VARIoT IoT vulnerabilities database

Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition

Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager. GE Proficy Plant is a smart factory solution that allows you to make business decisions and make decisions through real-time plant data. A security vulnerability exists in multiple Proficy services, allowing an attacker to gain control of the system. The GE Proficy Plan application component handles inbound TCP/IP messaging. There is a stack-based buffer overflow. This vulnerability affects: (1) By default, the Proficy Server Manager (PRProficyMgr.exe) on the TCP 12293 port is monitored. (2) By default, the Proficy Service Gateway program (PRGateway.exe) on the TCP 12294 port is monitored. (3) By default, the Proficy Remote Data Service (PRRDS.exe) on the TCP 12299 port is monitored. (4) By default, the Proficy Server License Manager (PRLicenseMgr.exe) on the TCP 12401 port is monitored. GE Proficy Plant is prone to a remote stack buffer-overflow vulnerability. An attacker could exploit this issue to execute arbitrary code with administrative privileges. Successfully exploiting this issue will result in the complete compromise of the affected computer. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Proficy Plant Applications Multiple Services Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA46700 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46700/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46700 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/46700/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46700/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46700 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Proficy Plant Applications, which can be exploited by malicious people to compromise a vulnerable system. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply updates. PROVIDED AND/OR DISCOVERED BY: The vendor credits Luigi Auriemma via ZDI. ORIGINAL ADVISORY: GE (GEIP-11-02): http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14493/en_US/GEIP11-02%20Security%20Advisory%20-%20Proficy%20Plant%20Applications%20services.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Pantech Link is a mobile phone that supports 2.4\" LCD screen and full keyboard. The Pantech Link/P7040P browser SSL certificate parsing contains a vulnerability caused by the \"Basic Constraints\" parameter that does not correctly check the certificate in the chain. Use the legal final entity The certificate is signed with a new certificate, and the attacker can obtain a \"legal\" certificate for any domain. For example: -TrustedCA--somedomain.com (legitimate certificate)---api.someotherdomain.com (signed by somedomain.com) uses this technology Any SSL communication using the api.someotherdomain.com certificate can be transparently intercepted. The browser of Pantech Link Phones is prone to a security weakness because it fails to verify SSL certificates presented by a remote server. An attacker can exploit this weakness to masquerade as a legitimate server using a man-in-the-middle attack or to launch other attacks, such as phishing

Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php. ( Dot dot ) including fileget Arbitrary files may be read via parameters. Pragyan CMS is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view local files in the context of the webserver process, which may aid in further attacks. Pragyan CMS 3.0 is vulnerable; other versions may also be affected

CertificationKits CiscoKits CCNA TFTP Server is a TFTP server that can be used to help prepare for the Cisco Certificate Exam. CertificationKits CiscoKits CCNA TFTP Server incorrectly verifies WRITE requests containing very long filenames, allowing an attacker to crash the service. CiscoKits CCNA TFTP Server is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users

CertificationKits CiscoKits CCNA TFTP Server is a TFTP server that can be used to help prepare for the Cisco Certificate Exam. CertificationKits CiscoKits CCNA TFTP Server incorrectly handles read requests containing \"../\" sequences, allowing an attacker to read arbitrary files through a directory traversal attack. CiscoKits CCNA TFTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks

The SAP J2EE Engine Core is a core component of the SAP NetWeaver application platform. The SAP J2EE engine has security flaws that allow an attacker to compromise an enterprise computer system over the Internet. The impact of this issue is currently unknown. We will update this BID when more information emerges

Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Multiple local file inclusion vulnerabilities exist in Vtiger CRM 5.2.1 and earlier. Because the input provided to the user is not properly filtered, an attacker can exploit the vulnerability to obtain potentially sensitive information and execute any local scripts in the web server process, jeopardizing applications and computers, and possibly causing other attacks. This may allow the attacker to compromise the application and the computer; other attacks are also possible. Vtiger CRM 5.2.1 is vulnerable; prior versions may also be affected

