VARIoT IoT vulnerabilities database

VAR-200907-0113 | CVE-2009-2271 | Huawei D100 Vulnerabilities that gain access |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access. Huawei D100 Contains the following flaws, which may result in a vulnerability in which access rights can be obtained. Huawei D100 is prone to a security-bypass vulnerability and an information-disclosure vulnerability.
Attackers can exploit theses issues to obtain sensitive information or gain unauthorized access and execute arbitrary commands with root privileges. D100 is the world's first WiFi adapter that connects mobile phones, game consoles, PCs and laptops together via a WiFi link. Multiple security vulnerabilities exist in the D100 firmware and its default configuration, which may allow LAN users to gain unauthorized access to the device. #2 The Telnet service is enabled by default, and users in the LAN can use the default admin:admin account to log in with root user authority. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Huawei D100 Information Disclosure and Undocumented Telnet Account
SECUNIA ADVISORY ID:
SA35638
VERIFY ADVISORY:
http://secunia.com/advisories/35638/
DESCRIPTION:
Filip Palian has reported a vulnerability and a security issue in
Huawei D100, which can be exploited by malicious people to disclose
sensitive information or compromise a vulnerable device.
1) Access to the "en/lan_status_adv.asp", "en/wlan_basic_cfg.asp",
and "en/lancfg.asp" scripts is not properly restricted. This can be
exploited to disclose sensitive information by accessing the scripts
directly.
SOLUTION:
Restrict internal network access to trusted users only.
PROVIDED AND/OR DISCOVERED BY:
Filip Palian
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200906-0068 | CVE-2009-1201 | Cisco Adaptive Security Appliances (ASA) Device csco_wrap_js Function cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.
This issue is documented by Cisco Bug ID CSCsy80694.
Cisco ASA 8.0.(4), 8.1.2, and 8.2.1 are vulnerable. (http://www.cisco.com)
Versions affected: 8.0(4), 8.1.2, and 8.2.1
Description: Cisco's Adaptive Security Appliance (ASA)
provides a number of security related features, including
"Web VPN" functionality that allows authenticated users to
access a variety of content through a web interface. This
includes other web content, FTP servers, and CIFS file
servers.
The web content is proxied by the ASA and rewritten so that
any URLs in the web content are passed as query parameters
sent to the ASA web interface. Where scripting content is
present, the ASA places a JavaScript wrapper around the
original webpage's Document Object Model (DOM), to prevent
the webpage from accessing the ASA's DOM.
Credit: David Byrne of Trustwave's SpiderLabs
Finding 1: Post-Authentication Cross-Site Scripting
CVE: CVE-2009-1201
The ASA's DOM wrapper can be rewritten in a manner to allow
Cross-Site Scripting (XSS) attacks. For example, the
"csco_wrap_js" JavaScript function in /+CSCOL+/cte.js makes
a call to a function referenced by "CSCO_WebVPN['process']".
The result of this call is then used in an "eval" statement.
function csco_wrap_js(str)
{
var ret="<script id=CSCO_GHOST src="+CSCO_Gateway+
"/+CSCOL+/cte.js></scr"+
"ipt><script id=CSCO_GHOST src="+
CSCO_Gateway+"/+CSCOE+/apcf></sc"+"ript>";
var js_mangled=CSCO_WebVPN['process']('js',str);
ret+=CSCO_WebVPN['process']('html',eval(js_mangled));
return ret;
};
To exploit this behavior, a malicious page can rewrite
"CSCO_WebVPN['process']" with an attacker-defined function
that will return an arbitrary value. The next time the
"csco_wrap_js" function is called, the malicious code will
be executed. Below is a proof of concept.
<html><script>
function a(b, c)
{
return "alert('Your VPN location:\\n\\n'+" +
"document.location+'\\n\\n\\n\\n\\n" +
"Your VPN cookie:\\n\\n'+document.cookie);";
}
CSCO_WebVPN['process'] = a;
csco_wrap_js('');
</script></html>
Vendor Response:
This vulnerability has been corrected in versions 8.0.4.34,
and 8.1.2.25.
CVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C
Base: 4.3
Temporal: 3.9
Finding 2: HTML Rewriting Bypass
CVE: CVE-2009-1202
When a webpage is requested through the ASA's Web VPN, the
targeted scheme and hostname is Rot13-encoded, then
hex-encoded and placed in the ASA's URL. For example,
"http://www.trustwave.com" is accessed by requesting the
following ASA path:
/+CSCO+0075676763663A2F2F6A6A6A2E67656866676A6E69722E70627A+
+/
The HTML content of this request is obviously reformatted by
the ASA, starting at the very beginning:
<script id='CSCO_GHOST' src="/+webvpn+/toolbar.js">
However, if the request URL is modified to change the
initial hex value of "00" to "01", the HTML document is
returned without any rewriting. This allows the pages
scriptable content to run in the ASA's DOM, making
Cross-Site Scripting trivial.
Vendor Response:
This vulnerability has been corrected in versions 8.0.4.34,
and 8.1.2.25.
CVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C
Base: 4.3
Temporal: 3.9
Finding 3: Authentication Credential Theft
CVE: CVE-2009-1203
When a user accesses an FTP or CIFS destination using the
Web VPN, the resulting URL is formatted in a similar manner
as the web requests described above. The following URL
attempts to connect to ftp.example.com; normally, it would
be in an HTML frame within the Web VPN website.
/+CSCOE+/files/browse.html?code=init&path=ftp%3A%2F%2F736763
2e726b6e7a6379722e70627a
The ASA first attempts to connect to the FTP server or CIFS
share using anonymous credentials. If those fail, the user
is prompted for login credentials. When viewed on its own
(outside of a frame), the submission form gives no
indication what it is for and is very similar in appearance
to the Web VPN's primary login page. If the URL was sent to
a user by an attacker, it is very possible that a user would
assume that he needs to resubmit credentials to the Web VPN.
The ASA would then forward the credentials to the attacker's
FTP or CIFS server.
Vendor Response:
This vulnerability has been corrected in versions 8.0.4.34,
and 8.1.2.25.
CVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C
Base: 4.3
Temporal: 3.9
Vendor Communication Timeline:
03/31/09 - Cisco notified of vulnerabilities
06/24/09 - Cisco software updates released; Advisory
released
Remediation Steps: Install updated software from Cisco.
Revision History: 1.0 Initial publication
About Trustwave:
Trustwave is the leading provider of on-demand and
subscription-based information security and payment card
industry compliance management solutions to businesses and
government entities throughout the world. For organizations
faced with today's challenging data security and compliance
environment, Trustwave provides a unique approach with
comprehensive solutions that include its flagship
TrustKeeper compliance management software and other
proprietary security solutions. Trustwave has helped
thousands of organizations--ranging from Fortune 500
businesses and large financial institutions to small and
medium-sized retailers--manage compliance and secure their
network infrastructure, data communications and critical
information assets. Trustwave is headquartered in Chicago
with offices throughout North America, South America,
Europe, Africa, China and Australia. For more information,
visit https://www.trustwave.com
About Trustwave's SpiderLabs:
SpiderLabs is the advance security team at Trustwave
responsible for incident response and forensics, ethical
hacking and application security tests for Trustwave's
clients. SpiderLabs has responded to hundreds of security
incidents, performed thousands of ethical hacking exercises
and tested the security of hundreds of business applications
for Fortune 500 organizations. For more information visit
https://www.trustwave.com/spiderlabs
Disclaimer:
The information provided in this advisory is provided "as
is" without warranty of any kind. Trustwave disclaims all
warranties, either express or implied, including the
warranties of merchantability and fitness for a particular
purpose. In no event shall Trustwave or its suppliers be
liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business
profits or special damages, even if Trustwave or its
suppliers have been advised of the possibility of such
damages. Some states do not allow the exclusion or
limitation of liability for consequential or incidental
damages so the foregoing limitation may not apply.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Cisco ASA WebVPN Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35511
VERIFY ADVISORY:
http://secunia.com/advisories/35511/
DESCRIPTION:
Some vulnerabilities and a security issue have been reported in Cisco
Adaptive Security Appliance (ASA), which can be exploited by malicious
people to conduct cross-site scripting and spoofing attacks.
1) Input passed within web pages is not properly sanitised before
being used in a call to eval() in context of the VPN web portal.
3) A security issue exists in the handling of Common Internet File
System (CIFS) and FTP shares in the SSL VPN feature. This can be
exploited to conduct spoofing attacks and potentially disclose the
user's credentials if a user follows a specially crafted link.
The vulnerabilities are reported in versions prior to 8.0.4(34),
8.1.2(25), and 8.2.1(3) that are configured to accept Clientless SSL
VPN connections.
SOLUTION:
Update to version 8.0.4(34), 8.1.2(25), or 8.2.1(3).
http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
PROVIDED AND/OR DISCOVERED BY:
David Byrne, Trustwave's SpiderLabs
ORIGINAL ADVISORY:
Cisco:
http://tools.cisco.com/security/center/viewAlert.x?alertId=18373
http://tools.cisco.com/security/center/viewAlert.x?alertId=18442
http://tools.cisco.com/security/center/viewAlert.x?alertId=18536
Trustwave:
https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200906-0069 | CVE-2009-1202 | Cisco Adaptive Security Appliances (ASA) Device WebVPN Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705. Cisco ASA is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass HTML rewrite rules. Successfully exploiting this issue will aid in cross-site scripting attacks.
This issue is documented by Cisco Bug ID CSCsy80705.
Cisco ASA 8.0.(4), 8.1.2, and 8.2.1 are vulnerable. Trustwave's SpiderLabs Security Advisory TWSL2009-002:
Cisco ASA Web VPN Multiple Vulnerabilities
Published: 2009-06-24 Version: 1.0
Vendor: Cisco Systems, Inc. (http://www.cisco.com)
Versions affected: 8.0(4), 8.1.2, and 8.2.1
Description: Cisco's Adaptive Security Appliance (ASA)
provides a number of security related features, including
"Web VPN" functionality that allows authenticated users to
access a variety of content through a web interface. This
includes other web content, FTP servers, and CIFS file
servers.
The web content is proxied by the ASA and rewritten so that
any URLs in the web content are passed as query parameters
sent to the ASA web interface. Where scripting content is
present, the ASA places a JavaScript wrapper around the
original webpage's Document Object Model (DOM), to prevent
the webpage from accessing the ASA's DOM. For example, the
"csco_wrap_js" JavaScript function in /+CSCOL+/cte.js makes
a call to a function referenced by "CSCO_WebVPN['process']".
The result of this call is then used in an "eval" statement.
function csco_wrap_js(str)
{
var ret="<script id=CSCO_GHOST src="+CSCO_Gateway+
"/+CSCOL+/cte.js></scr"+
"ipt><script id=CSCO_GHOST src="+
CSCO_Gateway+"/+CSCOE+/apcf></sc"+"ript>";
var js_mangled=CSCO_WebVPN['process']('js',str);
ret+=CSCO_WebVPN['process']('html',eval(js_mangled));
return ret;
};
To exploit this behavior, a malicious page can rewrite
"CSCO_WebVPN['process']" with an attacker-defined function
that will return an arbitrary value. The next time the
"csco_wrap_js" function is called, the malicious code will
be executed. Below is a proof of concept.
<html><script>
function a(b, c)
{
return "alert('Your VPN location:\\n\\n'+" +
"document.location+'\\n\\n\\n\\n\\n" +
"Your VPN cookie:\\n\\n'+document.cookie);";
}
CSCO_WebVPN['process'] = a;
csco_wrap_js('');
</script></html>
Vendor Response:
This vulnerability has been corrected in versions 8.0.4.34,
and 8.1.2.25.
CVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C
Base: 4.3
Temporal: 3.9
Finding 2: HTML Rewriting Bypass
CVE: CVE-2009-1202
When a webpage is requested through the ASA's Web VPN, the
targeted scheme and hostname is Rot13-encoded, then
hex-encoded and placed in the ASA's URL. For example,
"http://www.trustwave.com" is accessed by requesting the
following ASA path:
/+CSCO+0075676763663A2F2F6A6A6A2E67656866676A6E69722E70627A+
+/
The HTML content of this request is obviously reformatted by
the ASA, starting at the very beginning:
<script id='CSCO_GHOST' src="/+webvpn+/toolbar.js">
However, if the request URL is modified to change the
initial hex value of "00" to "01", the HTML document is
returned without any rewriting. This allows the pages
scriptable content to run in the ASA's DOM, making
Cross-Site Scripting trivial.
Vendor Response:
This vulnerability has been corrected in versions 8.0.4.34,
and 8.1.2.25.
CVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C
Base: 4.3
Temporal: 3.9
Finding 3: Authentication Credential Theft
CVE: CVE-2009-1203
When a user accesses an FTP or CIFS destination using the
Web VPN, the resulting URL is formatted in a similar manner
as the web requests described above. The following URL
attempts to connect to ftp.example.com; normally, it would
be in an HTML frame within the Web VPN website.
/+CSCOE+/files/browse.html?code=init&path=ftp%3A%2F%2F736763
2e726b6e7a6379722e70627a
The ASA first attempts to connect to the FTP server or CIFS
share using anonymous credentials. If those fail, the user
is prompted for login credentials. When viewed on its own
(outside of a frame), the submission form gives no
indication what it is for and is very similar in appearance
to the Web VPN's primary login page. If the URL was sent to
a user by an attacker, it is very possible that a user would
assume that he needs to resubmit credentials to the Web VPN.
The ASA would then forward the credentials to the attacker's
FTP or CIFS server.
Vendor Response:
This vulnerability has been corrected in versions 8.0.4.34,
and 8.1.2.25.
CVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C
Base: 4.3
Temporal: 3.9
Vendor Communication Timeline:
03/31/09 - Cisco notified of vulnerabilities
06/24/09 - Cisco software updates released; Advisory
released
Remediation Steps: Install updated software from Cisco.
Revision History: 1.0 Initial publication
About Trustwave:
Trustwave is the leading provider of on-demand and
subscription-based information security and payment card
industry compliance management solutions to businesses and
government entities throughout the world. For organizations
faced with today's challenging data security and compliance
environment, Trustwave provides a unique approach with
comprehensive solutions that include its flagship
TrustKeeper compliance management software and other
proprietary security solutions. Trustwave has helped
thousands of organizations--ranging from Fortune 500
businesses and large financial institutions to small and
medium-sized retailers--manage compliance and secure their
network infrastructure, data communications and critical
information assets. Trustwave is headquartered in Chicago
with offices throughout North America, South America,
Europe, Africa, China and Australia. For more information,
visit https://www.trustwave.com
About Trustwave's SpiderLabs:
SpiderLabs is the advance security team at Trustwave
responsible for incident response and forensics, ethical
hacking and application security tests for Trustwave's
clients. SpiderLabs has responded to hundreds of security
incidents, performed thousands of ethical hacking exercises
and tested the security of hundreds of business applications
for Fortune 500 organizations. For more information visit
https://www.trustwave.com/spiderlabs
Disclaimer:
The information provided in this advisory is provided "as
is" without warranty of any kind. Trustwave disclaims all
warranties, either express or implied, including the
warranties of merchantability and fitness for a particular
purpose. In no event shall Trustwave or its suppliers be
liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business
profits or special damages, even if Trustwave or its
suppliers have been advised of the possibility of such
damages. Some states do not allow the exclusion or
limitation of liability for consequential or incidental
damages so the foregoing limitation may not apply.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Cisco ASA WebVPN Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35511
VERIFY ADVISORY:
http://secunia.com/advisories/35511/
DESCRIPTION:
Some vulnerabilities and a security issue have been reported in Cisco
Adaptive Security Appliance (ASA), which can be exploited by malicious
people to conduct cross-site scripting and spoofing attacks.
1) Input passed within web pages is not properly sanitised before
being used in a call to eval() in context of the VPN web portal. This
can be exploited to execute arbitrary HTML and script code in user's
browser session in context of the WebVPN. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of the VPN web portal.
3) A security issue exists in the handling of Common Internet File
System (CIFS) and FTP shares in the SSL VPN feature. This can be
exploited to conduct spoofing attacks and potentially disclose the
user's credentials if a user follows a specially crafted link.
The vulnerabilities are reported in versions prior to 8.0.4(34),
8.1.2(25), and 8.2.1(3) that are configured to accept Clientless SSL
VPN connections.
SOLUTION:
Update to version 8.0.4(34), 8.1.2(25), or 8.2.1(3).
http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
PROVIDED AND/OR DISCOVERED BY:
David Byrne, Trustwave's SpiderLabs
ORIGINAL ADVISORY:
Cisco:
http://tools.cisco.com/security/center/viewAlert.x?alertId=18373
http://tools.cisco.com/security/center/viewAlert.x?alertId=18442
http://tools.cisco.com/security/center/viewAlert.x?alertId=18536
Trustwave:
https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200906-0070 | CVE-2009-1203 | Cisco Adaptive Security Appliances (ASA) Device WebVPN In WebVPN Vulnerability that makes it easy to send certificates |
CVSS V2: 6.0 CVSS V3: - Severity: MEDIUM |
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709. Cisco Adaptive Security Appliance (ASA) is prone to a vulnerability that can aid in phishing attacks.
An attacker can exploit this issue to display a fake login window that's visually similar to the device's login window, which may mislead users.
This issue is tracked by Cisco Bug ID CSCsy80709.
The attacker can exploit this issue to set up phishing attacks. Successful exploits could aid in further attacks.
Versions prior to ASA 8.0.4.34 and 8.1.2.25 are vulnerable. Trustwave's SpiderLabs Security Advisory TWSL2009-002:
Cisco ASA Web VPN Multiple Vulnerabilities
Published: 2009-06-24 Version: 1.0
Vendor: Cisco Systems, Inc. (http://www.cisco.com)
Versions affected: 8.0(4), 8.1.2, and 8.2.1
Description: Cisco's Adaptive Security Appliance (ASA)
provides a number of security related features, including
"Web VPN" functionality that allows authenticated users to
access a variety of content through a web interface. This
includes other web content, FTP servers, and CIFS file
servers.
The web content is proxied by the ASA and rewritten so that
any URLs in the web content are passed as query parameters
sent to the ASA web interface. Where scripting content is
present, the ASA places a JavaScript wrapper around the
original webpage's Document Object Model (DOM), to prevent
the webpage from accessing the ASA's DOM.
Credit: David Byrne of Trustwave's SpiderLabs
Finding 1: Post-Authentication Cross-Site Scripting
CVE: CVE-2009-1201
The ASA's DOM wrapper can be rewritten in a manner to allow
Cross-Site Scripting (XSS) attacks. For example, the
"csco_wrap_js" JavaScript function in /+CSCOL+/cte.js makes
a call to a function referenced by "CSCO_WebVPN['process']".
The result of this call is then used in an "eval" statement.
function csco_wrap_js(str)
{
var ret="<script id=CSCO_GHOST src="+CSCO_Gateway+
"/+CSCOL+/cte.js></scr"+
"ipt><script id=CSCO_GHOST src="+
CSCO_Gateway+"/+CSCOE+/apcf></sc"+"ript>";
var js_mangled=CSCO_WebVPN['process']('js',str);
ret+=CSCO_WebVPN['process']('html',eval(js_mangled));
return ret;
};
To exploit this behavior, a malicious page can rewrite
"CSCO_WebVPN['process']" with an attacker-defined function
that will return an arbitrary value. The next time the
"csco_wrap_js" function is called, the malicious code will
be executed. Below is a proof of concept.
<html><script>
function a(b, c)
{
return "alert('Your VPN location:\\n\\n'+" +
"document.location+'\\n\\n\\n\\n\\n" +
"Your VPN cookie:\\n\\n'+document.cookie);";
}
CSCO_WebVPN['process'] = a;
csco_wrap_js('');
</script></html>
Vendor Response:
This vulnerability has been corrected in versions 8.0.4.34,
and 8.1.2.25.
Updated Cisco ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
A vendor response will be posted at
http://www.cisco.com/security This vulnerability is
documented in Cisco Bug ID: CSCsy80694.
CVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C
Base: 4.3
Temporal: 3.9
Finding 2: HTML Rewriting Bypass
CVE: CVE-2009-1202
When a webpage is requested through the ASA's Web VPN, the
targeted scheme and hostname is Rot13-encoded, then
hex-encoded and placed in the ASA's URL. For example,
"http://www.trustwave.com" is accessed by requesting the
following ASA path:
/+CSCO+0075676763663A2F2F6A6A6A2E67656866676A6E69722E70627A+
+/
The HTML content of this request is obviously reformatted by
the ASA, starting at the very beginning:
<script id='CSCO_GHOST' src="/+webvpn+/toolbar.js">
However, if the request URL is modified to change the
initial hex value of "00" to "01", the HTML document is
returned without any rewriting. This allows the pages
scriptable content to run in the ASA's DOM, making
Cross-Site Scripting trivial.
Vendor Response:
This vulnerability has been corrected in versions 8.0.4.34,
and 8.1.2.25.
Updated Cisco ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
A vendor response will be posted at
http://www.cisco.com/security
This vulnerability is documented in Cisco Bug ID:
CSCsy80705.
CVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C
Base: 4.3
Temporal: 3.9
Finding 3: Authentication Credential Theft
CVE: CVE-2009-1203
When a user accesses an FTP or CIFS destination using the
Web VPN, the resulting URL is formatted in a similar manner
as the web requests described above. The following URL
attempts to connect to ftp.example.com; normally, it would
be in an HTML frame within the Web VPN website.
/+CSCOE+/files/browse.html?code=init&path=ftp%3A%2F%2F736763
2e726b6e7a6379722e70627a
The ASA first attempts to connect to the FTP server or CIFS
share using anonymous credentials. If those fail, the user
is prompted for login credentials. When viewed on its own
(outside of a frame), the submission form gives no
indication what it is for and is very similar in appearance
to the Web VPN's primary login page. If the URL was sent to
a user by an attacker, it is very possible that a user would
assume that he needs to resubmit credentials to the Web VPN.
The ASA would then forward the credentials to the attacker's
FTP or CIFS server.
Vendor Response:
This vulnerability has been corrected in versions 8.0.4.34,
and 8.1.2.25.
Updated Cisco ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
A vendor response will be posted at
http://www.cisco.com/security
This vulnerability is documented in Cisco Bug ID:
CSCsy80709.
CVSS Score: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C
Base: 4.3
Temporal: 3.9
Vendor Communication Timeline:
03/31/09 - Cisco notified of vulnerabilities
06/24/09 - Cisco software updates released; Advisory
released
Remediation Steps: Install updated software from Cisco.
Revision History: 1.0 Initial publication
About Trustwave:
Trustwave is the leading provider of on-demand and
subscription-based information security and payment card
industry compliance management solutions to businesses and
government entities throughout the world. For organizations
faced with today's challenging data security and compliance
environment, Trustwave provides a unique approach with
comprehensive solutions that include its flagship
TrustKeeper compliance management software and other
proprietary security solutions. Trustwave has helped
thousands of organizations--ranging from Fortune 500
businesses and large financial institutions to small and
medium-sized retailers--manage compliance and secure their
network infrastructure, data communications and critical
information assets. Trustwave is headquartered in Chicago
with offices throughout North America, South America,
Europe, Africa, China and Australia. For more information,
visit https://www.trustwave.com
About Trustwave's SpiderLabs:
SpiderLabs is the advance security team at Trustwave
responsible for incident response and forensics, ethical
hacking and application security tests for Trustwave's
clients. SpiderLabs has responded to hundreds of security
incidents, performed thousands of ethical hacking exercises
and tested the security of hundreds of business applications
for Fortune 500 organizations. For more information visit
https://www.trustwave.com/spiderlabs
Disclaimer:
The information provided in this advisory is provided "as
is" without warranty of any kind. Trustwave disclaims all
warranties, either express or implied, including the
warranties of merchantability and fitness for a particular
purpose. In no event shall Trustwave or its suppliers be
liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business
profits or special damages, even if Trustwave or its
suppliers have been advised of the possibility of such
damages. Some states do not allow the exclusion or
limitation of liability for consequential or incidental
damages so the foregoing limitation may not apply.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Cisco ASA WebVPN Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35511
VERIFY ADVISORY:
http://secunia.com/advisories/35511/
DESCRIPTION:
Some vulnerabilities and a security issue have been reported in Cisco
Adaptive Security Appliance (ASA), which can be exploited by malicious
people to conduct cross-site scripting and spoofing attacks.
1) Input passed within web pages is not properly sanitised before
being used in a call to eval() in context of the VPN web portal. This
can be exploited to execute arbitrary HTML and script code in user's
browser session in context of the WebVPN. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of the VPN web portal.
3) A security issue exists in the handling of Common Internet File
System (CIFS) and FTP shares in the SSL VPN feature. This can be
exploited to conduct spoofing attacks and potentially disclose the
user's credentials if a user follows a specially crafted link.
The vulnerabilities are reported in versions prior to 8.0.4(34),
8.1.2(25), and 8.2.1(3) that are configured to accept Clientless SSL
VPN connections.
SOLUTION:
Update to version 8.0.4(34), 8.1.2(25), or 8.2.1(3).
http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
PROVIDED AND/OR DISCOVERED BY:
David Byrne, Trustwave's SpiderLabs
ORIGINAL ADVISORY:
Cisco:
http://tools.cisco.com/security/center/viewAlert.x?alertId=18373
http://tools.cisco.com/security/center/viewAlert.x?alertId=18442
http://tools.cisco.com/security/center/viewAlert.x?alertId=18536
Trustwave:
https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200906-0066 | CVE-2009-1163 | Cisco Physical Access Gateway Memory leak vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Memory leak on the Cisco Physical Access Gateway with software before 1.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified TCP packets.
An attacker can exploit this issue to cause a memory leak, denying service to legitimate users.
This issue is documented by Cisco Bug ID CSCsu95864. There are no workarounds available to mitigate the
vulnerability. Cisco has released free
software updates that address this vulnerability.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090624-gateway.shtml
Affected Products
=================
Vulnerable Products
+------------------
Cisco Physical Access Gateway running software versions prior to 1.1
are vulnerable. No other Cisco products are currently known to be
affected by this vulnerability. A TCP
three-way handshake is needed to exploit this vulnerability.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCsu95864 - Memory leak with certain IP packets
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerability described in this
document may result in a memory leak. The issue could be repeatedly
exploited to cause an extended DoS condition. Connected door
hardware, such as card readers, locks, and other input/output devices
will function intermittently during extended DoS exploitation. Doors
will remain open or locked depending on the gateway's configuration.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
This vulnerability has been corrected in Cisco Physical Access
Gateway software version 1.1 and can be downloaded from the following
link:
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=280588231
Workarounds
===========
No workarounds are available; however, mitigations that can be
deployed on Cisco devices within the network are available in the
Cisco Applied Mitigation Bulletin companion document for this
advisory, which is available at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20090624-gateway.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address this
vulnerability. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing, or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at:
http:/ www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was found during internal testing.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20090624-gateway.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-June-24 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
iD8DBQFKQkn886n/Gc8U/uARArPGAJ9nfApuGoc+vhDOdoMMsmJCQCYlewCgmNk3
Fumou3/8V80HhnX9X+i8HUw=
=8C2N
-----END PGP SIGNATURE-----
VAR-200906-0174 | CVE-2009-2045 | Cisco Video Surveillance Stream Manager Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial of service (reboot) via a malformed payload in a UDP packet to port 37000, related to the xvcrman process, aka Bug ID CSCsj47924. The problem is Bug ID : CSCsj47924 It is a problem.Port by third party 37000 To UDP Denial of service via malformed payload in packet (DoS) There is a possibility of being put into a state.
An attacker can exploit this issue to trigger an affected device to reboot, causing denial-of-service conditions.
This issue is documented by Cisco Bug ID CSCsj47924.
Cisco Video Surveillance 2500 Series IP Cameras contain an
information disclosure vulnerability that could allow an
authenticated user to view any file on a vulnerable camera.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds that mitigate these
vulnerabilities. An attacker could exploit this vulnerability by sending a
crafted packet to UDP port 37000, which could cause the crash of a
critical process and result in a system reboot. An authenticated user may be
able to access a vulnerable camera and view any file through the
embedded web server on TCP ports 80 (HTTP) and/or 443 (HTTPS),
depending on the camera configuration. This vulnerability is
documented in Cisco Bug IDs CSCsu05515 and CSCsr96497 (Wireless
Cameras) and has been assigned Common Vulnerabilities and Exposures
(CVE) identifier CVE-2009-2046.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCsj47924 - Malformed payload to xvcrman process causes reboot
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsu05515 - SD Camera Web Server Will Display any File on System
CVSS Base Score - 6.8
Access Vector - Network
Access Complexity - Low
Authentication - Single
Confidentiality Impact - Complete
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 5.6
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsr96497 - Wireless Camera HTTP Server Will Display any File on System
CVSS Base Score - 6.8
Access Vector - Network
Access Complexity - Low
Authentication - Single
Confidentiality Impact - Complete
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 5.6
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the Cisco Video Surveillance Stream
Manager firmware vulnerability could cause a system reboot. Repeated
exploitation may result in an extended DoS condition, which could
prevent administrators from viewing video surveillance feeds.
Successful exploitation of the Cisco Video Surveillance 2500 Series
IP Cameras vulnerability could allow an authenticated user to view
any file on a vulnerable camera. This vulnerability could allow a
non-privileged user to obtain privileged access.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance. On Cisco Video
Surveillance 2500 Series IP Cameras, administrators are advised to
restrict access to TCP ports 80 and 443 to trusted hosts.
Additional mitigations that can be deployed on Cisco devices within
the network are available in the Cisco Applied Mitigation Bulletin
companion document for this advisory, which is available at the
following link:
http://www.cisco.com/warp/public/707/cisco-amb-20090624-video.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing, or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at:
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
These vulnerabilities were discovered by Cisco.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090624-video.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-June-24 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
iD8DBQFKQkGx86n/Gc8U/uARAv9aAJ98pru089mBxS+23qKumIpdlUdl9QCeMtnx
K6USkfYe27MzZyC0XLW4U5s=
=CjER
-----END PGP SIGNATURE-----
VAR-200906-0175 | CVE-2009-2046 | Cisco Video Surveillance 2500 Series IP Camera Built-in on Web Vulnerability to read arbitrary files on server |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2.1 allows remote attackers to read arbitrary files via a (1) http or (2) https request, related to the (a) SD Camera Web Server and the (b) Wireless Camera HTTP Server, aka Bug IDs CSCsu05515 and CSCsr96497. The problem is Bug ID : CSCsu05515 and CSCsr96497 It is a problem.By a third party http Or https An arbitrary file may be read through the request. Cisco Video Surveillance 2500 Series IP Cameras are prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
This issue is tracked by Cisco Bug IDs CSCsu05515 and CSCsr96497. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Vulnerabilities in Cisco Video Surveillance
Products
Advisory ID: cisco-sa-20090624-video
Revision 1.0
For Public Release 2009 June 24 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco Video Surveillance Stream Manager firmware for the Cisco Video
Surveillance Services Platforms and Cisco Video Surveillance
Integrated Services Platforms contain a denial of service (DoS)
vulnerability that could result in a reboot on systems that receive a
crafted packet.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds that mitigate these
vulnerabilities. An attacker could exploit this vulnerability by sending a
crafted packet to UDP port 37000, which could cause the crash of a
critical process and result in a system reboot. This vulnerability is
documented in Cisco Bug ID CSCsj47924 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-2045. This vulnerability is
documented in Cisco Bug IDs CSCsu05515 and CSCsr96497 (Wireless
Cameras) and has been assigned Common Vulnerabilities and Exposures
(CVE) identifier CVE-2009-2046.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCsj47924 - Malformed payload to xvcrman process causes reboot
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsu05515 - SD Camera Web Server Will Display any File on System
CVSS Base Score - 6.8
Access Vector - Network
Access Complexity - Low
Authentication - Single
Confidentiality Impact - Complete
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 5.6
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsr96497 - Wireless Camera HTTP Server Will Display any File on System
CVSS Base Score - 6.8
Access Vector - Network
Access Complexity - Low
Authentication - Single
Confidentiality Impact - Complete
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 5.6
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the Cisco Video Surveillance Stream
Manager firmware vulnerability could cause a system reboot. Repeated
exploitation may result in an extended DoS condition, which could
prevent administrators from viewing video surveillance feeds. This vulnerability could allow a
non-privileged user to obtain privileged access.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance. Administrators are advised to restrict access to UDP port
37000 on vulnerable Cisco Video Surveillance Services Platform and
Integrated Services Platform systems to trusted hosts.
Additional mitigations that can be deployed on Cisco devices within
the network are available in the Cisco Applied Mitigation Bulletin
companion document for this advisory, which is available at the
following link:
http://www.cisco.com/warp/public/707/cisco-amb-20090624-video.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing, or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at:
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
These vulnerabilities were discovered by Cisco.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090624-video.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-June-24 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
iD8DBQFKQkGx86n/Gc8U/uARAv9aAJ98pru089mBxS+23qKumIpdlUdl9QCeMtnx
K6USkfYe27MzZyC0XLW4U5s=
=CjER
-----END PGP SIGNATURE-----
VAR-200907-0137 | CVE-2009-2421 | Apple Safari of CFCharacterSetInitInlineBuffer Service disruption in methods (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol. Apple Safari is prone to a denial-of-service vulnerability that stems from a NULL-pointer dereference.
Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
Versions prior to Apple Safari 4 are vulnerable
VAR-200907-0136 | CVE-2009-2420 | Apple Safari Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703. ( plural Windows Explorer Launch an instance ) There is a vulnerability that becomes a condition. Apple Safari is prone to an information-disclosure and denial-of-service vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to access local files. On Microsoft Windows platforms, the attacker may launch rogue instances of Windows Explorer, which may affect the computer's overall stability, leading to a denial of service.
This issue affects versions prior to Safari 4.0 running on Apple Mac OS X 10.5.6 and on Microsoft Windows XP and Vista
VAR-200906-0587 | CVE-2009-1724 | Apple Safari of WebKit Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. WebKit is prone to a cross-domain scripting vulnerability.
A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attacks against other sites. Other attacks are also possible. Safari is the web browser bundled by default in the Apple family machine operating system. A remote attacker can use this vulnerability to define some content in domain A and then use top and parent to call it in domain B.
2) An error in the WebKit component when handling numeric character
references can be exploited to corrupt memory via a specially crafted
web page.
SOLUTION:
Update to version 4.0.2.
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
2) The vendor credits Chris Evans. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
1) An error in CoreAudio when processing sample size table entries
of AAC and MP3 files can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
2) An error in Exchange Support exists due to the "Require Passcode"
setting not being affected by the "Maximum inactivity time lock"
setting. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search. This can be exploited by malicious
people with physical access to the device to disclose potentially
sensitive information.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
5) A NULL pointer dereference error within the handling of SMS
arrival notifications can be exploited to cause a service
interruption.
6) An error in the handling of passwords in UIKit can be exploited by
a person with physical access to a device to disclose a password.
7) Safari includes the user name and password in the "Referer"
header, which can lead to the exposure of sensitive information.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information see vulnerability #6 in:
SA36269
SOLUTION:
Update to iPhone OS 3.1 or iPhone OS for iPod touch 3.1.1
(downloadable and installable via iTunes).
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities.
For more information:
SA32349
SA33495
SA35095
SA35379
SA35411
SA35449
SA35758
SA36269
SA36677
SA37273
SA37346
SA37769
SA38061
SA38545
SA38932
SA39029
SA39091
SA39384
SA39661
SA39937
SA40002
SA40072
SA40105
SA40112
SA40148
SA40196
SA40257
SA40664
SA40783
SA41014
SA41085
SA41242
SA41328
SA41390
SA41443
SA41535
SA41841
SA41888
SA41968
SA42151
SA42264
SA42290
SA42312
SA42443
SA42461
SA42658
SA42769
SA42886
SA42956
SA43053
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server
VAR-201112-0004 | CVE-2009-5111 | GoAhead WebServer Service disruption in ( Stop daemon ) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. GoAhead WebServer is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to consume all available sockets, resulting in a denial-of-service condition. GoAhead WebServer is a small and exquisite embedded Web server of American Embedthis Company, which supports embedding in various devices and applications. This vulnerability has been confirmed in Slowloris
VAR-200907-0447 | CVE-2009-2542 |
Netscape Service disruption in (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200906-0485 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Netscape There is a service disruption ( Memory consumption ) There is a vulnerability that becomes a condition. Browsers from multiple vendors are prone to a denial-of-service vulnerability.
Successfully exploiting this issue may allow attackers to crash an affected application.
NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it
VAR-200907-0446 | CVE-2009-2541 |
PS3 of Web Service disruption in browser (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200906-0485 |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service (memory consumption and console hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Browsers from multiple vendors are prone to a denial-of-service vulnerability.
Successfully exploiting this issue may allow attackers to crash an affected application.
NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it
VAR-200907-0445 | CVE-2009-2540 |
Opera Service operation interruption in  (DoS) Vulnerability
Related entries in the VARIoT exploits database: VAR-E-200906-0485 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Opera for, Select of the object length Disruption of service due to flaws in property-related processing (DoS) There is a vulnerability that could result in a condition. Browsers from multiple vendors are prone to a denial-of-service vulnerability.
Successfully exploiting this issue may allow attackers to crash an affected application.
NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it
VAR-200907-0443 | CVE-2009-2538 |
Symbian OS Work on Nokia N95 Service disruption (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200906-0485 |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet allow remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Browsers from multiple vendors are prone to a denial-of-service vulnerability.
Successfully exploiting this issue may allow attackers to crash an affected application.
NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it
VAR-200907-0444 | CVE-2009-2539 |
Aigo P8860 Service disruption in (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200906-0485 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Aigo P8860 allows remote attackers to cause a denial of service (memory consumption and browser hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Aigo P8860 There is a service disruption ( Memory consumption and browser hang ) There is a vulnerability that becomes a condition. Browsers from multiple vendors are prone to a denial-of-service vulnerability.
Successfully exploiting this issue may allow attackers to crash an affected application.
NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it
VAR-200907-0441 | CVE-2009-2536 |
Microsoft Internet Explorer 5 From 8 Service disruption in (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200906-0485 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Browsers from multiple vendors are prone to a denial-of-service vulnerability.
Successfully exploiting this issue may allow attackers to crash an affected application.
NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it
VAR-200907-0440 | CVE-2009-2535 |
Mozilla Firefox Service disruption (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200906-0485 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Browsers from multiple vendors are prone to a denial-of-service vulnerability.
Successfully exploiting this issue may allow attackers to crash an affected application.
NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201301-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Mozilla Products: Multiple vulnerabilities
Date: January 08, 2013
Bugs: #180159, #181361, #207261, #238535, #246602, #251322,
#255221, #255234, #255687, #257577, #260062, #261386,
#262704, #267234, #273918, #277752, #280226, #280234,
#280393, #282549, #284439, #286721, #290892, #292034,
#297532, #305689, #307045, #311021, #312361, #312645,
#312651, #312675, #312679, #312763, #313003, #324735,
#326341, #329279, #336396, #341821, #342847, #348316,
#357057, #360055, #360315, #365323, #373595, #379549,
#381245, #388045, #390771, #395431, #401701, #403183,
#404437, #408161, #413657, #419917, #427224, #433383,
#437780, #439586, #439960, #444318
ID: 201301-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which
may allow execution of arbitrary code or local privilege escalation.
Background
==========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
'Mozilla Application Suite'. XULRunner is a Mozilla runtime package
that can be used to bootstrap XUL+XPCOM applications such as Firefox
and Thunderbird. NSS is Mozilla's Network Security Services library
that implements PKI support. IceCat is the GNU version of Firefox.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 10.0.11 >= 10.0.11
2 www-client/firefox-bin < 10.0.11 >= 10.0.11
3 mail-client/thunderbird < 10.0.11 >= 10.0.11
4 mail-client/thunderbird-bin
< 10.0.11 >= 10.0.11
5 www-client/seamonkey < 2.14-r1 >= 2.14-r1
6 www-client/seamonkey-bin
< 2.14 >= 2.14
7 dev-libs/nss < 3.14 >= 3.14
8 www-client/mozilla-firefox
<= 3.6.8 Vulnerable!
9 www-client/mozilla-firefox-bin
<= 3.5.6 Vulnerable!
10 mail-client/mozilla-thunderbird
<= 3.0.4-r1 Vulnerable!
11 mail-client/mozilla-thunderbird-bin
<= 3.0 Vulnerable!
12 www-client/icecat <= 10.0-r1 Vulnerable!
13 net-libs/xulrunner <= 2.0-r1 Vulnerable!
14 net-libs/xulrunner-bin <= 1.8.1.19 Vulnerable!
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Furthermore, a remote attacker may be able
to perform Man-in-the-Middle attacks, obtain sensitive information,
bypass restrictions and protection mechanisms, force file downloads,
conduct XML injection attacks, conduct XSS attacks, bypass the Same
Origin Policy, spoof URL's for phishing attacks, trigger a vertical
scroll, spoof the location bar, spoof an SSL indicator, modify the
browser's font, conduct clickjacking attacks, or have other unspecified
impact.
A local attacker could gain escalated privileges, obtain sensitive
information, or replace an arbitrary downloaded file.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
All users of the Mozilla Firefox binary package should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
All users of the Mozilla Thunderbird binary package should upgrade to
the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
All Mozilla SeaMonkey users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1"
All users of the Mozilla SeaMonkey binary package should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14"
All NSS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14"
The "www-client/mozilla-firefox" package has been merged into the
"www-client/firefox" package. To upgrade, please unmerge
"www-client/mozilla-firefox" and then emerge the latest
"www-client/firefox" package:
# emerge --sync
# emerge --unmerge "www-client/mozilla-firefox"
# emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
The "www-client/mozilla-firefox-bin" package has been merged into the
"www-client/firefox-bin" package. To upgrade, please unmerge
"www-client/mozilla-firefox-bin" and then emerge the latest
"www-client/firefox-bin" package:
# emerge --sync
# emerge --unmerge "www-client/mozilla-firefox-bin"
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
The "mail-client/mozilla-thunderbird" package has been merged into the
"mail-client/thunderbird" package. To upgrade, please unmerge
"mail-client/mozilla-thunderbird" and then emerge the latest
"mail-client/thunderbird" package:
# emerge --sync
# emerge --unmerge "mail-client/mozilla-thunderbird"
# emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
The "mail-client/mozilla-thunderbird-bin" package has been merged into
the "mail-client/thunderbird-bin" package. To upgrade, please unmerge
"mail-client/mozilla-thunderbird-bin" and then emerge the latest
"mail-client/thunderbird-bin" package:
# emerge --sync
# emerge --unmerge "mail-client/mozilla-thunderbird-bin"
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
Gentoo discontinued support for GNU IceCat. We recommend that users
unmerge GNU IceCat:
# emerge --unmerge "www-client/icecat"
Gentoo discontinued support for XULRunner. We recommend that users
unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner"
Gentoo discontinued support for the XULRunner binary package. We
recommend that users unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner-bin"
References
==========
[ 1 ] CVE-2011-3101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101
[ 2 ] CVE-2007-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436
[ 3 ] CVE-2007-2437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437
[ 4 ] CVE-2007-2671
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671
[ 5 ] CVE-2007-3073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073
[ 6 ] CVE-2008-0016
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016
[ 7 ] CVE-2008-0017
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017
[ 8 ] CVE-2008-0367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367
[ 9 ] CVE-2008-3835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835
[ 10 ] CVE-2008-3836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836
[ 11 ] CVE-2008-3837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837
[ 12 ] CVE-2008-4058
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058
[ 13 ] CVE-2008-4059
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059
[ 14 ] CVE-2008-4060
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060
[ 15 ] CVE-2008-4061
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061
[ 16 ] CVE-2008-4062
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062
[ 17 ] CVE-2008-4063
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063
[ 18 ] CVE-2008-4064
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064
[ 19 ] CVE-2008-4065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065
[ 20 ] CVE-2008-4066
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066
[ 21 ] CVE-2008-4067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067
[ 22 ] CVE-2008-4068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068
[ 23 ] CVE-2008-4069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069
[ 24 ] CVE-2008-4070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070
[ 25 ] CVE-2008-4582
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582
[ 26 ] CVE-2008-5012
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012
[ 27 ] CVE-2008-5013
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013
[ 28 ] CVE-2008-5014
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014
[ 29 ] CVE-2008-5015
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015
[ 30 ] CVE-2008-5016
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016
[ 31 ] CVE-2008-5017
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017
[ 32 ] CVE-2008-5018
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018
[ 33 ] CVE-2008-5019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019
[ 34 ] CVE-2008-5021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021
[ 35 ] CVE-2008-5022
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022
[ 36 ] CVE-2008-5023
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023
[ 37 ] CVE-2008-5024
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024
[ 38 ] CVE-2008-5052
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052
[ 39 ] CVE-2008-5500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500
[ 40 ] CVE-2008-5501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501
[ 41 ] CVE-2008-5502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502
[ 42 ] CVE-2008-5503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503
[ 43 ] CVE-2008-5504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504
[ 44 ] CVE-2008-5505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505
[ 45 ] CVE-2008-5506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506
[ 46 ] CVE-2008-5507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507
[ 47 ] CVE-2008-5508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508
[ 48 ] CVE-2008-5510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510
[ 49 ] CVE-2008-5511
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511
[ 50 ] CVE-2008-5512
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512
[ 51 ] CVE-2008-5513
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513
[ 52 ] CVE-2008-5822
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822
[ 53 ] CVE-2008-5913
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913
[ 54 ] CVE-2008-6961
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961
[ 55 ] CVE-2009-0071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071
[ 56 ] CVE-2009-0071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071
[ 57 ] CVE-2009-0352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352
[ 58 ] CVE-2009-0353
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353
[ 59 ] CVE-2009-0354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354
[ 60 ] CVE-2009-0355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355
[ 61 ] CVE-2009-0356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356
[ 62 ] CVE-2009-0357
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357
[ 63 ] CVE-2009-0358
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358
[ 64 ] CVE-2009-0652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652
[ 65 ] CVE-2009-0771
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771
[ 66 ] CVE-2009-0772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772
[ 67 ] CVE-2009-0773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773
[ 68 ] CVE-2009-0774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774
[ 69 ] CVE-2009-0775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775
[ 70 ] CVE-2009-0776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776
[ 71 ] CVE-2009-0777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777
[ 72 ] CVE-2009-1044
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044
[ 73 ] CVE-2009-1169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169
[ 74 ] CVE-2009-1302
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302
[ 75 ] CVE-2009-1303
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303
[ 76 ] CVE-2009-1304
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304
[ 77 ] CVE-2009-1305
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305
[ 78 ] CVE-2009-1306
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306
[ 79 ] CVE-2009-1307
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307
[ 80 ] CVE-2009-1308
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308
[ 81 ] CVE-2009-1309
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309
[ 82 ] CVE-2009-1310
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310
[ 83 ] CVE-2009-1311
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311
[ 84 ] CVE-2009-1312
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312
[ 85 ] CVE-2009-1313
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313
[ 86 ] CVE-2009-1392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392
[ 87 ] CVE-2009-1563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563
[ 88 ] CVE-2009-1571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571
[ 89 ] CVE-2009-1828
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828
[ 90 ] CVE-2009-1832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832
[ 91 ] CVE-2009-1833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833
[ 92 ] CVE-2009-1834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834
[ 93 ] CVE-2009-1835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835
[ 94 ] CVE-2009-1836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836
[ 95 ] CVE-2009-1837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837
[ 96 ] CVE-2009-1838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838
[ 97 ] CVE-2009-1839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839
[ 98 ] CVE-2009-1840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840
[ 99 ] CVE-2009-1841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841
[ 100 ] CVE-2009-2043
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043
[ 101 ] CVE-2009-2044
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044
[ 102 ] CVE-2009-2061
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061
[ 103 ] CVE-2009-2065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065
[ 104 ] CVE-2009-2210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210
[ 105 ] CVE-2009-2404
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404
[ 106 ] CVE-2009-2408
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408
[ 107 ] CVE-2009-2462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462
[ 108 ] CVE-2009-2463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463
[ 109 ] CVE-2009-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464
[ 110 ] CVE-2009-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465
[ 111 ] CVE-2009-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466
[ 112 ] CVE-2009-2467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467
[ 113 ] CVE-2009-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469
[ 114 ] CVE-2009-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470
[ 115 ] CVE-2009-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471
[ 116 ] CVE-2009-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472
[ 117 ] CVE-2009-2477
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477
[ 118 ] CVE-2009-2478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478
[ 119 ] CVE-2009-2479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479
[ 120 ] CVE-2009-2535
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535
[ 121 ] CVE-2009-2654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654
[ 122 ] CVE-2009-2662
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662
[ 123 ] CVE-2009-2664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664
[ 124 ] CVE-2009-2665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665
[ 125 ] CVE-2009-3069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069
[ 126 ] CVE-2009-3070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070
[ 127 ] CVE-2009-3071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071
[ 128 ] CVE-2009-3072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072
[ 129 ] CVE-2009-3074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074
[ 130 ] CVE-2009-3075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075
[ 131 ] CVE-2009-3076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076
[ 132 ] CVE-2009-3077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077
[ 133 ] CVE-2009-3078
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078
[ 134 ] CVE-2009-3079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079
[ 135 ] CVE-2009-3274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274
[ 136 ] CVE-2009-3371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371
[ 137 ] CVE-2009-3372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372
[ 138 ] CVE-2009-3373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373
[ 139 ] CVE-2009-3374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374
[ 140 ] CVE-2009-3375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375
[ 141 ] CVE-2009-3376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376
[ 142 ] CVE-2009-3377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377
[ 143 ] CVE-2009-3378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378
[ 144 ] CVE-2009-3379
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379
[ 145 ] CVE-2009-3380
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380
[ 146 ] CVE-2009-3381
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381
[ 147 ] CVE-2009-3382
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382
[ 148 ] CVE-2009-3383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383
[ 149 ] CVE-2009-3388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388
[ 150 ] CVE-2009-3389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389
[ 151 ] CVE-2009-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555
[ 152 ] CVE-2009-3978
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978
[ 153 ] CVE-2009-3979
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979
[ 154 ] CVE-2009-3980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980
[ 155 ] CVE-2009-3981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981
[ 156 ] CVE-2009-3982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982
[ 157 ] CVE-2009-3983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983
[ 158 ] CVE-2009-3984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984
[ 159 ] CVE-2009-3985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985
[ 160 ] CVE-2009-3986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986
[ 161 ] CVE-2009-3987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987
[ 162 ] CVE-2009-3988
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988
[ 163 ] CVE-2010-0159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159
[ 164 ] CVE-2010-0160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160
[ 165 ] CVE-2010-0162
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162
[ 166 ] CVE-2010-0163
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163
[ 167 ] CVE-2010-0164
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164
[ 168 ] CVE-2010-0165
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165
[ 169 ] CVE-2010-0166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166
[ 170 ] CVE-2010-0167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167
[ 171 ] CVE-2010-0167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167
[ 172 ] CVE-2010-0168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168
[ 173 ] CVE-2010-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169
[ 174 ] CVE-2010-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169
[ 175 ] CVE-2010-0170
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170
[ 176 ] CVE-2010-0171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171
[ 177 ] CVE-2010-0171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171
[ 178 ] CVE-2010-0172
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172
[ 179 ] CVE-2010-0173
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173
[ 180 ] CVE-2010-0174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174
[ 181 ] CVE-2010-0174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174
[ 182 ] CVE-2010-0175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175
[ 183 ] CVE-2010-0175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175
[ 184 ] CVE-2010-0176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176
[ 185 ] CVE-2010-0176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176
[ 186 ] CVE-2010-0177
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177
[ 187 ] CVE-2010-0178
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178
[ 188 ] CVE-2010-0179
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179
[ 189 ] CVE-2010-0181
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181
[ 190 ] CVE-2010-0182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182
[ 191 ] CVE-2010-0183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183
[ 192 ] CVE-2010-0220
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220
[ 193 ] CVE-2010-0648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648
[ 194 ] CVE-2010-0654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654
[ 195 ] CVE-2010-1028
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028
[ 196 ] CVE-2010-1121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121
[ 197 ] CVE-2010-1125
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125
[ 198 ] CVE-2010-1196
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196
[ 199 ] CVE-2010-1197
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197
[ 200 ] CVE-2010-1198
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198
[ 201 ] CVE-2010-1199
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199
[ 202 ] CVE-2010-1200
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200
[ 203 ] CVE-2010-1201
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201
[ 204 ] CVE-2010-1202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202
[ 205 ] CVE-2010-1203
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203
[ 206 ] CVE-2010-1205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205
[ 207 ] CVE-2010-1206
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206
[ 208 ] CVE-2010-1207
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207
[ 209 ] CVE-2010-1208
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208
[ 210 ] CVE-2010-1209
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209
[ 211 ] CVE-2010-1210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210
[ 212 ] CVE-2010-1211
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211
[ 213 ] CVE-2010-1212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212
[ 214 ] CVE-2010-1213
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213
[ 215 ] CVE-2010-1214
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214
[ 216 ] CVE-2010-1215
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215
[ 217 ] CVE-2010-1585
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585
[ 218 ] CVE-2010-2751
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751
[ 219 ] CVE-2010-2752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752
[ 220 ] CVE-2010-2753
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753
[ 221 ] CVE-2010-2754
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754
[ 222 ] CVE-2010-2755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755
[ 223 ] CVE-2010-2760
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760
[ 224 ] CVE-2010-2762
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762
[ 225 ] CVE-2010-2763
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763
[ 226 ] CVE-2010-2764
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764
[ 227 ] CVE-2010-2765
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765
[ 228 ] CVE-2010-2766
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766
[ 229 ] CVE-2010-2767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767
[ 230 ] CVE-2010-2768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768
[ 231 ] CVE-2010-2769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769
[ 232 ] CVE-2010-2770
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770
[ 233 ] CVE-2010-3131
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131
[ 234 ] CVE-2010-3166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166
[ 235 ] CVE-2010-3167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167
[ 236 ] CVE-2010-3168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168
[ 237 ] CVE-2010-3169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169
[ 238 ] CVE-2010-3170
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170
[ 239 ] CVE-2010-3171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171
[ 240 ] CVE-2010-3173
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173
[ 241 ] CVE-2010-3174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174
[ 242 ] CVE-2010-3175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175
[ 243 ] CVE-2010-3176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176
[ 244 ] CVE-2010-3177
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177
[ 245 ] CVE-2010-3178
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178
[ 246 ] CVE-2010-3179
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179
[ 247 ] CVE-2010-3180
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180
[ 248 ] CVE-2010-3182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182
[ 249 ] CVE-2010-3183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183
[ 250 ] CVE-2010-3399
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399
[ 251 ] CVE-2010-3400
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400
[ 252 ] CVE-2010-3765
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765
[ 253 ] CVE-2010-3766
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766
[ 254 ] CVE-2010-3767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767
[ 255 ] CVE-2010-3768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768
[ 256 ] CVE-2010-3769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769
[ 257 ] CVE-2010-3770
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770
[ 258 ] CVE-2010-3771
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771
[ 259 ] CVE-2010-3772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772
[ 260 ] CVE-2010-3773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773
[ 261 ] CVE-2010-3774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774
[ 262 ] CVE-2010-3775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775
[ 263 ] CVE-2010-3776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776
[ 264 ] CVE-2010-3777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777
[ 265 ] CVE-2010-3778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778
[ 266 ] CVE-2010-4508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508
[ 267 ] CVE-2010-5074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074
[ 268 ] CVE-2011-0051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051
[ 269 ] CVE-2011-0053
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053
[ 270 ] CVE-2011-0054
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054
[ 271 ] CVE-2011-0055
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055
[ 272 ] CVE-2011-0056
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056
[ 273 ] CVE-2011-0057
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057
[ 274 ] CVE-2011-0058
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058
[ 275 ] CVE-2011-0059
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059
[ 276 ] CVE-2011-0061
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061
[ 277 ] CVE-2011-0062
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062
[ 278 ] CVE-2011-0065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065
[ 279 ] CVE-2011-0066
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066
[ 280 ] CVE-2011-0067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067
[ 281 ] CVE-2011-0068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068
[ 282 ] CVE-2011-0069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069
[ 283 ] CVE-2011-0070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070
[ 284 ] CVE-2011-0071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071
[ 285 ] CVE-2011-0072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072
[ 286 ] CVE-2011-0073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073
[ 287 ] CVE-2011-0074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074
[ 288 ] CVE-2011-0075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075
[ 289 ] CVE-2011-0076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076
[ 290 ] CVE-2011-0077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077
[ 291 ] CVE-2011-0078
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078
[ 292 ] CVE-2011-0079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079
[ 293 ] CVE-2011-0080
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080
[ 294 ] CVE-2011-0081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081
[ 295 ] CVE-2011-0082
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082
[ 296 ] CVE-2011-0083
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083
[ 297 ] CVE-2011-0084
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084
[ 298 ] CVE-2011-0085
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085
[ 299 ] CVE-2011-1187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187
[ 300 ] CVE-2011-1202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202
[ 301 ] CVE-2011-1712
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712
[ 302 ] CVE-2011-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362
[ 303 ] CVE-2011-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363
[ 304 ] CVE-2011-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364
[ 305 ] CVE-2011-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365
[ 306 ] CVE-2011-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369
[ 307 ] CVE-2011-2370
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370
[ 308 ] CVE-2011-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371
[ 309 ] CVE-2011-2372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372
[ 310 ] CVE-2011-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373
[ 311 ] CVE-2011-2374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374
[ 312 ] CVE-2011-2375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375
[ 313 ] CVE-2011-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376
[ 314 ] CVE-2011-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377
[ 315 ] CVE-2011-2378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378
[ 316 ] CVE-2011-2605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605
[ 317 ] CVE-2011-2980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980
[ 318 ] CVE-2011-2981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981
[ 319 ] CVE-2011-2982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982
[ 320 ] CVE-2011-2983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983
[ 321 ] CVE-2011-2984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984
[ 322 ] CVE-2011-2985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985
[ 323 ] CVE-2011-2986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986
[ 324 ] CVE-2011-2987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987
[ 325 ] CVE-2011-2988
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988
[ 326 ] CVE-2011-2989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989
[ 327 ] CVE-2011-2990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990
[ 328 ] CVE-2011-2991
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991
[ 329 ] CVE-2011-2993
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993
[ 330 ] CVE-2011-2995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995
[ 331 ] CVE-2011-2996
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996
[ 332 ] CVE-2011-2997
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997
[ 333 ] CVE-2011-2998
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998
[ 334 ] CVE-2011-2999
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999
[ 335 ] CVE-2011-3000
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000
[ 336 ] CVE-2011-3001
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001
[ 337 ] CVE-2011-3002
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002
[ 338 ] CVE-2011-3003
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003
[ 339 ] CVE-2011-3004
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004
[ 340 ] CVE-2011-3005
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005
[ 341 ] CVE-2011-3026
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026
[ 342 ] CVE-2011-3062
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062
[ 343 ] CVE-2011-3232
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232
[ 344 ] CVE-2011-3389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389
[ 345 ] CVE-2011-3640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640
[ 346 ] CVE-2011-3647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647
[ 347 ] CVE-2011-3648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648
[ 348 ] CVE-2011-3649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649
[ 349 ] CVE-2011-3650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650
[ 350 ] CVE-2011-3651
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651
[ 351 ] CVE-2011-3652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652
[ 352 ] CVE-2011-3653
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653
[ 353 ] CVE-2011-3654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654
[ 354 ] CVE-2011-3655
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655
[ 355 ] CVE-2011-3658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658
[ 356 ] CVE-2011-3659
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659
[ 357 ] CVE-2011-3660
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660
[ 358 ] CVE-2011-3661
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661
[ 359 ] CVE-2011-3663
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663
[ 360 ] CVE-2011-3665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665
[ 361 ] CVE-2011-3670
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670
[ 362 ] CVE-2011-3866
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866
[ 363 ] CVE-2011-4688
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688
[ 364 ] CVE-2012-0441
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441
[ 365 ] CVE-2012-0442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442
[ 366 ] CVE-2012-0443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443
[ 367 ] CVE-2012-0444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444
[ 368 ] CVE-2012-0445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445
[ 369 ] CVE-2012-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446
[ 370 ] CVE-2012-0447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447
[ 371 ] CVE-2012-0449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449
[ 372 ] CVE-2012-0450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450
[ 373 ] CVE-2012-0451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451
[ 374 ] CVE-2012-0452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452
[ 375 ] CVE-2012-0455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455
[ 376 ] CVE-2012-0456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456
[ 377 ] CVE-2012-0457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457
[ 378 ] CVE-2012-0458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458
[ 379 ] CVE-2012-0459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459
[ 380 ] CVE-2012-0460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460
[ 381 ] CVE-2012-0461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461
[ 382 ] CVE-2012-0462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462
[ 383 ] CVE-2012-0463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463
[ 384 ] CVE-2012-0464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464
[ 385 ] CVE-2012-0467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467
[ 386 ] CVE-2012-0468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468
[ 387 ] CVE-2012-0469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469
[ 388 ] CVE-2012-0470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470
[ 389 ] CVE-2012-0471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471
[ 390 ] CVE-2012-0473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473
[ 391 ] CVE-2012-0474
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474
[ 392 ] CVE-2012-0475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475
[ 393 ] CVE-2012-0477
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477
[ 394 ] CVE-2012-0478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478
[ 395 ] CVE-2012-0479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479
[ 396 ] CVE-2012-1937
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937
[ 397 ] CVE-2012-1938
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938
[ 398 ] CVE-2012-1939
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939
[ 399 ] CVE-2012-1940
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940
[ 400 ] CVE-2012-1941
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941
[ 401 ] CVE-2012-1945
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945
[ 402 ] CVE-2012-1946
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946
[ 403 ] CVE-2012-1947
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947
[ 404 ] CVE-2012-1948
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948
[ 405 ] CVE-2012-1949
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949
[ 406 ] CVE-2012-1950
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950
[ 407 ] CVE-2012-1951
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951
[ 408 ] CVE-2012-1952
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952
[ 409 ] CVE-2012-1953
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953
[ 410 ] CVE-2012-1954
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954
[ 411 ] CVE-2012-1955
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955
[ 412 ] CVE-2012-1956
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956
[ 413 ] CVE-2012-1957
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957
[ 414 ] CVE-2012-1958
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958
[ 415 ] CVE-2012-1959
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959
[ 416 ] CVE-2012-1960
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960
[ 417 ] CVE-2012-1961
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961
[ 418 ] CVE-2012-1962
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962
[ 419 ] CVE-2012-1963
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963
[ 420 ] CVE-2012-1964
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964
[ 421 ] CVE-2012-1965
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965
[ 422 ] CVE-2012-1966
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966
[ 423 ] CVE-2012-1967
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967
[ 424 ] CVE-2012-1970
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970
[ 425 ] CVE-2012-1971
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971
[ 426 ] CVE-2012-1972
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972
[ 427 ] CVE-2012-1973
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973
[ 428 ] CVE-2012-1974
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974
[ 429 ] CVE-2012-1975
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975
[ 430 ] CVE-2012-1976
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976
[ 431 ] CVE-2012-1994
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994
[ 432 ] CVE-2012-3956
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956
[ 433 ] CVE-2012-3957
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957
[ 434 ] CVE-2012-3958
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958
[ 435 ] CVE-2012-3959
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959
[ 436 ] CVE-2012-3960
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960
[ 437 ] CVE-2012-3961
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961
[ 438 ] CVE-2012-3962
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962
[ 439 ] CVE-2012-3963
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963
[ 440 ] CVE-2012-3964
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964
[ 441 ] CVE-2012-3965
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965
[ 442 ] CVE-2012-3966
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966
[ 443 ] CVE-2012-3967
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967
[ 444 ] CVE-2012-3968
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968
[ 445 ] CVE-2012-3969
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969
[ 446 ] CVE-2012-3970
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970
[ 447 ] CVE-2012-3971
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971
[ 448 ] CVE-2012-3972
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972
[ 449 ] CVE-2012-3973
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973
[ 450 ] CVE-2012-3975
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975
[ 451 ] CVE-2012-3976
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976
[ 452 ] CVE-2012-3977
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977
[ 453 ] CVE-2012-3978
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978
[ 454 ] CVE-2012-3980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980
[ 455 ] CVE-2012-3982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982
[ 456 ] CVE-2012-3984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984
[ 457 ] CVE-2012-3985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985
[ 458 ] CVE-2012-3986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986
[ 459 ] CVE-2012-3988
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988
[ 460 ] CVE-2012-3989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989
[ 461 ] CVE-2012-3990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990
[ 462 ] CVE-2012-3991
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991
[ 463 ] CVE-2012-3992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992
[ 464 ] CVE-2012-3993
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993
[ 465 ] CVE-2012-3994
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994
[ 466 ] CVE-2012-3995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995
[ 467 ] CVE-2012-4179
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179
[ 468 ] CVE-2012-4180
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180
[ 469 ] CVE-2012-4181
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181
[ 470 ] CVE-2012-4182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182
[ 471 ] CVE-2012-4183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183
[ 472 ] CVE-2012-4184
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184
[ 473 ] CVE-2012-4185
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185
[ 474 ] CVE-2012-4186
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186
[ 475 ] CVE-2012-4187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187
[ 476 ] CVE-2012-4188
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188
[ 477 ] CVE-2012-4190
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190
[ 478 ] CVE-2012-4191
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191
[ 479 ] CVE-2012-4192
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192
[ 480 ] CVE-2012-4193
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193
[ 481 ] CVE-2012-4194
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194
[ 482 ] CVE-2012-4195
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195
[ 483 ] CVE-2012-4196
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196
[ 484 ] CVE-2012-4201
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201
[ 485 ] CVE-2012-4202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202
[ 486 ] CVE-2012-4204
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204
[ 487 ] CVE-2012-4205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205
[ 488 ] CVE-2012-4206
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206
[ 489 ] CVE-2012-4207
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207
[ 490 ] CVE-2012-4208
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208
[ 491 ] CVE-2012-4209
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209
[ 492 ] CVE-2012-4210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210
[ 493 ] CVE-2012-4212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212
[ 494 ] CVE-2012-4215
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215
[ 495 ] CVE-2012-4216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216
[ 496 ] CVE-2012-5354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354
[ 497 ] CVE-2012-5829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829
[ 498 ] CVE-2012-5830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830
[ 499 ] CVE-2012-5833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833
[ 500 ] CVE-2012-5835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835
[ 501 ] CVE-2012-5836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836
[ 502 ] CVE-2012-5838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838
[ 503 ] CVE-2012-5839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839
[ 504 ] CVE-2012-5840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840
[ 505 ] CVE-2012-5841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841
[ 506 ] CVE-2012-5842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842
[ 507 ] CVE-2012-5843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843
[ 508 ] Firefox Blocking Fraudulent Certificates
http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c=
ertificates/
[ 509 ] Mozilla Foundation Security Advisory 2011-11
http://www.mozilla.org/security/announce/2011/mfsa2011-11.html
[ 510 ] Mozilla Foundation Security Advisory 2011-34
http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201301-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
VAR-200907-0426 | CVE-2009-2575 |
RIM BlackBerry 8800 Operational disruption ( Memory consumption and browser crash ) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200906-0485 |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The Research In Motion (RIM) BlackBerry 8800 allows remote attackers to cause a denial of service (memory consumption and browser crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Browsers from multiple vendors are prone to a denial-of-service vulnerability.
Successfully exploiting this issue may allow attackers to crash an affected application.
NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it
VAR-200906-0599 | CVE-2009-2537 |
KDE Konqueror Service disruption in (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200906-0485 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. KDE Konqueror There is a service disruption ( Memory consumption ) There is a vulnerability that becomes a condition. Browsers from multiple vendors are prone to a denial-of-service vulnerability.
Successfully exploiting this issue may allow attackers to crash an affected application.
NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Fedora update for kdelibs
SECUNIA ADVISORY ID:
SA36062
VERIFY ADVISORY:
http://secunia.com/advisories/36062/
DESCRIPTION:
Fedora has issued an update for kdelibs. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
For more information:
SA35581
SA35991
SOLUTION:
Apply updated packages via the yum utility ("yum update kdelibs").
ORIGINAL ADVISORY:
FEDORA-2009-8049:
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
FEDORA-2009-8039:
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
OTHER REFERENCES:
SA35581:
http://secunia.com/advisories/35581/
SA35991:
http://secunia.com/advisories/35991/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
This update provides a solution to this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:027
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kdelibs4
Date : January 27, 2010
Affected: 2009.1
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities was discovered and corrected in kdelibs4:
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
\'\0\' (NUL) character in a domain name in the Subject Alternative
Name field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408 (CVE-2009-2702).
The JavaScript garbage collector in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
through 2.2.1 does not properly handle allocation failures, which
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
HTML document that triggers write access to an offset of a NULL
pointer. (CVE-2009-1687).
WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit
(aka Qt toolkit), and possibly other products does not properly handle
numeric character references, which allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted HTML document (CVE-2009-1725).
Use-after-free vulnerability in WebKit, as used in Apple Safari
before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1
through 2.2.1, Google Chrome 1.0.154.53, and possibly other products,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) by setting an
unspecified property of an HTML tag that causes child elements to
be freed and later accessed when an HTML error occurs, related to
recursion in certain DOM event handlers. (CVE-2009-1690).
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a
pointer during handling of a Cascading Style Sheets (CSS) attr function
call with a large numerical argument, which allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted HTML document (CVE-2009-1698). (CVE-2009-0689).
WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple
Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote
attackers to execute arbitrary code via a crafted SVGList object that
triggers memory corruption (CVE-2009-0945).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.1:
c08161eacba6cdb1b0ba26babe5f8cc5 2009.1/i586/kdelibs4-core-4.2.4-0.8mdv2009.1.i586.rpm
933468cf4109252dac5119edd958f73d 2009.1/i586/kdelibs4-devel-4.2.4-0.8mdv2009.1.i586.rpm
96703a0ef0baf299647ff27d64cb0680 2009.1/i586/libkde3support4-4.2.4-0.8mdv2009.1.i586.rpm
e5f60ba41e5919fa77c313b204e1f712 2009.1/i586/libkdecore5-4.2.4-0.8mdv2009.1.i586.rpm
cf8af6e467cd1585c44e1cce01362526 2009.1/i586/libkdefakes5-4.2.4-0.8mdv2009.1.i586.rpm
1c9c04b5f6c0c59d2e5860b077e0c6e3 2009.1/i586/libkdesu5-4.2.4-0.8mdv2009.1.i586.rpm
89fe7c33c7e5bcc23595560ae4664bf6 2009.1/i586/libkdeui5-4.2.4-0.8mdv2009.1.i586.rpm
30b73ef58ac3a45ff86756ad09d0d555 2009.1/i586/libkdnssd4-4.2.4-0.8mdv2009.1.i586.rpm
a1f00af00ea7e52d9f187f1fe5ccdfe2 2009.1/i586/libkfile4-4.2.4-0.8mdv2009.1.i586.rpm
553486988b945307ee038cb41dcb76e6 2009.1/i586/libkhtml5-4.2.4-0.8mdv2009.1.i586.rpm
9d9501ff70e709c5ea32b35aa985688a 2009.1/i586/libkimproxy4-4.2.4-0.8mdv2009.1.i586.rpm
a2ec3f440eb6cf545abbc63a3d34c1e5 2009.1/i586/libkio5-4.2.4-0.8mdv2009.1.i586.rpm
4168e955b60a5a69d8f1e085b30d0424 2009.1/i586/libkjs4-4.2.4-0.8mdv2009.1.i586.rpm
bfcece9c73348c6415c48ec266877908 2009.1/i586/libkjsapi4-4.2.4-0.8mdv2009.1.i586.rpm
228ca7dc2a86fdc868a5937b16a7a08c 2009.1/i586/libkjsembed4-4.2.4-0.8mdv2009.1.i586.rpm
f6297ae0630eb6207895df9f2f971eb6 2009.1/i586/libkmediaplayer4-4.2.4-0.8mdv2009.1.i586.rpm
cf6113c17858d5e6e3c0e04622f8a66c 2009.1/i586/libknewstuff2_4-4.2.4-0.8mdv2009.1.i586.rpm
da55a2f428ad020834f7b91c0023ecf6 2009.1/i586/libknotifyconfig4-4.2.4-0.8mdv2009.1.i586.rpm
9fef466138ff78a3d6d3244998a9ba30 2009.1/i586/libkntlm4-4.2.4-0.8mdv2009.1.i586.rpm
4f7c0ad254ec1990f5dab1c0b959629d 2009.1/i586/libkparts4-4.2.4-0.8mdv2009.1.i586.rpm
8c58d6a9a6ec7fc21f287b2f4c2e9858 2009.1/i586/libkpty4-4.2.4-0.8mdv2009.1.i586.rpm
8ed500d050b95560d7eff6db26fa05ee 2009.1/i586/libkrosscore4-4.2.4-0.8mdv2009.1.i586.rpm
2d8d12d8a7bbfe18f6b04b9807795077 2009.1/i586/libkrossui4-4.2.4-0.8mdv2009.1.i586.rpm
8cc5c226e381b122983440b3440c1476 2009.1/i586/libktexteditor4-4.2.4-0.8mdv2009.1.i586.rpm
3c53941130fb8cc6d12b8cdea488f536 2009.1/i586/libkunittest4-4.2.4-0.8mdv2009.1.i586.rpm
3996bfcff0b2465c39c6ccdb8367f401 2009.1/i586/libkutils4-4.2.4-0.8mdv2009.1.i586.rpm
129a26ab20c792994113b5db00b7f7c4 2009.1/i586/libnepomuk4-4.2.4-0.8mdv2009.1.i586.rpm
0b88090e1cba0db59a3fb85c34e6b726 2009.1/i586/libplasma3-4.2.4-0.8mdv2009.1.i586.rpm
79b484a6c8e20db156fbe130c81e2001 2009.1/i586/libsolid4-4.2.4-0.8mdv2009.1.i586.rpm
ddd09e03af15f421b2e38b6f06c0247a 2009.1/i586/libthreadweaver4-4.2.4-0.8mdv2009.1.i586.rpm
fe70dc01416cc986d1e19c15a0b5cfa7 2009.1/SRPMS/kdelibs4-4.2.4-0.8mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
89f77418ccda86b51c7d32d011e88e9b 2009.1/x86_64/kdelibs4-core-4.2.4-0.8mdv2009.1.x86_64.rpm
d0b009e595350648b12cca1ee094802e 2009.1/x86_64/kdelibs4-devel-4.2.4-0.8mdv2009.1.x86_64.rpm
03db494c356e0b0823ddf697d42c0f50 2009.1/x86_64/lib64kde3support4-4.2.4-0.8mdv2009.1.x86_64.rpm
6d98531ba95a096fd49801f7df452776 2009.1/x86_64/lib64kdecore5-4.2.4-0.8mdv2009.1.x86_64.rpm
bf3845f586eeeaafab5e25442f4d8950 2009.1/x86_64/lib64kdefakes5-4.2.4-0.8mdv2009.1.x86_64.rpm
b9767fb69262886d60a7844ad6569e27 2009.1/x86_64/lib64kdesu5-4.2.4-0.8mdv2009.1.x86_64.rpm
d709c9fb8874c432d1b4e415e9c06858 2009.1/x86_64/lib64kdeui5-4.2.4-0.8mdv2009.1.x86_64.rpm
6d062780a7629eed7e93ab9e66daf633 2009.1/x86_64/lib64kdnssd4-4.2.4-0.8mdv2009.1.x86_64.rpm
f39c44bc7572d06921061c0ac5ef78c9 2009.1/x86_64/lib64kfile4-4.2.4-0.8mdv2009.1.x86_64.rpm
90f8ecd4967830ebff3b81732162fe33 2009.1/x86_64/lib64khtml5-4.2.4-0.8mdv2009.1.x86_64.rpm
005d7de69a0063a8dc396b9dffdf20ed 2009.1/x86_64/lib64kimproxy4-4.2.4-0.8mdv2009.1.x86_64.rpm
3924d83bf43990f7a7ba5d2eea29ef5d 2009.1/x86_64/lib64kio5-4.2.4-0.8mdv2009.1.x86_64.rpm
9124f0ce5f1643e4310ef0bfc5fda970 2009.1/x86_64/lib64kjs4-4.2.4-0.8mdv2009.1.x86_64.rpm
573504d0c305e757b3c163b9132264e4 2009.1/x86_64/lib64kjsapi4-4.2.4-0.8mdv2009.1.x86_64.rpm
917e5b175a3a5480e848dee6201e99d9 2009.1/x86_64/lib64kjsembed4-4.2.4-0.8mdv2009.1.x86_64.rpm
604cce29c11b2452b2744ff72e248b7c 2009.1/x86_64/lib64kmediaplayer4-4.2.4-0.8mdv2009.1.x86_64.rpm
bd75d3e4feaa98a3659ae5d113fe45f6 2009.1/x86_64/lib64knewstuff2_4-4.2.4-0.8mdv2009.1.x86_64.rpm
0a7d48b91c673f5908ce2d47a77746e2 2009.1/x86_64/lib64knotifyconfig4-4.2.4-0.8mdv2009.1.x86_64.rpm
a91967cfec8b470cc7520ac17590d41b 2009.1/x86_64/lib64kntlm4-4.2.4-0.8mdv2009.1.x86_64.rpm
0159bb033c507f20fb8bd77a7a8be43a 2009.1/x86_64/lib64kparts4-4.2.4-0.8mdv2009.1.x86_64.rpm
a062d0124cdea9dfcafb82ed2c5dfd54 2009.1/x86_64/lib64kpty4-4.2.4-0.8mdv2009.1.x86_64.rpm
8c0950479a23531a03836f7744d6b90d 2009.1/x86_64/lib64krosscore4-4.2.4-0.8mdv2009.1.x86_64.rpm
ca61efacf989bd4421d2c88abc440e3f 2009.1/x86_64/lib64krossui4-4.2.4-0.8mdv2009.1.x86_64.rpm
bcd31e87995de0f86ad9c363e87ea0d4 2009.1/x86_64/lib64ktexteditor4-4.2.4-0.8mdv2009.1.x86_64.rpm
23a0f2c640a20dd1be2b4475a9102cd6 2009.1/x86_64/lib64kunittest4-4.2.4-0.8mdv2009.1.x86_64.rpm
e49987a6d8016b6ac39011b6cac0b570 2009.1/x86_64/lib64kutils4-4.2.4-0.8mdv2009.1.x86_64.rpm
90d6806fa9dcd2ac1b71fc3b72dd4f81 2009.1/x86_64/lib64nepomuk4-4.2.4-0.8mdv2009.1.x86_64.rpm
4808080c578223d0bcb156e78f5d661f 2009.1/x86_64/lib64plasma3-4.2.4-0.8mdv2009.1.x86_64.rpm
e8cecb137634dfc738617b67a6d34122 2009.1/x86_64/lib64solid4-4.2.4-0.8mdv2009.1.x86_64.rpm
35c8778eaaa5465a8f15c27a57d8ed60 2009.1/x86_64/lib64threadweaver4-4.2.4-0.8mdv2009.1.x86_64.rpm
fe70dc01416cc986d1e19c15a0b5cfa7 2009.1/SRPMS/kdelibs4-4.2.4-0.8mdv2009.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLX/3wmqjQ0CJFipgRApr4AKC7I0w56Y9GFgmZeeNIeUDGaXgxHQCg6N5C
YuntVxGlOXktJ3qUQl1SZ1Y=
=5Avg
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10,
which brings many bugfixes, overall improvements and many security
fixes.
kdegraphics contains security fixes for
CVE-2009-3603,3604,3605,3606,3608,3609,0146,0147,0165,0166,0799,0800,1179,1180,1181,1182,1183
kdelibs contains security fixes for
CVE-2009-0689,1687,1690,1698,2702,1725,2537
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers