes and the VLAN name length field is correct, it will cause a heap overflow and execute arbitrary code on the receiving switch.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Cisco IOS VTP Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA21896
VERIFY ADVISORY:
http://secunia.com/advisories/21896/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data, DoS, System access
WHERE:
>From local network
OPERATING SYSTEM:
Cisco IOS 10.x
http://secunia.com/product/184/
Cisco IOS 11.x
http://secunia.com/product/183/
Cisco IOS 12.x
http://secunia.com/product/182/
Cisco IOS R11.x
http://secunia.com/product/53/
Cisco IOS R12.x
http://secunia.com/product/50/
DESCRIPTION:
FX has reported some vulnerabilities in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a vulnerable network device. This can be exploited to reset the switch
with a Software Forced Crash Exception by sending a specially crafted
packet to a trunk enabled port.
2) An integer overflow error exists in the VTP configuration revision
handling.
3) A boundary error exists in the processing of VTP summary
advertisement messages. This can be exploited to cause a heap-based
buffer overflow by sending a specially crafted message containing an
overly long VLAN name (more than 100 characters) to a trunk enabled
port.
NOTE: The packets must be received with a matching domain name and a
matching VTP domain password (if configured).
SOLUTION:
A fix is reportedly available for vulnerability #1. The vendor also
recommends applying a VTP domain password to the VTP domain (see the
vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
FX, Phenoelit.
ORIGINAL ADVISORY:
Phenoelit:
http://www.phenoelit.de/stuff/CiscoVTP.txt
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200609-0270 | CVE-2006-4744 | Abidia of O-Anywhere and Abidia Wireless Vulnerability in which important information is obtained |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication credentials in cleartext, which allows remote attackers to obtain sensitive information by sniffing
| VAR-200609-0180 | CVE-2006-4776 | Cisco IOS contains buffer overflow in VTP VLAN name handling |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement. Cisco IOS fails to properly verify the VTP configuration revision number. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Cisco IOS Is VLAN Trunk protocol (VTP) There are several security issues in the implementation of: 1) VTP Included in packet VTP There is a flaw in the processing of the version field, so if an inappropriate value is set, the processing will go into a loop and the device will be reset. (CVE-2006-4774) If exploited by a remote attacker, the device could go into a denial of service. 2) Since there is a flaw that the setting revision number is processed as a negative integer, VLAN There is a problem that changes in configuration information are not properly reflected. (CVE-2006-4775) If exploited by a remote attacker, VLAN Changing the setting information may be hindered. 3) VLAN There is a flaw in checking the length of the name, 100 There is a problem where heap overflow occurs when processing names longer than letters. (CVE-2006-4776) If exploited by a remote attacker, the device could go into a denial of service or potentially execute arbitrary code.Please refer to the “Overview” for the impact of this vulnerability. Cisco IOS is prone to multiple vulnerabilities when handling VLAN Trunking Protocol (VTP) packets.
These issues include two denial-of-service vulnerabilities and a buffer-overflow vulnerability.
Attackers require access to trunk ports on affected devices for VTP packets to be accepted. Attackers may reportedly use the Dynamic Trunk Protocol (DTP) to become a trunking peer to gain required access.
By exploiting these issues, attackers may crash affected routers, cause further VTP packets to be ignored, or potentially execute arbitrary machine code in the context of affected devices.
Cisco IOS 12.1(19) is vulnerable to these issues; other versions are also likely affected. 2 VTP Modified Version Integer Wrapping If an attacker can send VTP updates (digest and sub) to a Cisco IOS or CatOS device, he can choose the modified version number of the VTP message himself. IOS will accept the version number 0x7FFFFFFF. Therefore, this revision number is treated as a large negative value. One field of the VTP record contains the name of the VLAN, and the other field is the length of the name.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Cisco IOS VTP Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA21896
VERIFY ADVISORY:
http://secunia.com/advisories/21896/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data, DoS, System access
WHERE:
>From local network
OPERATING SYSTEM:
Cisco IOS 10.x
http://secunia.com/product/184/
Cisco IOS 11.x
http://secunia.com/product/183/
Cisco IOS 12.x
http://secunia.com/product/182/
Cisco IOS R11.x
http://secunia.com/product/53/
Cisco IOS R12.x
http://secunia.com/product/50/
DESCRIPTION:
FX has reported some vulnerabilities in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a vulnerable network device. This can be exploited to reset the switch
with a Software Forced Crash Exception by sending a specially crafted
packet to a trunk enabled port.
2) An integer overflow error exists in the VTP configuration revision
handling.
3) A boundary error exists in the processing of VTP summary
advertisement messages. This can be exploited to cause a heap-based
buffer overflow by sending a specially crafted message containing an
overly long VLAN name (more than 100 characters) to a trunk enabled
port.
NOTE: The packets must be received with a matching domain name and a
matching VTP domain password (if configured).
SOLUTION:
A fix is reportedly available for vulnerability #1. The vendor also
recommends applying a VTP domain password to the VTP domain (see the
vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
FX, Phenoelit.
ORIGINAL ADVISORY:
Phenoelit:
http://www.phenoelit.de/stuff/CiscoVTP.txt
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200609-0179 | CVE-2006-4775 | Cisco IOS contains buffer overflow in VTP VLAN name handling |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context. Cisco IOS fails to properly verify the VTP configuration revision number. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Cisco IOS Is VLAN Trunk protocol (VTP) There are several security issues in the implementation of: 1) VTP Included in packet VTP There is a flaw in the processing of the version field, so if an inappropriate value is set, the processing will go into a loop and the device will be reset. (CVE-2006-4774) If exploited by a remote attacker, the device could go into a denial of service. 2) Since there is a flaw that the setting revision number is processed as a negative integer, VLAN There is a problem that changes in configuration information are not properly reflected. (CVE-2006-4775) If exploited by a remote attacker, VLAN Changing the setting information may be hindered. 3) VLAN There is a flaw in checking the length of the name, 100 There is a problem where heap overflow occurs when processing names longer than letters. (CVE-2006-4776) If exploited by a remote attacker, the device could go into a denial of service or potentially execute arbitrary code.Please refer to the “Overview” for the impact of this vulnerability. Cisco IOS is prone to multiple vulnerabilities when handling VLAN Trunking Protocol (VTP) packets.
These issues include two denial-of-service vulnerabilities and a buffer-overflow vulnerability.
Attackers require access to trunk ports on affected devices for VTP packets to be accepted. Attackers may reportedly use the Dynamic Trunk Protocol (DTP) to become a trunking peer to gain required access.
By exploiting these issues, attackers may crash affected routers, cause further VTP packets to be ignored, or potentially execute arbitrary machine code in the context of affected devices.
Cisco IOS 12.1(19) is vulnerable to these issues; other versions are also likely affected. 2 VTP Modified Version Integer Wrapping If an attacker can send VTP updates (digest and sub) to a Cisco IOS or CatOS device, he can choose the modified version number of the VTP message himself. IOS will accept the version number 0x7FFFFFFF. Therefore, this revision number is treated as a large negative value. From this point on the switch cannot communicate with the changed VLAN configuration, as all other switches will reject the generated update, 3 VLAN name heap overflow If an attacker is able to send VTP updates to the Cisco IOS device, type 2 frames contain record of. One field of the VTP record contains the name of the VLAN, and the other field is the length of the name. If the updated VLAN name is larger than 100 bytes and the VLAN name length field is correct, it will cause a heap overflow and execute arbitrary code on the receiving switch.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Cisco IOS VTP Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA21896
VERIFY ADVISORY:
http://secunia.com/advisories/21896/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data, DoS, System access
WHERE:
>From local network
OPERATING SYSTEM:
Cisco IOS 10.x
http://secunia.com/product/184/
Cisco IOS 11.x
http://secunia.com/product/183/
Cisco IOS 12.x
http://secunia.com/product/182/
Cisco IOS R11.x
http://secunia.com/product/53/
Cisco IOS R12.x
http://secunia.com/product/50/
DESCRIPTION:
FX has reported some vulnerabilities in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a vulnerable network device. This can be exploited to reset the switch
with a Software Forced Crash Exception by sending a specially crafted
packet to a trunk enabled port.
2) An integer overflow error exists in the VTP configuration revision
handling.
3) A boundary error exists in the processing of VTP summary
advertisement messages. This can be exploited to cause a heap-based
buffer overflow by sending a specially crafted message containing an
overly long VLAN name (more than 100 characters) to a trunk enabled
port.
NOTE: The packets must be received with a matching domain name and a
matching VTP domain password (if configured).
SOLUTION:
A fix is reportedly available for vulnerability #1. The vendor also
recommends applying a VTP domain password to the VTP domain (see the
vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
FX, Phenoelit.
ORIGINAL ADVISORY:
Phenoelit:
http://www.phenoelit.de/stuff/CiscoVTP.txt
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200610-0363 | CVE-2006-4391 | Apple Workgroup Manager fails to properly enable ShadowHash passwords |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Adobe Flash Player fails to properly handle malformed strings.
These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. ImageIO has a buffer overflow vulnerability when processing malformed JPEG2000 images. Impacts of other vulnerabilities include bypass of security
restrictions and denial of service.
I.
Further details are available in the individual Vulnerability Notes
for Apple Security Update 2006-006. More information on those vulnerabilities can
be found in Adobe Security Bulletin APSB06-11 and the Vulnerability
Notes for Adobe Security Bulletin APSB06-11.
II. Impact
The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes for Apple
Security Update 2006-006. Potential consequences include remote
execution of arbitrary code or commands, bypass of security
restrictions, and denial of service.
III. This and other updates are
available via Apple Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA06-275A Feedback VU#546772" in the
subject.
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
October 02, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn
Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY
my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY
gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep
fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ
ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg==
=nP7Y
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA22187
VERIFY ADVISORY:
http://secunia.com/advisories/22187/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information,
Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in the CFNetwork component may allow a malicious SSL site
to pose as a trusted SLL site to CFNetwork clients (e.g. Safari).
4) An error in the kernel's error handling mechanism known as Mach
exception ports can be exploited by malicious, local users to execute
arbitrary code in privileged applications.
5) An unchecked error condition in the LoginWindow component may
result in Kerberos tickets being accessible to other local users
after an unsuccessful attempt to log in.
6) Another error in the LoginWindow component during the handling of
"Fast User Switching" may result in Kerberos tickets being accessible
to other local users.
8) An error makes it possible for an account to manage WebObjects
applications after the "Admin" privileges have been revoked.
9) A memory corruption error in QuickDraw Manager when processing
PICT images can potentially be exploited via a specially crafted PICT
image to execute arbitrary code.
10) An error in SASL can be exploited by malicious people to cause a
DoS (Denial of Service) against the IMAP service.
For more information:
SA19618
11) A memory management error in WebKit's handling of certain HTML
can be exploited by malicious people to compromise a user's system.
SOLUTION:
Update to version 10.4.8 or apply Security Update 2006-006.
3) The vendor credits Tom Saxton, Idle Loop Software Design.
4) The vendor credits Dino Dai Zovi, Matasano Security.
5) The vendor credits Patrick Gallagher, Digital Peaks Corporation.
6) The vendor credits Ragnar Sundblad, Royal Institute of
Technology.
8) The vendor credits Phillip Tejada, Fruit Bat Software.
12) The vendor credits Chris Pepper, The Rockefeller University.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=304460
OTHER REFERENCES:
SA19618:
http://secunia.com/advisories/19618/
SA20971:
http://secunia.com/advisories/20971/
SA21271:
http://secunia.com/advisories/21271/
SA21865:
http://secunia.com/advisories/21865/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. visiting a malicious website.
2) An unspecified error can be exploited to bypass the
"allowScriptAccess" option.
3) Unspecified errors exist in the way the ActiveX control is invoked
by Microsoft Office products on Windows.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for
reporting one of the vulnerabilities.
2) Reported by the vendor.
3) Reported by the vendor
| VAR-200610-0362 | CVE-2006-4390 | Apple Workgroup Manager fails to properly enable ShadowHash passwords |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Adobe Flash Player fails to properly handle malformed strings.
These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. Clients of CFNetwork (such as Safari) allow anonymous SSL connections to be established, and remote non-authenticated SSL stations can exploit this vulnerability to appear authenticated. Impacts of other vulnerabilities include bypass of security
restrictions and denial of service.
I.
Further details are available in the individual Vulnerability Notes
for Apple Security Update 2006-006. More information on those vulnerabilities can
be found in Adobe Security Bulletin APSB06-11 and the Vulnerability
Notes for Adobe Security Bulletin APSB06-11.
II. Impact
The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes for Apple
Security Update 2006-006. Potential consequences include remote
execution of arbitrary code or commands, bypass of security
restrictions, and denial of service.
III. This and other updates are
available via Apple Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA06-275A Feedback VU#546772" in the
subject.
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
October 02, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn
Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY
my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY
gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep
fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ
ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg==
=nP7Y
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA22187
VERIFY ADVISORY:
http://secunia.com/advisories/22187/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information,
Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in the CFNetwork component may allow a malicious SSL site
to pose as a trusted SLL site to CFNetwork clients (e.g. Safari).
4) An error in the kernel's error handling mechanism known as Mach
exception ports can be exploited by malicious, local users to execute
arbitrary code in privileged applications.
5) An unchecked error condition in the LoginWindow component may
result in Kerberos tickets being accessible to other local users
after an unsuccessful attempt to log in.
6) Another error in the LoginWindow component during the handling of
"Fast User Switching" may result in Kerberos tickets being accessible
to other local users.
8) An error makes it possible for an account to manage WebObjects
applications after the "Admin" privileges have been revoked.
9) A memory corruption error in QuickDraw Manager when processing
PICT images can potentially be exploited via a specially crafted PICT
image to execute arbitrary code.
10) An error in SASL can be exploited by malicious people to cause a
DoS (Denial of Service) against the IMAP service.
For more information:
SA19618
11) A memory management error in WebKit's handling of certain HTML
can be exploited by malicious people to compromise a user's system.
SOLUTION:
Update to version 10.4.8 or apply Security Update 2006-006.
3) The vendor credits Tom Saxton, Idle Loop Software Design.
4) The vendor credits Dino Dai Zovi, Matasano Security.
5) The vendor credits Patrick Gallagher, Digital Peaks Corporation.
6) The vendor credits Ragnar Sundblad, Royal Institute of
Technology.
8) The vendor credits Phillip Tejada, Fruit Bat Software.
12) The vendor credits Chris Pepper, The Rockefeller University.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=304460
OTHER REFERENCES:
SA19618:
http://secunia.com/advisories/19618/
SA20971:
http://secunia.com/advisories/20971/
SA21271:
http://secunia.com/advisories/21271/
SA21865:
http://secunia.com/advisories/21865/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. visiting a malicious website.
2) An unspecified error can be exploited to bypass the
"allowScriptAccess" option.
3) Unspecified errors exist in the way the ActiveX control is invoked
by Microsoft Office products on Windows.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for
reporting one of the vulnerabilities.
2) Reported by the vendor.
3) Reported by the vendor
| VAR-200610-0022 | CVE-2006-4399 | Apple Workgroup Manager fails to properly enable ShadowHash passwords |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. Adobe Flash Player fails to properly handle malformed strings. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Apple Mac OS X is prone to multiple security vulnerabilities.
These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager.
Apple Mac OS X versions prior to 10.4.8 are vulnerable to these issues. There are loopholes in the implementation of Workgroup Manager. Remote administrators can change the encryption method of secret password authentication in network information, when a real password is not actually enabled.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Multiple Unspecified Vulnerabilities
SECUNIA ADVISORY ID:
SA21865
VERIFY ADVISORY:
http://secunia.com/advisories/21865/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, System access
WHERE:
>From remote
SOFTWARE:
Macromedia Flash 8.x
http://secunia.com/product/7024/
Macromedia Flash MX 2004
http://secunia.com/product/3192/
Macromedia Flash MX Professional 2004
http://secunia.com/product/3191/
Macromedia Flash Player 7.x
http://secunia.com/product/2634/
Macromedia Flash Player 8.x
http://secunia.com/product/6153/
Macromedia Flex 1.x
http://secunia.com/product/5246/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Flash Player,
which can be exploited by malicious people to bypass certain security
restrictions or compromise a user's system. visiting a malicious website.
2) An unspecified error can be exploited to bypass the
"allowScriptAccess" option.
3) Unspecified errors exist in the way the ActiveX control is invoked
by Microsoft Office products on Windows.
SOLUTION:
Update to version 9.0.16.0 or another fixed version (see the vendor
advisory for details).
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for
reporting one of the vulnerabilities.
2) Reported by the vendor.
3) Reported by the vendor.
ORIGINAL ADVISORY:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb06-11.html
OTHER REFERENCES:
Microsoft:
http://www.microsoft.com/technet/security/advisory/925143.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200610-0361 | CVE-2006-4387 | Apple Workgroup Manager fails to properly enable ShadowHash passwords |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Adobe Flash Player fails to properly handle malformed strings.
These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. Impacts of other vulnerabilities include bypass of security
restrictions and denial of service.
I.
Further details are available in the individual Vulnerability Notes
for Apple Security Update 2006-006. More information on those vulnerabilities can
be found in Adobe Security Bulletin APSB06-11 and the Vulnerability
Notes for Adobe Security Bulletin APSB06-11.
II. Impact
The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes for Apple
Security Update 2006-006. Potential consequences include remote
execution of arbitrary code or commands, bypass of security
restrictions, and denial of service.
III. This and other updates are
available via Apple Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA06-275A Feedback VU#546772" in the
subject.
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
October 02, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn
Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY
my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY
gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep
fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ
ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg==
=nP7Y
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA22187
VERIFY ADVISORY:
http://secunia.com/advisories/22187/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information,
Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in the CFNetwork component may allow a malicious SSL site
to pose as a trusted SLL site to CFNetwork clients (e.g. Safari).
4) An error in the kernel's error handling mechanism known as Mach
exception ports can be exploited by malicious, local users to execute
arbitrary code in privileged applications.
5) An unchecked error condition in the LoginWindow component may
result in Kerberos tickets being accessible to other local users
after an unsuccessful attempt to log in.
6) Another error in the LoginWindow component during the handling of
"Fast User Switching" may result in Kerberos tickets being accessible
to other local users.
8) An error makes it possible for an account to manage WebObjects
applications after the "Admin" privileges have been revoked.
9) A memory corruption error in QuickDraw Manager when processing
PICT images can potentially be exploited via a specially crafted PICT
image to execute arbitrary code.
10) An error in SASL can be exploited by malicious people to cause a
DoS (Denial of Service) against the IMAP service.
For more information:
SA19618
11) A memory management error in WebKit's handling of certain HTML
can be exploited by malicious people to compromise a user's system.
SOLUTION:
Update to version 10.4.8 or apply Security Update 2006-006.
3) The vendor credits Tom Saxton, Idle Loop Software Design.
4) The vendor credits Dino Dai Zovi, Matasano Security.
5) The vendor credits Patrick Gallagher, Digital Peaks Corporation.
6) The vendor credits Ragnar Sundblad, Royal Institute of
Technology.
8) The vendor credits Phillip Tejada, Fruit Bat Software.
12) The vendor credits Chris Pepper, The Rockefeller University.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=304460
OTHER REFERENCES:
SA19618:
http://secunia.com/advisories/19618/
SA20971:
http://secunia.com/advisories/20971/
SA21271:
http://secunia.com/advisories/21271/
SA21865:
http://secunia.com/advisories/21865/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. visiting a malicious website.
2) An unspecified error can be exploited to bypass the
"allowScriptAccess" option.
3) Unspecified errors exist in the way the ActiveX control is invoked
by Microsoft Office products on Windows.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for
reporting one of the vulnerabilities.
2) Reported by the vendor.
3) Reported by the vendor
| VAR-200610-0021 | CVE-2006-4397 | Apple Workgroup Manager fails to properly enable ShadowHash passwords |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Adobe Flash Player fails to properly handle malformed strings.
These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. There is a vulnerability in the implementation of Kerberos that the error situation is not handled correctly. Impacts of other vulnerabilities include bypass of security
restrictions and denial of service.
I.
Further details are available in the individual Vulnerability Notes
for Apple Security Update 2006-006. More information on those vulnerabilities can
be found in Adobe Security Bulletin APSB06-11 and the Vulnerability
Notes for Adobe Security Bulletin APSB06-11.
II. Impact
The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes for Apple
Security Update 2006-006. Potential consequences include remote
execution of arbitrary code or commands, bypass of security
restrictions, and denial of service.
III. This and other updates are
available via Apple Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA06-275A Feedback VU#546772" in the
subject.
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
October 02, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn
Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY
my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY
gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep
fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ
ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg==
=nP7Y
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA22187
VERIFY ADVISORY:
http://secunia.com/advisories/22187/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information,
Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in the CFNetwork component may allow a malicious SSL site
to pose as a trusted SLL site to CFNetwork clients (e.g. Safari).
4) An error in the kernel's error handling mechanism known as Mach
exception ports can be exploited by malicious, local users to execute
arbitrary code in privileged applications.
6) Another error in the LoginWindow component during the handling of
"Fast User Switching" may result in Kerberos tickets being accessible
to other local users.
8) An error makes it possible for an account to manage WebObjects
applications after the "Admin" privileges have been revoked.
9) A memory corruption error in QuickDraw Manager when processing
PICT images can potentially be exploited via a specially crafted PICT
image to execute arbitrary code.
10) An error in SASL can be exploited by malicious people to cause a
DoS (Denial of Service) against the IMAP service.
For more information:
SA19618
11) A memory management error in WebKit's handling of certain HTML
can be exploited by malicious people to compromise a user's system.
SOLUTION:
Update to version 10.4.8 or apply Security Update 2006-006.
3) The vendor credits Tom Saxton, Idle Loop Software Design.
4) The vendor credits Dino Dai Zovi, Matasano Security.
5) The vendor credits Patrick Gallagher, Digital Peaks Corporation.
6) The vendor credits Ragnar Sundblad, Royal Institute of
Technology.
8) The vendor credits Phillip Tejada, Fruit Bat Software.
12) The vendor credits Chris Pepper, The Rockefeller University.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=304460
OTHER REFERENCES:
SA19618:
http://secunia.com/advisories/19618/
SA20971:
http://secunia.com/advisories/20971/
SA21271:
http://secunia.com/advisories/21271/
SA21865:
http://secunia.com/advisories/21865/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. visiting a malicious website.
2) An unspecified error can be exploited to bypass the
"allowScriptAccess" option.
3) Unspecified errors exist in the way the ActiveX control is invoked
by Microsoft Office products on Windows.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for
reporting one of the vulnerabilities.
2) Reported by the vendor.
3) Reported by the vendor
| VAR-200610-0018 | CVE-2006-4393 | Apple Workgroup Manager fails to properly enable ShadowHash passwords |
CVSS V2: 3.7 CVSS V3: - Severity: LOW |
Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Adobe Flash Player fails to properly handle malformed strings.
These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. Impacts of other vulnerabilities include bypass of security
restrictions and denial of service.
I.
Further details are available in the individual Vulnerability Notes
for Apple Security Update 2006-006. More information on those vulnerabilities can
be found in Adobe Security Bulletin APSB06-11 and the Vulnerability
Notes for Adobe Security Bulletin APSB06-11.
II. Impact
The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes for Apple
Security Update 2006-006. Potential consequences include remote
execution of arbitrary code or commands, bypass of security
restrictions, and denial of service.
III. This and other updates are
available via Apple Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA06-275A Feedback VU#546772" in the
subject.
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
October 02, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn
Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY
my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY
gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep
fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ
ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg==
=nP7Y
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA22187
VERIFY ADVISORY:
http://secunia.com/advisories/22187/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information,
Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in the CFNetwork component may allow a malicious SSL site
to pose as a trusted SLL site to CFNetwork clients (e.g. Safari).
4) An error in the kernel's error handling mechanism known as Mach
exception ports can be exploited by malicious, local users to execute
arbitrary code in privileged applications.
5) An unchecked error condition in the LoginWindow component may
result in Kerberos tickets being accessible to other local users
after an unsuccessful attempt to log in.
8) An error makes it possible for an account to manage WebObjects
applications after the "Admin" privileges have been revoked.
9) A memory corruption error in QuickDraw Manager when processing
PICT images can potentially be exploited via a specially crafted PICT
image to execute arbitrary code.
10) An error in SASL can be exploited by malicious people to cause a
DoS (Denial of Service) against the IMAP service.
For more information:
SA19618
11) A memory management error in WebKit's handling of certain HTML
can be exploited by malicious people to compromise a user's system.
SOLUTION:
Update to version 10.4.8 or apply Security Update 2006-006.
3) The vendor credits Tom Saxton, Idle Loop Software Design.
4) The vendor credits Dino Dai Zovi, Matasano Security.
5) The vendor credits Patrick Gallagher, Digital Peaks Corporation.
6) The vendor credits Ragnar Sundblad, Royal Institute of
Technology.
8) The vendor credits Phillip Tejada, Fruit Bat Software.
12) The vendor credits Chris Pepper, The Rockefeller University.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=304460
OTHER REFERENCES:
SA19618:
http://secunia.com/advisories/19618/
SA20971:
http://secunia.com/advisories/20971/
SA21271:
http://secunia.com/advisories/21271/
SA21865:
http://secunia.com/advisories/21865/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. visiting a malicious website.
2) An unspecified error can be exploited to bypass the
"allowScriptAccess" option.
3) Unspecified errors exist in the way the ActiveX control is invoked
by Microsoft Office products on Windows.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for
reporting one of the vulnerabilities.
2) Reported by the vendor.
3) Reported by the vendor
| VAR-200610-0020 | CVE-2006-4395 | Apple Workgroup Manager fails to properly enable ShadowHash passwords |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation.". Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Adobe Flash Player fails to properly handle malformed strings.
These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. Attackers may exploit this vulnerability to take control of the system. Impacts of other vulnerabilities include bypass of security
restrictions and denial of service.
I.
Further details are available in the individual Vulnerability Notes
for Apple Security Update 2006-006. More information on those vulnerabilities can
be found in Adobe Security Bulletin APSB06-11 and the Vulnerability
Notes for Adobe Security Bulletin APSB06-11.
II. Impact
The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes for Apple
Security Update 2006-006. Potential consequences include remote
execution of arbitrary code or commands, bypass of security
restrictions, and denial of service.
III. This and other updates are
available via Apple Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA06-275A Feedback VU#546772" in the
subject.
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
October 02, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn
Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY
my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY
gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep
fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ
ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg==
=nP7Y
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA22187
VERIFY ADVISORY:
http://secunia.com/advisories/22187/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information,
Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in the CFNetwork component may allow a malicious SSL site
to pose as a trusted SLL site to CFNetwork clients (e.g. Safari).
4) An error in the kernel's error handling mechanism known as Mach
exception ports can be exploited by malicious, local users to execute
arbitrary code in privileged applications.
5) An unchecked error condition in the LoginWindow component may
result in Kerberos tickets being accessible to other local users
after an unsuccessful attempt to log in.
6) Another error in the LoginWindow component during the handling of
"Fast User Switching" may result in Kerberos tickets being accessible
to other local users.
8) An error makes it possible for an account to manage WebObjects
applications after the "Admin" privileges have been revoked.
10) An error in SASL can be exploited by malicious people to cause a
DoS (Denial of Service) against the IMAP service.
For more information:
SA19618
11) A memory management error in WebKit's handling of certain HTML
can be exploited by malicious people to compromise a user's system.
SOLUTION:
Update to version 10.4.8 or apply Security Update 2006-006.
3) The vendor credits Tom Saxton, Idle Loop Software Design.
4) The vendor credits Dino Dai Zovi, Matasano Security.
5) The vendor credits Patrick Gallagher, Digital Peaks Corporation.
6) The vendor credits Ragnar Sundblad, Royal Institute of
Technology.
8) The vendor credits Phillip Tejada, Fruit Bat Software.
12) The vendor credits Chris Pepper, The Rockefeller University.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=304460
OTHER REFERENCES:
SA19618:
http://secunia.com/advisories/19618/
SA20971:
http://secunia.com/advisories/20971/
SA21271:
http://secunia.com/advisories/21271/
SA21865:
http://secunia.com/advisories/21865/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. visiting a malicious website.
2) An unspecified error can be exploited to bypass the
"allowScriptAccess" option.
3) Unspecified errors exist in the way the ActiveX control is invoked
by Microsoft Office products on Windows.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for
reporting one of the vulnerabilities.
2) Reported by the vendor.
3) Reported by the vendor
| VAR-200610-0019 | CVE-2006-4394 | Apple Workgroup Manager fails to properly enable ShadowHash passwords |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. Adobe Flash Player fails to properly handle malformed strings.
These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. Impacts of other vulnerabilities include bypass of security
restrictions and denial of service.
I.
Further details are available in the individual Vulnerability Notes
for Apple Security Update 2006-006. More information on those vulnerabilities can
be found in Adobe Security Bulletin APSB06-11 and the Vulnerability
Notes for Adobe Security Bulletin APSB06-11.
II. Impact
The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes for Apple
Security Update 2006-006. Potential consequences include remote
execution of arbitrary code or commands, bypass of security
restrictions, and denial of service.
III. This and other updates are
available via Apple Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA06-275A Feedback VU#546772" in the
subject.
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
October 02, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn
Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY
my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY
gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep
fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ
ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg==
=nP7Y
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA22187
VERIFY ADVISORY:
http://secunia.com/advisories/22187/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information,
Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in the CFNetwork component may allow a malicious SSL site
to pose as a trusted SLL site to CFNetwork clients (e.g. Safari).
4) An error in the kernel's error handling mechanism known as Mach
exception ports can be exploited by malicious, local users to execute
arbitrary code in privileged applications.
5) An unchecked error condition in the LoginWindow component may
result in Kerberos tickets being accessible to other local users
after an unsuccessful attempt to log in.
6) Another error in the LoginWindow component during the handling of
"Fast User Switching" may result in Kerberos tickets being accessible
to other local users.
8) An error makes it possible for an account to manage WebObjects
applications after the "Admin" privileges have been revoked.
9) A memory corruption error in QuickDraw Manager when processing
PICT images can potentially be exploited via a specially crafted PICT
image to execute arbitrary code.
10) An error in SASL can be exploited by malicious people to cause a
DoS (Denial of Service) against the IMAP service.
For more information:
SA19618
11) A memory management error in WebKit's handling of certain HTML
can be exploited by malicious people to compromise a user's system.
SOLUTION:
Update to version 10.4.8 or apply Security Update 2006-006.
3) The vendor credits Tom Saxton, Idle Loop Software Design.
4) The vendor credits Dino Dai Zovi, Matasano Security.
5) The vendor credits Patrick Gallagher, Digital Peaks Corporation.
6) The vendor credits Ragnar Sundblad, Royal Institute of
Technology.
8) The vendor credits Phillip Tejada, Fruit Bat Software.
12) The vendor credits Chris Pepper, The Rockefeller University.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=304460
OTHER REFERENCES:
SA19618:
http://secunia.com/advisories/19618/
SA20971:
http://secunia.com/advisories/20971/
SA21271:
http://secunia.com/advisories/21271/
SA21865:
http://secunia.com/advisories/21865/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. visiting a malicious website.
2) An unspecified error can be exploited to bypass the
"allowScriptAccess" option.
3) Unspecified errors exist in the way the ActiveX control is invoked
by Microsoft Office products on Windows.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for
reporting one of the vulnerabilities.
2) Reported by the vendor.
3) Reported by the vendor
| VAR-200610-0017 | CVE-2006-4392 | Apple Workgroup Manager fails to properly enable ShadowHash passwords |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function. Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Adobe Flash Player fails to properly handle malformed strings. Apple Mac OS X of Mach A flaw exists in the kernel's error handling mechanism called exception ports, which allows the execution of privileged crafted programs when certain types of errors occur.By executing a program crafted by a third party, arbitrary code may be executed.
These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. Impacts of other vulnerabilities include bypass of security
restrictions and denial of service.
I.
Further details are available in the individual Vulnerability Notes
for Apple Security Update 2006-006. More information on those vulnerabilities can
be found in Adobe Security Bulletin APSB06-11 and the Vulnerability
Notes for Adobe Security Bulletin APSB06-11.
II. Impact
The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes for Apple
Security Update 2006-006. Potential consequences include remote
execution of arbitrary code or commands, bypass of security
restrictions, and denial of service.
III. This and other updates are
available via Apple Update or via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA06-275A Feedback VU#546772" in the
subject.
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
October 02, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn
Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY
my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY
gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep
fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ
ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg==
=nP7Y
-----END PGP SIGNATURE-----
.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA22187
VERIFY ADVISORY:
http://secunia.com/advisories/22187/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information,
Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in the CFNetwork component may allow a malicious SSL site
to pose as a trusted SLL site to CFNetwork clients (e.g. Safari).
5) An unchecked error condition in the LoginWindow component may
result in Kerberos tickets being accessible to other local users
after an unsuccessful attempt to log in.
6) Another error in the LoginWindow component during the handling of
"Fast User Switching" may result in Kerberos tickets being accessible
to other local users.
8) An error makes it possible for an account to manage WebObjects
applications after the "Admin" privileges have been revoked.
9) A memory corruption error in QuickDraw Manager when processing
PICT images can potentially be exploited via a specially crafted PICT
image to execute arbitrary code.
10) An error in SASL can be exploited by malicious people to cause a
DoS (Denial of Service) against the IMAP service.
For more information:
SA19618
11) A memory management error in WebKit's handling of certain HTML
can be exploited by malicious people to compromise a user's system.
SOLUTION:
Update to version 10.4.8 or apply Security Update 2006-006.
3) The vendor credits Tom Saxton, Idle Loop Software Design.
4) The vendor credits Dino Dai Zovi, Matasano Security.
5) The vendor credits Patrick Gallagher, Digital Peaks Corporation.
6) The vendor credits Ragnar Sundblad, Royal Institute of
Technology.
8) The vendor credits Phillip Tejada, Fruit Bat Software.
12) The vendor credits Chris Pepper, The Rockefeller University.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=304460
OTHER REFERENCES:
SA19618:
http://secunia.com/advisories/19618/
SA20971:
http://secunia.com/advisories/20971/
SA21271:
http://secunia.com/advisories/21271/
SA21865:
http://secunia.com/advisories/21865/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. visiting a malicious website.
2) An unspecified error can be exploited to bypass the
"allowScriptAccess" option.
3) Unspecified errors exist in the way the ActiveX control is invoked
by Microsoft Office products on Windows.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Stuart Pearson, Computer Terrorism UK Ltd, for
reporting one of the vulnerabilities.
2) Reported by the vendor.
3) Reported by the vendor
| VAR-200609-0169 | CVE-2006-4765 | NetGear Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window. The NetGear DG834GT device is prone to a denial-of-service vulnerability because it fails to properly validate user-supplied input.
This issue allows attackers to cause the device to stop responding to network requests, effectively denying service to legitimate users
| VAR-200609-0310 | CVE-2006-4382 | Apple QuickTime fails to properly handle SGI images |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats.
McAfee, Inc. QuickTime is used by the Mac OS X operating system and
by the QuickTime media player for Microsoft Windows.
Seven code execution vulnerabilities are present in QuickTime support
for various multimedia formats including: MOV, H.264, FLC, FPX and SGI.
Exploitation could lead to execution of arbitrary code. User interaction
is required for an attack to succeed.
The risk rating for these issues is medium.
_________________________________________________
* Vulnerable Systems
QuickTime 7.1.2 and below for Mac OS X
QuickTime for Windows 7.1.2 and below
_________________________________________________
* Vulnerability Information
CVE-2006-4382
Two buffer overflow vulnerabilities are present in QuickTime MOV format
support.
CVE-2006-4384
On heap overflow vulnerability is present in QuickTime FLC format
support.
CVE-2006-4385
One buffer overflow vulnerability is present in QuickTime SGI format
support.
CVE-2006-4386
One buffer overflow vulnerability is present in QuickTime MOV H.264
format support.
CVE-2006-4388
One buffer overflow vulnerability is present in QuickTime FlashPix (FPX)
format support.
CVE-2006-4389
One uninitialized memory access vulnerability is present in QuickTime
FlashPix (FPX) format support.
_________________________________________________
* Resolution
Apple has included fixes for the QuickTime issues in QuickTime version
7.1.3 for Mac OS X and for Microsoft Windows.
Further information is available at:
http://docs.info.apple.com/article.html?artnum=304357
_________________________________________________
* Credits
These vulnerabilities were discovered by Mike Price of McAfee Avert
Labs.
_________________________________________________
* Legal Notice
Copyright (C) 2006 McAfee, Inc.
The information contained within this advisory is provided for the
convenience of McAfee's customers, and may be redistributed provided
that no fee is charged for distribution and that the advisory is not
modified in any way. McAfee makes no representations or warranties
regarding the accuracy of the information referenced in this document,
or the suitability of that information for your purposes.
McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,
Inc. and/or its affiliated companies in the United States and/or other
Countries. All other registered and unregistered trademarks in this
document are the sole property of their respective owners.
Best regards,
Dave Marcus, B.A., CCNA, MCSE
Security Research and Communications Manager
McAfee(r) Avert(r) Labs
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Win32 binary codecs: Multiple vulnerabilities
Date: March 04, 2008
Bugs: #150288
ID: 200803-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in the Win32 codecs for Linux may result in
the remote execution of arbitrary code.
Background
==========
Win32 binary codecs provide support for video and audio playback.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Win32 binary codecs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-libs/win32codecs-20071007-r2"
Note: Since no updated binary versions have been released, the
Quicktime libraries have been removed from the package. Please use the
free alternative Quicktime implementations within VLC, MPlayer or Xine
for playback.
References
==========
[ 1 ] CVE-2006-4382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382
[ 2 ] CVE-2006-4384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384
[ 3 ] CVE-2006-4385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385
[ 4 ] CVE-2006-4386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386
[ 5 ] CVE-2006-4388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388
[ 6 ] CVE-2006-4389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389
[ 7 ] CVE-2007-4674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674
[ 8 ] CVE-2007-6166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-08.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e
VpxOGmsa3V34PILWdYXqoXE=
=70De
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
| VAR-200609-0312 | CVE-2006-4385 | Apple QuickTime fails to properly handle SGI images |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats.
McAfee, Inc. QuickTime is used by the Mac OS X operating system and
by the QuickTime media player for Microsoft Windows.
Seven code execution vulnerabilities are present in QuickTime support
for various multimedia formats including: MOV, H.264, FLC, FPX and SGI.
Exploitation could lead to execution of arbitrary code. User interaction
is required for an attack to succeed.
The risk rating for these issues is medium.
_________________________________________________
* Vulnerable Systems
QuickTime 7.1.2 and below for Mac OS X
QuickTime for Windows 7.1.2 and below
_________________________________________________
* Vulnerability Information
CVE-2006-4382
Two buffer overflow vulnerabilities are present in QuickTime MOV format
support.
CVE-2006-4384
On heap overflow vulnerability is present in QuickTime FLC format
support.
CVE-2006-4386
One buffer overflow vulnerability is present in QuickTime MOV H.264
format support.
CVE-2006-4388
One buffer overflow vulnerability is present in QuickTime FlashPix (FPX)
format support.
CVE-2006-4389
One uninitialized memory access vulnerability is present in QuickTime
FlashPix (FPX) format support.
_________________________________________________
* Resolution
Apple has included fixes for the QuickTime issues in QuickTime version
7.1.3 for Mac OS X and for Microsoft Windows.
Further information is available at:
http://docs.info.apple.com/article.html?artnum=304357
_________________________________________________
* Credits
These vulnerabilities were discovered by Mike Price of McAfee Avert
Labs.
_________________________________________________
* Legal Notice
Copyright (C) 2006 McAfee, Inc.
The information contained within this advisory is provided for the
convenience of McAfee's customers, and may be redistributed provided
that no fee is charged for distribution and that the advisory is not
modified in any way. McAfee makes no representations or warranties
regarding the accuracy of the information referenced in this document,
or the suitability of that information for your purposes.
McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,
Inc. and/or its affiliated companies in the United States and/or other
Countries. All other registered and unregistered trademarks in this
document are the sole property of their respective owners.
Best regards,
Dave Marcus, B.A., CCNA, MCSE
Security Research and Communications Manager
McAfee(r) Avert(r) Labs
.
I. Since QuickTime configures most web browsers to
handle QuickTime media files, an attacker could exploit these
vulnerabilities using a web page.
For more information, please refer to the Vulnerability Notes.
II. For further information, please see
the Vulnerability Notes.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.1.3.
Disable QuickTime in your web browser
An attacker may be able to exploit this vulnerability by persuading
a user to access a specially crafted file with a web
browser. Disabling QuickTime in your web browser will defend
against this attack vector. For more information, refer to the
Securing Your Web Browser document. Please send
email to <cert@cert.org> with "TA06-256A Feedback VU#540348" in the
subject.
____________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
September 13, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRQg23exOF3G+ig+rAQK7LggAt0RUIz3jewgQYrRYp9bMDBkS61Bvh2OO
8Gp2H472UXA0ucElK/1hAXtPXU2Pmf/EjrCqSImO+srV4i0x5QIFJDo41HtbDo9s
FzQC/rmJ3YWl15L+uIjG0S1wxWwH5GyzQj4xaZCMdNLYEN7LVe31ETDsXJ3kEMMa
m19M4GLOXAFfmjyGgky4Nux0RJU1UE/0w9pZESOXg+7WXFY8skOZ8YfqBvunjqtE
pZa3LWoOcDtP/ORoEn7GY83v/uQqkX8uoAxwe9nuGXbyssvj7BQxDPvnwSWrXzUG
R59/r1NA4i/EtYNV1ONW2Pntqc5/vv0OGcs1JFM9tazV3aRbgHfCVg==
=nQVd
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Win32 binary codecs: Multiple vulnerabilities
Date: March 04, 2008
Bugs: #150288
ID: 200803-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in the Win32 codecs for Linux may result in
the remote execution of arbitrary code.
Background
==========
Win32 binary codecs provide support for video and audio playback.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Win32 binary codecs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-libs/win32codecs-20071007-r2"
Note: Since no updated binary versions have been released, the
Quicktime libraries have been removed from the package. Please use the
free alternative Quicktime implementations within VLC, MPlayer or Xine
for playback.
References
==========
[ 1 ] CVE-2006-4382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382
[ 2 ] CVE-2006-4384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384
[ 3 ] CVE-2006-4385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385
[ 4 ] CVE-2006-4386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386
[ 5 ] CVE-2006-4388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388
[ 6 ] CVE-2006-4389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389
[ 7 ] CVE-2007-4674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674
[ 8 ] CVE-2007-6166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-08.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/