Hitachi Command Suite is an integrated software suite for efficient management of virtualized storage and server infrastructure. Hitachi Command Suite has a cross-site scripting vulnerability. Because some unknown input lacks filtering before returning to the user, an attacker can use the vulnerability to conduct a cross-site scripting attack, construct a malicious URI, induce users to parse, obtain sensitive information, or hijack user sessions. Multiple Hitachi Command Suite Products, including Device Manager Software and Tiered Storage Manager Software, are prone to an unspecified cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm ---------------------------------------------------------------------- TITLE: Hitachi Command Suite Products Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA48084 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48084/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48084 RELEASE DATE: 2012-02-21 DISCUSS ADVISORY: http://secunia.com/advisories/48084/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48084/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48084 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi Command Suite products, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: Update to version 7.2.1-00. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS12-008 (English): http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-008/index.html HS12-008 (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-008/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Attachmate Reflection FTP Client Response Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46879 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46879/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46879 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46879/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46879/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46879 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Protek Research Lab's has discovered a vulnerability in Reflection for Secure IT, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code, but requires tricking a user into connecting to a malicious server. Other versions may also be affected. SOLUTION: Do not connect to untrusted FTP servers. PROVIDED AND/OR DISCOVERED BY: Francis Provencher, Protek Research Lab's ORIGINAL ADVISORY: http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=29&Itemid=29 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Koha is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input to the OPAC (Online Public Access Catalog) interface. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Versions prior to Koha 3.4.2 are vulnerable.

SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter. ZABBIX is a distributed network monitoring system with CS structure. Because applications fail to adequately filter user-provided data before being used in SQL queries, an attacker can exploit a vulnerability to compromise an application, access or modify data, or exploit potential vulnerabilities in the underlying database. ZABBIX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. ZABBIX versions 1.8.3 and 1.8.4 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201311-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Zabbix: Multiple vulnerabilities Date: November 25, 2013 Bugs: #312875, #394497, #428372, #452878, #486696 ID: 201311-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Zabbix, possibly leading to SQL injection attacks, Denial of Service, or information disclosure. Background ========== Zabbix is software for monitoring applications, networks, and servers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/zabbix < 2.0.9_rc1-r2 >= 2.0.9_rc1-r2 Description =========== Multiple vulnerabilities have been discovered in Zabbix. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker may be able to execute arbitrary SQL statements, cause a Denial of Service condition, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Zabbix users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-analyzer/zabbix-2.0.9_rc1-r2" References ========== [ 1 ] CVE-2010-1277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1277 [ 2 ] CVE-2011-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2904 [ 3 ] CVE-2011-3263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3263 [ 4 ] CVE-2011-4674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4674 [ 5 ] CVE-2012-3435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3435 [ 6 ] CVE-2013-1364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1364 [ 7 ] CVE-2013-5572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5572 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201311-15.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file. Safenet provides software protection and certificate management products, affected products Sentinel HASP, previously Aladdin HASP SRM is a digital certificate management program. 7T IGSS uses the SafeNet Sentinel HASP SDK for managing digital certificates. Special characters allow an attacker to build and inject HTML into a configuration file. Successful exploitation of the vulnerability allows an attacker to change the code in the configuration file. This vulnerability can be reproduced using Mozilla FIrefox 2.0, which is currently not triggered by current Mozilla Firefox, Microsoft Internet Explorer, Opera, and Google Chrome. SafeNet Sentinel HASP and 7T IGSS are prone to an HTML-injection vulnerability because they fail to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SafeNet Sentinel HASP Admin Control Center Script Insertion Weakness SECUNIA ADVISORY ID: SA47349 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47349/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47349 RELEASE DATE: 2011-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/47349/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47349/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47349 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in SafeNet Sentinel HASP Run-time Environment, which can be exploited by malicious users to conduct script insertion attacks. Successful exploitation requires a victim to view injected data using Mozilla Firefox version 2.0. The weakness is reported in version 5.95 and prior. SOLUTION: Apply patch (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Carlos Mario Penagos Hollman, Synapse-labs. ORIGINAL ADVISORY: SafeNet: http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339/ ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Movicon is the first fully XML-based Scada/HMI software developed by the famous Italian automation software provider PROGEA. There is an arbitrary code execution vulnerability in Movicon 11.2 Build 1085 and other versions of dwmapi.dll. A remote attacker can open a file on a network share containing a specially crafted dynamic link library (DLL) file by tricking legitimate users into using the affected application

vtiger CRM is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. vtiger CRM 5.2.1 is vulnerable; other versions may also be affected.

There is an unknown security hole in Hitachi JP1 / IT resource management. This vulnerability is related to verification information, and no detailed vulnerability details are currently provided. The impact of this issue is currently unknown. We will update this BID when more information emerges. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Hitachi JP1/IT Resource Management Authentication Information Vulnerability SECUNIA ADVISORY ID: SA45469 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45469/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45469 RELEASE DATE: 2011-07-29 DISCUSS ADVISORY: http://secunia.com/advisories/45469/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45469/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45469 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with an unknown impact has been reported in Hitachi JP1/IT Resource Management. No further information is currently available. The vulnerability is reported in versions 09-10 through 09-10-03 and 09-11 through 09-11-02. SOLUTION: Update to version 09-50 2011.07.29 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-016/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Sagem F@st Routers is a router product. The Sagem Fast router (3304-V1 / 3304-V2 / 3464 / 3504) has a pre-configured root password that has not changed by default ISP and creates another administrative account. Due to a problem with the algorithm, an attacker can exploit the vulnerability to obtain a user password and access the device. Multiple Sagem F@st Routers are prone to a remote authentication-bypass vulnerability. This will completely compromise an affected device. The following routers are affected: Sagem F@st 3304 Sagem F@st 3464 Sagem F@st 3504

Multiple vendor products have security bypass vulnerabilities that allow an attacker to bypass the security mechanisms built into the affected device. This may help further attacks. Multiple vendors products are prone to a security-bypass vulnerability

The D-Link DSL-2650U is a routing device. The D-Link DSL-2650U does not properly handle HTTP requests submitted by users. A remote attacker can exploit the vulnerability to perform a denial of service attack on the device. Attackers may leverage this issue to crash the Web server on the affected device, denying service to legitimate users. D-Link DSL-2650U 1.20 is affected; other versions may also be vulnerable

Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165. Cisco IOS is prone to a remote code-execution service vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges on affected devices. Successful exploits will completely compromise an affected device. This issue is tracked by Cisco Bug ID CSCto10165. Cisco's Internet Operating System (IOS) is a complex operating system optimized for Internet interconnection. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-smart-install.shtml. Note: The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html Affected Products ================= This vulnerability only affects Cisco Catalyst Switches and Cisco Integrated Services Routers with the Smart Install feature enabled. Vulnerable Products +------------------ Devices configured as a Smart Install client or director are affected by this vulnerability. To display Smart Install information, use the "show vstack config" privileged EXEC command on the Smart Install director or client. The outputs of the show commands are different when entered on the director or on the client. The following is the output of the "show vstack config" in a device configured as a Smart Install client: switch#show vstack config Role: Client Vstack Director IP address: 10.1.1.163 The following is the output of the "show vstack config" in a Cisco Catalyst Switch configured as a Smart Install director: Director# show vstack config Role: Director Vstack Director IP address: 10.1.1.163 Vstack Mode: Basic Vstack default management vlan: 1 Vstack management Vlans: none Vstack Config file: tftp://10.1.1.100/default-config.txt Vstack Image file: tftp://10.1.1.100/c3750e-universalk9-tar.122- Join Window Details: Window: Open (default) Operation Mode: auto (default) Vstack Backup Details: Mode: On (default) Repository: flash:/vstack (default) To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the "show version" command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the "show version" command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M: Router> show version Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 17:17 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in the white paper Cisco IOS and NX-OS Software Reference Guide available at http://www.cisco.com/web/about/security/intelligence/ios-ref.html. Details ======= Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches and Cisco Integrated Services Routers. This means that a customer can ship a device to a location, place it in the network and power it on with no configuration required on the device. Smart Install uses TCP port 4786 for communication. An established TCP connection with a completed TCP three-way handshake is needed to be able to trigger this vulnerability. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCto10165 ("Smart Install Crashes with certain IP Packets") CVSS Base Score - 10.0 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Additionally, the Cisco IOS Software Checker is available on the Cisco Security Intelligence Operations (SIO) portal at http://tools.cisco.com/security/center/selectIOSVersion.x. It provides several features for checking which Security Advisories affect specified versions of Cisco IOS Software. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2011 Bundled Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-----------------------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.0-Based | Release | Advisories in the September | | Releases | | 2011 Bundled Publication | |------------------------------------------------------------| | There are no affected 12.0 based releases | |------------------------------------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.1-Based | Release | Advisories in the September | | Releases | | 2011 Bundled Publication | |------------------------------------------------------------| | There are no affected 12.1 based releases | |------------------------------------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.2-Based | Release | Advisories in the September | | Releases | | 2011 Bundled Publication | |------------+----------------+------------------------------| | 12.2 | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.4 | |------------+----------------+------------------------------| | 12.2B | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.4 | |------------+----------------+------------------------------| | 12.2BC | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.4 | |------------+----------------+------------------------------| | 12.2BW | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2BX | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SB | |------------+----------------+------------------------------| | 12.2BY | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2BZ | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2CX | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.4 | |------------+----------------+------------------------------| | 12.2CY | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2CZ | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SB | |------------+----------------+------------------------------| | 12.2DA | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2DD | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2DX | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2EU | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | | | Releases up to and including | | 12.2EW | Not vulnerable | 12.2(20)EW4 are not | | | | vulnerable. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2EWA | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | 12.2EX | 12.2(55)EX3 | 12.2(55)EX3 | |------------+----------------+------------------------------| | 12.2EY | 12.2(58)EY | 12.2(58)EY | |------------+----------------+------------------------------| | | Vulnerable; | | | | migrate to any | | | | release in | | | | 15.0SE | | | 12.2EZ | | Vulnerable; migrate to any | | | Releases up to | release in 15.0SE | | | and including | | | | 12.2(53)EZ are | | | | not | | | | vulnerable. | | |------------+----------------+------------------------------| | 12.2FX | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SE | |------------+----------------+------------------------------| | 12.2FY | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2EX | |------------+----------------+------------------------------| | 12.2FZ | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SE | |------------+----------------+------------------------------| | 12.2IRA | Not vulnerable | Vulnerable; migrate to any | | | | release in 12.2IRG | |------------+----------------+------------------------------| | 12.2IRB | Not vulnerable | Vulnerable; migrate to any | | | | release in 12.2IRG | |------------+----------------+------------------------------| | 12.2IRC | Not vulnerable | Vulnerable; migrate to any | | | | release in 12.2IRG | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2IRD | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2IRE | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | 12.2IRF | Not vulnerable | Vulnerable; migrate to any | | | | release in 12.2IRG | |------------+----------------+------------------------------| | 12.2IRG | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2IXA | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2IXB | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2IXC | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2IXD | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2IXE | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2IXF | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2IXG | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2IXH | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | 12.2JA | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2JK | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2MB | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2MC | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.4 | |------------+----------------+------------------------------| | 12.2MRA | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SRD | |------------+----------------+------------------------------| | 12.2MRB | Not vulnerable | 12.2(33)MRB5 | |------------+----------------+------------------------------| | | | Releases prior to 12.2(30)S | | | | are vulnerable; Releases | | 12.2S | Not vulnerable | 12.2(30)S and later are not | | | | vulnerable. First fixed in | | | | Release 12.2SB | |------------+----------------+------------------------------| | | | 12.2(31)SB20 | | 12.2SB | Not vulnerable | | | | | 12.2(33)SB10 | |------------+----------------+------------------------------| | 12.2SBC | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SB | |------------+----------------+------------------------------| | 12.2SCA | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SCC | |------------+----------------+------------------------------| | 12.2SCB | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SCC | |------------+----------------+------------------------------| | 12.2SCC | Not vulnerable | 12.2(33)SCC7 | |------------+----------------+------------------------------| | 12.2SCD | Not vulnerable | 12.2(33)SCD6 | |------------+----------------+------------------------------| | | | 12.2(33)SCE1 | | 12.2SCE | Not vulnerable | | | | | 12.2(33)SCE2 | |------------+----------------+------------------------------| | 12.2SCF | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | | Releases up to | 12.2(55)SE3 | | 12.2SE | and including | | | | 12.2(54)SE are | 12.2(58)SE | | | not vulnerable | | |------------+----------------+------------------------------| | 12.2SEA | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SE | |------------+----------------+------------------------------| | 12.2SEB | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SE | |------------+----------------+------------------------------| | 12.2SEC | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SE | |------------+----------------+------------------------------| | 12.2SED | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SE | |------------+----------------+------------------------------| | 12.2SEE | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SE | |------------+----------------+------------------------------| | 12.2SEF | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SE | |------------+----------------+------------------------------| | | | Releases prior to 12.2(25) | | | | SEG4 are vulnerable; | | 12.2SEG | Not vulnerable | Releases 12.2(25)SEG4 and | | | | later are not vulnerable. | | | | First fixed in Release | | | | 12.2EX | |------------+----------------+------------------------------| | | | Releases prior to 12.2(53) | | 12.2SG | Not vulnerable | SG4 are vulnerable; Releases | | | | 12.2(53)SG4 and later are | | | | not vulnerable. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2SGA | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | 12.2SL | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2SM | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | 12.2SO | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2SQ | Not vulnerable | 12.2(50)SQ3 | |------------+----------------+------------------------------| | 12.2SRA | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SRD | |------------+----------------+------------------------------| | 12.2SRB | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SRD | |------------+----------------+------------------------------| | 12.2SRC | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SRD | |------------+----------------+------------------------------| | 12.2SRD | Not vulnerable | 12.2(33)SRD6 | |------------+----------------+------------------------------| | 12.2SRE | Not vulnerable | 12.2(33)SRE4 | |------------+----------------+------------------------------| | 12.2STE | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2SU | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.4 | |------------+----------------+------------------------------| | | | Releases prior to 12.2(29a) | | | | SV are vulnerable; Releases | | 12.2SV | Not vulnerable | 12.2(29a)SV and later are | | | | not vulnerable. Migrate to | | | | any release in 12.2SVD | |------------+----------------+------------------------------| | 12.2SVA | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2SVC | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2SVD | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2SVE | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2SW | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | 12.2SX | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SXF | |------------+----------------+------------------------------| | 12.2SXA | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SXF | |------------+----------------+------------------------------| | 12.2SXB | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SXF | |------------+----------------+------------------------------| | 12.2SXD | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SXF | |------------+----------------+------------------------------| | 12.2SXE | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SXF | |------------+----------------+------------------------------| | 12.2SXF | Not vulnerable | 12.2(18)SXF17b | |------------+----------------+------------------------------| | 12.2SXH | Not vulnerable | 12.2(33)SXH8a | |------------+----------------+------------------------------| | 12.2SXI | Not vulnerable | 12.2(33)SXI6 | |------------+----------------+------------------------------| | 12.2SXJ | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2SY | Not vulnerable | 12.2(50)SY | |------------+----------------+------------------------------| | 12.2SZ | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SB | |------------+----------------+------------------------------| | 12.2T | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.4 | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2TPC | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | 12.2XA | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XB | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.4 | |------------+----------------+------------------------------| | 12.2XC | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XD | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XE | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XF | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XG | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XH | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XI | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XJ | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XK | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XL | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XM | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XN | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | | Please see | | | 12.2XNA | Cisco IOS-XE | Please see Cisco IOS-XE | | | Software | Software Availability | | | Availability | | |------------+----------------+------------------------------| | | Please see | | | 12.2XNB | Cisco IOS-XE | Please see Cisco IOS-XE | | | Software | Software Availability | | | Availability | | |------------+----------------+------------------------------| | | Please see | | | 12.2XNC | Cisco IOS-XE | Please see Cisco IOS-XE | | | Software | Software Availability | | | Availability | | |------------+----------------+------------------------------| | | Please see | | | 12.2XND | Cisco IOS-XE | Please see Cisco IOS-XE | | | Software | Software Availability | | | Availability | | |------------+----------------+------------------------------| | | Please see | | | 12.2XNE | Cisco IOS-XE | Please see Cisco IOS-XE | | | Software | Software Availability | | | Availability | | |------------+----------------+------------------------------| | | Please see | | | 12.2XNF | Cisco IOS-XE | Please see Cisco IOS-XE | | | Software | Software Availability | | | Availability | | |------------+----------------+------------------------------| | | | Releases prior to 12.2(54)XO | | 12.2XO | Not vulnerable | are vulnerable; Releases | | | | 12.2(54)XO and later are not | | | | vulnerable. | |------------+----------------+------------------------------| | 12.2XQ | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XR | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XS | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XT | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XU | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XV | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2XW | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2YA | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.4 | |------------+----------------+------------------------------| | 12.2YB | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2YC | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2YD | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2YE | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YF | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YG | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YH | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YJ | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | 12.2YK | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YL | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | 12.2YM | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.4 | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YN | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | 12.2YO | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2YP | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YQ | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YR | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YS | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YT | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YU | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YV | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YW | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YX | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YY | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2YZ | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | 12.2ZA | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SXF | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2ZB | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | 12.2ZC | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2ZD | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2ZE | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.4 | |------------+----------------+------------------------------| | 12.2ZF | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.4 | |------------+----------------+------------------------------| | 12.2ZG | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2ZH | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.4 | |------------+----------------+------------------------------| | 12.2ZJ | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2ZL | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | 12.2ZP | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | 12.2ZU | Not vulnerable | Vulnerable; First fixed in | | | | Release 12.2SXH | |------------+----------------+------------------------------| | 12.2ZX | Not vulnerable | Not vulnerable | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2ZY | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 12.2ZYA | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.3-Based | Release | Advisories in the September | | Releases | | 2011 Bundled Publication | |------------------------------------------------------------| | There are no affected 12.3 based releases | |------------------------------------------------------------| | Affected | First Fixed | First Fixed Release for All | | 12.4-Based | Release | Advisories in the September | | Releases | | 2011 Bundled Publication | |------------------------------------------------------------| | There are no affected 12.4 based releases | |------------------------------------------------------------| | Affected | First Fixed | First Fixed Release for All | | 15.0-Based | Release | Advisories in the September | | Releases | | 2011 Bundled Publication | |------------------------------------------------------------| | There are no affected 15.0 based releases | |------------------------------------------------------------| | Affected | First Fixed | First Fixed Release for All | | 15.1-Based | Release | Advisories in the September | | Releases | | 2011 Bundled Publication | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 15.1EY | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | 15.1GC | Not vulnerable | Vulnerable; First fixed in | | | | Release 15.1T | |------------+----------------+------------------------------| | | 15.1(4)M2; | 15.1(4)M2; Available on | | 15.1M | Available on | 30-SEP-11 | | | 30-SEP-11 | | |------------+----------------+------------------------------| | | | Vulnerable; contact your | | | | support organization per the | | 15.1MR | Not vulnerable | instructions in the | | | | Obtaining Fixed Software | | | | section of this advisory. | |------------+----------------+------------------------------| | | | 15.1(2)S2 | | 15.1S | Not vulnerable | | | | | 15.1(3)S | |------------+----------------+------------------------------| | | | 15.1(2)T4 | | 15.1T | 15.1(3)T2 | | | | | 15.1(1)T4 on 8-Dec-2011 | |------------+----------------+------------------------------| | | Vulnerable; | | | | First fixed in | | | | Release 15.1T | | | | | Vulnerable; First fixed in | | 15.1XB | Releases up to | Release 15.1T | | | and including | | | | 15.1(1)XB are | | | | not | | | | vulnerable. | | |------------+----------------+------------------------------| | Affected | First Fixed | First Fixed Release for All | | 15.2-Based | Release | Advisories in the September | | Releases | | 2011 Bundled Publication | |------------------------------------------------------------| | There are no affected 15.2 based releases | +------------------------------------------------------------+ Cisco IOS XE Software +-------------------- Cisco IOS XE Software is not affected by the vulnerability disclosed in this advisory. Cisco IOS XR Software is not affected by the vulnerabilities disclosed in the September 28, 2011, Cisco IOS Software Security Advisory bundled publication. Workarounds =========== There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature. The Smart Install Feature is enabled by default in client switches. No configuration is needed in client switches. If Smart Install feature is not required, and the device supports the configuration command "no vstack" as introduced by Cisco Bug ID CSCtj75729, then disabling Smart Install, with the "no vstack" configuration command mitigates this vulnerability. Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20110928-smart-install.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was discovered and reported to Cisco by Greg Jones of Digital Assurance. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110928-smart-install.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-September-28 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/ products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/ go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk6Cp2kACgkQQXnnBKKRMNDdKgD+O6C0i2f0RXM757+tLSehkxsW NBAYqM590ni6eZvq7PwA/1WW59WEHU0DY2mgou/w2doZmIWczbfihzBwvIUyvHPa =mkgL -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco IOS Smart Install Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA46165 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46165/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46165 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46165/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46165/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46165 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to compromise a vulnerable device. Successful exploitation may allow execution of arbitrary code. Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-smart-install.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor