Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-200703-0528 CVE-2007-1504 Interstage Application Server cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes. The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console (may be referred to as "Servlet Service for Interstage Operation Management" in certain versions) included in the Interstage product series from Fujitsu contain a cross-site scripting vulnerability. As of March 19, 2007, Fujitsu has announced workarounds for this issue. For more information, refer to the vendor's website.An arbitrary script may be executed on the user's web browser. iNTERSTAGE Application Server Standard Edition is prone to a cross-site scripting vulnerability. SOLUTION: The vendor recommends setting error pages for both HTTP status codes 404 and 500 (see vendor advisory for details). The vendor is reportedly working on patches. PROVIDED AND/OR DISCOVERED BY: Daiki Fukumori, Secure Sky Technology. ORIGINAL ADVISORY: Fujitsu: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200701e.html http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200701.html http://software.fujitsu.com/jp/security/vulnerabilities/jvn-83832818.html OTHER REFERENCES: JVN: http://jvn.jp/jp/JVN%2383832818/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200701-0295 CVE-2007-0537 KDE kdelibs Cross-site scripting vulnerability due to title tag CVSS V2: 2.6
CVSS V3: -
Severity: LOW
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. As a result, authentication information may be leaked. Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks. All versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue. Apple Safari web browser is also vulnerable to this issue. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200703-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: KHTML: Cross-site scripting (XSS) vulnerability Date: March 10, 2007 Bugs: #165606 ID: 200703-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== The KHTML component shipped with the KDE libraries is prone to a cross-site scripting (XSS) vulnerability. Background ========== KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KHTML is the HTML interpreter used in Konqueror and other parts of KDE. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 kde-base/kdelibs < 3.5.5-r8 >= 3.5.5-r8 Description =========== The KHTML code allows for the execution of JavaScript code located inside the "Title" HTML element, a related issue to the Safari error found by Jose Avila. Impact ====== When viewing a HTML page that renders unsanitized attacker-supplied input in the page title, Konqueror and other parts of KDE will execute arbitrary JavaScript code contained in the page title, allowing for the theft of browser session data or cookies. Workaround ========== There is no known workaround at this time. Resolution ========== All KDElibs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.5-r8" References ========== [ 1 ] CVE-2007-0537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537 [ 2 ] CVE-2007-0478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0478 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-420-1 February 06, 2007 kdelibs vulnerability CVE-2007-0537 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: kdelibs4c2 4:3.4.3-0ubuntu2.2 Ubuntu 6.06 LTS: kdelibs4c2a 4:3.5.2-0ubuntu18.2 Ubuntu 6.10: kdelibs4c2a 4:3.5.5-0ubuntu3.1 After a standard system upgrade you need to restart your session to effect the necessary changes. By tricking a Konqueror user into visiting a malicious website, an attacker could bypass cross-site scripting protections. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.diff.gz Size/MD5: 330443 7bf67340aef75bbafe1bf0f517ad0677 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.dsc Size/MD5: 1523 9a013d5dc8f7953036af99dd264f9811 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz Size/MD5: 19981388 36e7a8320bd95760b41c4849da170100 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2.2_all.deb Size/MD5: 6970448 a0a541bd78cb848da8aa97ac4b29d0fe http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2.2_all.deb Size/MD5: 29298458 f04629ca27bafeaa897a86839fc6e645 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2_all.deb Size/MD5: 30714 8ec392ba5ba0f78e9b12dd9d025019d6 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_amd64.deb Size/MD5: 926668 3e7c767a9eeb80d0a85640d7dbfb53d7 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_amd64.deb Size/MD5: 1309046 e73c5de672193ac0385a28dd3accf646 http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_amd64.deb Size/MD5: 22552842 287114119aee64a256f8fce295e9d034 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_amd64.deb Size/MD5: 9109026 aa34fe2f02d9772ad8e25bb36e573505 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_i386.deb Size/MD5: 814498 1eace86f58caf3f936c77e749a45ffc6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_i386.deb Size/MD5: 1305652 0ce209d9c2c5ed846dbb1edc16fe5606 http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_i386.deb Size/MD5: 19410566 85751508b7f13b790cbda8d795930a72 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_i386.deb Size/MD5: 8072650 9caf6a826bb790e309036555f40b9b8d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_powerpc.deb Size/MD5: 909782 0a1cbec28532ca006c7ddcb6990a6e65 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_powerpc.deb Size/MD5: 1310430 f31f57e3c37f8c12e586cfa0084dc203 http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_powerpc.deb Size/MD5: 22763768 b1aba1f6b9ef2c454f2172d442302b49 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_powerpc.deb Size/MD5: 8433768 18b2c898ed6d40844c19635d8b85e8a2 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_sparc.deb Size/MD5: 831058 158b90fe780e29e6618cf4b7f9f96bc8 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_sparc.deb Size/MD5: 1307028 b1c14bf29a7622ac3844c68a652bf21c http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_sparc.deb Size/MD5: 20031538 f2778deea8ef14eb9b3e90f5ed97ab50 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_sparc.deb Size/MD5: 8241130 26c0145f1abb71b0a3ea5a89214df223 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.diff.gz Size/MD5: 477706 5d236a3b69a4bae7b81d337e58a2c3fe http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.dsc Size/MD5: 1609 0a27d1f21c1374d8abf8ea0dba0abf79 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2.orig.tar.gz Size/MD5: 18775353 00c878d449522fb8aa2769a4c5ae1fde Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.2-0ubuntu18.2_all.deb Size/MD5: 7083858 f74b97726f683b5eca3798bd8f7ae2a1 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.2-0ubuntu18.2_all.deb Size/MD5: 41496444 87e2fc31c4dd95cd7d87aeee51dec330 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2_all.deb Size/MD5: 35748 636e14773798c30ddf4c0a87b3d5cd39 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_amd64.deb Size/MD5: 925624 1ba9b88fc6456c6dac97693532412fde http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_amd64.deb Size/MD5: 26451886 2eaed22c02f68909ebe219629a774dc6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_amd64.deb Size/MD5: 1355626 1458250a60303a07ad551ce343ae23ec http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_amd64.deb Size/MD5: 9406898 7f952f591c7345216bfc0bb42277875d i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_i386.deb Size/MD5: 814970 cc6ae65176411013a8dea78a77151e25 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_i386.deb Size/MD5: 22925204 60d4c71b837e82da16d2b1ad75cbf628 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_i386.deb Size/MD5: 1352256 1ceee31122ff0fe680fbdbebbd6c8ced http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_i386.deb Size/MD5: 8334452 427cd25652287fc52ba2bdbd028c2f33 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_powerpc.deb Size/MD5: 905950 4b29acb4cc1a8fb52ff9bb7b3715b0d3 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_powerpc.deb Size/MD5: 26718664 f92f6f62ab9b9bbd0da8cb649dbeb132 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_powerpc.deb Size/MD5: 1356968 a6e62679f09dbafa54137204af905494 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_powerpc.deb Size/MD5: 8689506 0b3b6f533712eb6a8143827d2b01b015 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_sparc.deb Size/MD5: 827096 17f46503797d14c6be17c7fd890ac843 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_sparc.deb Size/MD5: 23623320 36aefb75ec36a60d3308392842556130 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_sparc.deb Size/MD5: 1353298 9627c92acea5abc671668d0b5ecfd744 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_sparc.deb Size/MD5: 8491558 dd2fe11d276e78bb16bd42bc34452c20 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.diff.gz Size/MD5: 734200 8d5db0d6c6070468a32841b75a9e0d83 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.dsc Size/MD5: 1691 7a23f4f003e66e4a4fb90f620a0de347 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5.orig.tar.gz Size/MD5: 18926397 65e455d5814142ee992097230ffe7e80 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.5-0ubuntu3.1_all.deb Size/MD5: 7210528 1e62a8249a44e98da5ba24c1eaa1d4f0 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.5-0ubuntu3.1_all.deb Size/MD5: 39981890 5469fd4b98d68f0e01ddb4bd5ba7d904 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1_all.deb Size/MD5: 37742 2b1ebdb5648cbd390ecd1fa8d6b2d7e4 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_amd64.deb Size/MD5: 27050664 b7884e4a85307416811f755e2ed967aa http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_amd64.deb Size/MD5: 1345432 c2cd5e2b9433e629ae366965b47c30c6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_amd64.deb Size/MD5: 10401586 f02e2f09dfd27d09f2a00daaaa6a7969 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_i386.deb Size/MD5: 26229446 ae021c2a0a95f237a934962a39e13821 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_i386.deb Size/MD5: 1343076 5e46eaa9d38a6876671efd18ac052ef5 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_i386.deb Size/MD5: 9555316 4573d9f461ff2a441a13ac744e8f27e5 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_powerpc.deb Size/MD5: 28018226 74bc9b1b1e11817b33e3027213462fa0 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_powerpc.deb Size/MD5: 1347170 df48d8bc10826c2805d607f4d52eb738 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_powerpc.deb Size/MD5: 9782346 4d5986ecf7ace1bd5bf275d101f98e03 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_sparc.deb Size/MD5: 25362410 e80c7336df062cac6690d745d91730fc http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_sparc.deb Size/MD5: 1343134 cc62c0d393cacc36a552c304cee9b2a1 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_sparc.deb Size/MD5: 9473018 dfff27cb2bcb323d51d4b16e11453d49 . Also affects kdelibs 3.5.6, as per KDE official advisory. Updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 290249d063eb99aa0267060e28bd3d63 2007.1/i586/kdelibs-common-3.5.6-11.1mdv2007.1.i586.rpm 0392bf166e2b95b8274f67e24066dc8a 2007.1/i586/kdelibs-devel-doc-3.5.6-11.1mdv2007.1.i586.rpm 06107eb81ff8b184812f7a8ae31b52b9 2007.1/i586/libkdecore4-3.5.6-11.1mdv2007.1.i586.rpm ffb71260989867bcec7d7fae45b86b5a 2007.1/i586/libkdecore4-devel-3.5.6-11.1mdv2007.1.i586.rpm 2f2938b43f88a2a197e6cc90b35c63b8 2007.1/SRPMS/kdelibs-3.5.6-11.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 258cf38cce814a12a44c79c283de7c3d 2007.1/x86_64/kdelibs-common-3.5.6-11.1mdv2007.1.x86_64.rpm 70b9d63ac375ba65fb6c6b526dfe80f0 2007.1/x86_64/kdelibs-devel-doc-3.5.6-11.1mdv2007.1.x86_64.rpm ee0681c70efd4cebb72a23b773d56f09 2007.1/x86_64/lib64kdecore4-3.5.6-11.1mdv2007.1.x86_64.rpm 664da181e64ab3f343b265cac6de0e87 2007.1/x86_64/lib64kdecore4-devel-3.5.6-11.1mdv2007.1.x86_64.rpm 2f2938b43f88a2a197e6cc90b35c63b8 2007.1/SRPMS/kdelibs-3.5.6-11.1mdv2007.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGvN99mqjQ0CJFipgRAkoiAJ9cYCEKSJXMFS0+C1kOsR82hamhUQCdHdlA 0d14cDmgZcJ1DxJi7dCNr3E= =ix0J -----END PGP SIGNATURE-----
VAR-200701-0407 CVE-2007-0478 Safari Used in WebCore Vulnerable to cross-site scripting attacks CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks. All versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue. Apple Safari web browser is also vulnerable to this issue. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26235 VERIFY ADVISORY: http://secunia.com/advisories/26235/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI. 2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks. 3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet. 4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet. 5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet. Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution. For more information: SA13237 7) A boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in iChat can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system. For more information: SA25800 9) An error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in mDNSResponder can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file. 11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system. For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123 12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed. 13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA25232 14) An unspecified error in Samba can be exploited to bypass file system quotas. 15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. For more information: SA16987 SA20406 SA21354 SA23195 SA25200 16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions. For more information: SA24732 SA25383 SA25721 17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences. 18) An error in WebCore can be exploited to conduct cross-site scripting attacks. For more information see vulnerability #1 in: SA23893 19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information. For more information see vulnerability #2 in: SA23893 20) An error in WebCore when handling properties of certain global objects can be exploited to conduct cross-site scripting attacks when navigating to a new URL with Safari. 21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL. This is similar to: SA14164 22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. 23) Input validation errors exists in bzgrep and zgrep. For more information: SA15047 SOLUTION: Apply Security Update 2007-007. Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172 OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/ SA15047: http://secunia.com/advisories/15047/ SA16987: http://secunia.com/advisories/16987/ SA20406: http://secunia.com/advisories/20406/ SA21354: http://secunia.com/advisories/21354/ SA22588: http://secunia.com/advisories/22588/ SA23195: http://secunia.com/advisories/23195/ SA23893: http://secunia.com/advisories/23893/ SA24814: http://secunia.com/advisories/24814/ SA24356: http://secunia.com/advisories/24356/ SA24440: http://secunia.com/advisories/24440/ SA24505: http://secunia.com/advisories/24505/ SA24542: http://secunia.com/advisories/24542/ SA24732: http://secunia.com/advisories/24732/ SA25800: http://secunia.com/advisories/25800/ SA25123: http://secunia.com/advisories/25123/ SA25200: http://secunia.com/advisories/25200/ SA25232: http://secunia.com/advisories/25232/ SA25383: http://secunia.com/advisories/25383/ SA25721: http://secunia.com/advisories/25721/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Safari HTML Parsing Weakness SECUNIA ADVISORY ID: SA23893 VERIFY ADVISORY: http://secunia.com/advisories/23893/ CRITICAL: Not critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: Safari 2.x http://secunia.com/product/5289/ DESCRIPTION: Jose Avila III has discovered a weakness in Safari, which can potentially be exploited by malicious people to conduct cross-site scripting attacks. The weakness is caused due to an error in the parsing of comments within certain tags of an HTML document. Arbitrary HTML and script code in a comment tag is executed in a user's browser session when preceded by the corresponding closing tag (e.g. the title tag). Successful exploitation is possible on web sites that allow users to insert unsanitised HTML and script code within a comment into such a tag. The weakness is confirmed in Safari 2.0.4. Other versions may also be affected. SOLUTION: Do not browse untrusted sites. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200703-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: KHTML: Cross-site scripting (XSS) vulnerability Date: March 10, 2007 Bugs: #165606 ID: 200703-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== The KHTML component shipped with the KDE libraries is prone to a cross-site scripting (XSS) vulnerability. Background ========== KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KHTML is the HTML interpreter used in Konqueror and other parts of KDE. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 kde-base/kdelibs < 3.5.5-r8 >= 3.5.5-r8 Description =========== The KHTML code allows for the execution of JavaScript code located inside the "Title" HTML element, a related issue to the Safari error found by Jose Avila. Impact ====== When viewing a HTML page that renders unsanitized attacker-supplied input in the page title, Konqueror and other parts of KDE will execute arbitrary JavaScript code contained in the page title, allowing for the theft of browser session data or cookies. Workaround ========== There is no known workaround at this time. Resolution ========== All KDElibs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.5-r8" References ========== [ 1 ] CVE-2007-0537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537 [ 2 ] CVE-2007-0478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0478 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 7882590402c82ff347205c176380153e 2007.0/i586/kdelibs-common-3.5.4-19.2mdv2007.0.i586.rpm 01c4eb64ef06a8a8759843be0c07a920 2007.0/i586/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.i586.rpm e63e9a2d3a07d3f2cfa20e495a5b1010 2007.0/i586/libkdecore4-3.5.4-19.2mdv2007.0.i586.rpm 1ad276143d78de84b08606a815eecda9 2007.0/i586/libkdecore4-devel-3.5.4-19.2mdv2007.0.i586.rpm 34ee09ad1644f5685f6ebb6e7e214939 2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 081d768881b4f012e75854738189327d 2007.0/x86_64/kdelibs-common-3.5.4-19.2mdv2007.0.x86_64.rpm 051e3625e87627e52c47590961523b51 2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.x86_64.rpm 6a2b0171144925bd21073553816f33b1 2007.0/x86_64/lib64kdecore4-3.5.4-19.2mdv2007.0.x86_64.rpm ae2202556fccf0bb820ed3e8401825ec 2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.2mdv2007.0.x86_64.rpm 34ee09ad1644f5685f6ebb6e7e214939 2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm Corporate 3.0: 6afd1be3e42d77e131e44f9ed969c80e corporate/3.0/i586/kdelibs-common-3.2-36.17.C30mdk.i586.rpm c00a10231de66159fecb2106e56ec1ca corporate/3.0/i586/libkdecore4-3.2-36.17.C30mdk.i586.rpm 733852a68f994ace4eb35017342443fb corporate/3.0/i586/libkdecore4-devel-3.2-36.17.C30mdk.i586.rpm 4d4c9fee93b93f2c76f5092ff5ef23f3 corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm Corporate 3.0/X86_64: 418170a92387d41c49f3d32c91c97c9b corporate/3.0/x86_64/kdelibs-common-3.2-36.17.C30mdk.x86_64.rpm 590e047f677eb717c40a9e2fd77590e8 corporate/3.0/x86_64/lib64kdecore4-3.2-36.17.C30mdk.x86_64.rpm ec04fe80ee4a983e1ad98f54d75681af corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.17.C30mdk.x86_64.rpm 4d4c9fee93b93f2c76f5092ff5ef23f3 corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm Corporate 4.0: 2dc94e4e225b74d3f2e283b04c836273 corporate/4.0/i586/kdelibs-arts-3.5.4-2.3.20060mlcs4.i586.rpm 826d76e2f3d50f48513ed18c4360dd67 corporate/4.0/i586/kdelibs-common-3.5.4-2.3.20060mlcs4.i586.rpm f7dad3711d9406d1123428f2c0cd9453 corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.i586.rpm 88f0164705a9d71f21c3c4edfe7822b2 corporate/4.0/i586/libkdecore4-3.5.4-2.3.20060mlcs4.i586.rpm e00f9222203a3c51a747a694e3ab32c7 corporate/4.0/i586/libkdecore4-devel-3.5.4-2.3.20060mlcs4.i586.rpm 79690e9ab56836b4adc7a4d59bb872db corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 88d9b2f945bd62aa89b5f7743320cc0a corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.3.20060mlcs4.x86_64.rpm c1e462eaeb2127939d0d3775fb7a04a4 corporate/4.0/x86_64/kdelibs-common-3.5.4-2.3.20060mlcs4.x86_64.rpm a559376fde6f8513904010fc377293e7 corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.x86_64.rpm d97e4c4dd9859b6e43f3399e3e2c5fa1 corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.3.20060mlcs4.x86_64.rpm f3e43bca041aeca542bba33a0bac1d43 corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.3.20060mlcs4.x86_64.rpm 79690e9ab56836b4adc7a4d59bb872db corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFw5r6mqjQ0CJFipgRAnJ4AJ9RqADSMDbkaQkcR9ZPi2ArjF9rtACgrhPc 7PYBsjk/ZTsogFdYFeWPWdc= =r0d9 -----END PGP SIGNATURE-----
VAR-200708-0459 CVE-2007-3747 CoreAudio To Java Vulnerability in arbitrary code execution in the interface CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26235 VERIFY ADVISORY: http://secunia.com/advisories/26235/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI. 2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks. 3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet. 4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet. 5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet. Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution. For more information: SA13237 7) A boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in iChat can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system. For more information: SA25800 9) An error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in mDNSResponder can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file. 11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system. For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123 12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed. 13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA25232 14) An unspecified error in Samba can be exploited to bypass file system quotas. 15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. For more information: SA16987 SA20406 SA21354 SA23195 SA25200 16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions. For more information: SA24732 SA25383 SA25721 17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences. 18) An error in WebCore can be exploited to conduct cross-site scripting attacks. For more information see vulnerability #1 in: SA23893 19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information. For more information see vulnerability #2 in: SA23893 20) An error in WebCore when handling properties of certain global objects can be exploited to conduct cross-site scripting attacks when navigating to a new URL with Safari. 21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL. This is similar to: SA14164 22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. 23) Input validation errors exists in bzgrep and zgrep. For more information: SA15047 SOLUTION: Apply Security Update 2007-007. Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172 OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/ SA15047: http://secunia.com/advisories/15047/ SA16987: http://secunia.com/advisories/16987/ SA20406: http://secunia.com/advisories/20406/ SA21354: http://secunia.com/advisories/21354/ SA22588: http://secunia.com/advisories/22588/ SA23195: http://secunia.com/advisories/23195/ SA23893: http://secunia.com/advisories/23893/ SA24814: http://secunia.com/advisories/24814/ SA24356: http://secunia.com/advisories/24356/ SA24440: http://secunia.com/advisories/24440/ SA24505: http://secunia.com/advisories/24505/ SA24542: http://secunia.com/advisories/24542/ SA24732: http://secunia.com/advisories/24732/ SA25800: http://secunia.com/advisories/25800/ SA25123: http://secunia.com/advisories/25123/ SA25200: http://secunia.com/advisories/25200/ SA25232: http://secunia.com/advisories/25232/ SA25383: http://secunia.com/advisories/25383/ SA25721: http://secunia.com/advisories/25721/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200708-0468 CVE-2007-2410 WebCore Vulnerable to cross-site scripting attacks CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26235 VERIFY ADVISORY: http://secunia.com/advisories/26235/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI. 2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks. 3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet. 4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet. 5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet. Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution. For more information: SA13237 7) A boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in iChat can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system. For more information: SA25800 9) An error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in mDNSResponder can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file. 11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system. For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123 12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed. 13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA25232 14) An unspecified error in Samba can be exploited to bypass file system quotas. 15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. For more information: SA16987 SA20406 SA21354 SA23195 SA25200 16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions. For more information: SA24732 SA25383 SA25721 17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences. 18) An error in WebCore can be exploited to conduct cross-site scripting attacks. For more information see vulnerability #1 in: SA23893 19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information. 21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL. This is similar to: SA14164 22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. 23) Input validation errors exists in bzgrep and zgrep. For more information: SA15047 SOLUTION: Apply Security Update 2007-007. Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172 OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/ SA15047: http://secunia.com/advisories/15047/ SA16987: http://secunia.com/advisories/16987/ SA20406: http://secunia.com/advisories/20406/ SA21354: http://secunia.com/advisories/21354/ SA22588: http://secunia.com/advisories/22588/ SA23195: http://secunia.com/advisories/23195/ SA23893: http://secunia.com/advisories/23893/ SA24814: http://secunia.com/advisories/24814/ SA24356: http://secunia.com/advisories/24356/ SA24440: http://secunia.com/advisories/24440/ SA24505: http://secunia.com/advisories/24505/ SA24542: http://secunia.com/advisories/24542/ SA24732: http://secunia.com/advisories/24732/ SA25800: http://secunia.com/advisories/25800/ SA25123: http://secunia.com/advisories/25123/ SA25200: http://secunia.com/advisories/25200/ SA25232: http://secunia.com/advisories/25232/ SA25383: http://secunia.com/advisories/25383/ SA25721: http://secunia.com/advisories/25721/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200708-0464 CVE-2007-2406 Quartz Composer Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might allow user-assisted remote attackers to execute arbitrary code via a crafted Quartz Composer file. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26235 VERIFY ADVISORY: http://secunia.com/advisories/26235/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI. 2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks. 3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet. 4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet. 5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet. Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution. For more information: SA13237 7) A boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in iChat can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system. For more information: SA25800 9) An error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in mDNSResponder can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file. 11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system. 13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA25232 14) An unspecified error in Samba can be exploited to bypass file system quotas. 15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. For more information: SA16987 SA20406 SA21354 SA23195 SA25200 16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions. For more information: SA24732 SA25383 SA25721 17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences. 18) An error in WebCore can be exploited to conduct cross-site scripting attacks. For more information see vulnerability #1 in: SA23893 19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information. For more information see vulnerability #2 in: SA23893 20) An error in WebCore when handling properties of certain global objects can be exploited to conduct cross-site scripting attacks when navigating to a new URL with Safari. 21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL. This is similar to: SA14164 22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. 23) Input validation errors exists in bzgrep and zgrep. For more information: SA15047 SOLUTION: Apply Security Update 2007-007. Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172 OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/ SA15047: http://secunia.com/advisories/15047/ SA16987: http://secunia.com/advisories/16987/ SA20406: http://secunia.com/advisories/20406/ SA21354: http://secunia.com/advisories/21354/ SA22588: http://secunia.com/advisories/22588/ SA23195: http://secunia.com/advisories/23195/ SA23893: http://secunia.com/advisories/23893/ SA24814: http://secunia.com/advisories/24814/ SA24356: http://secunia.com/advisories/24356/ SA24440: http://secunia.com/advisories/24440/ SA24505: http://secunia.com/advisories/24505/ SA24542: http://secunia.com/advisories/24542/ SA24732: http://secunia.com/advisories/24732/ SA25800: http://secunia.com/advisories/25800/ SA25123: http://secunia.com/advisories/25123/ SA25200: http://secunia.com/advisories/25200/ SA25232: http://secunia.com/advisories/25232/ SA25383: http://secunia.com/advisories/25383/ SA25721: http://secunia.com/advisories/25721/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200708-0467 CVE-2007-2409 WebCore Vulnerability in which important information is obtained CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26235 VERIFY ADVISORY: http://secunia.com/advisories/26235/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI. 2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks. 3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet. 4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet. 5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet. Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution. For more information: SA13237 7) A boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in iChat can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system. For more information: SA25800 9) An error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in mDNSResponder can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file. 11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system. For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123 12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed. 13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA25232 14) An unspecified error in Samba can be exploited to bypass file system quotas. 15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. For more information: SA16987 SA20406 SA21354 SA23195 SA25200 16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions. For more information: SA24732 SA25383 SA25721 17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences. 18) An error in WebCore can be exploited to conduct cross-site scripting attacks. For more information see vulnerability #1 in: SA23893 19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information. For more information see vulnerability #2 in: SA23893 20) An error in WebCore when handling properties of certain global objects can be exploited to conduct cross-site scripting attacks when navigating to a new URL with Safari. 21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL. This is similar to: SA14164 22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. 23) Input validation errors exists in bzgrep and zgrep. For more information: SA15047 SOLUTION: Apply Security Update 2007-007. Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172 OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/ SA15047: http://secunia.com/advisories/15047/ SA16987: http://secunia.com/advisories/16987/ SA20406: http://secunia.com/advisories/20406/ SA21354: http://secunia.com/advisories/21354/ SA22588: http://secunia.com/advisories/22588/ SA23195: http://secunia.com/advisories/23195/ SA23893: http://secunia.com/advisories/23893/ SA24814: http://secunia.com/advisories/24814/ SA24356: http://secunia.com/advisories/24356/ SA24440: http://secunia.com/advisories/24440/ SA24505: http://secunia.com/advisories/24505/ SA24542: http://secunia.com/advisories/24542/ SA24732: http://secunia.com/advisories/24732/ SA25800: http://secunia.com/advisories/25800/ SA25123: http://secunia.com/advisories/25123/ SA25200: http://secunia.com/advisories/25200/ SA25232: http://secunia.com/advisories/25232/ SA25383: http://secunia.com/advisories/25383/ SA25721: http://secunia.com/advisories/25721/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200708-0465 CVE-2007-2407 Apple Mac OS X Running on Samba Server vulnerabilities that use more disk space than allocated CVSS V2: 4.0
CVSS V3: -
Severity: MEDIUM
The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26235 VERIFY ADVISORY: http://secunia.com/advisories/26235/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI. 2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks. 3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet. 4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet. 5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet. Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution. For more information: SA13237 7) A boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in iChat can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system. For more information: SA25800 9) An error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in mDNSResponder can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file. 11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system. For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123 12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed. 13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA25232 14) An unspecified error in Samba can be exploited to bypass file system quotas. 15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. For more information: SA16987 SA20406 SA21354 SA23195 SA25200 16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions. For more information: SA24732 SA25383 SA25721 17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences. 18) An error in WebCore can be exploited to conduct cross-site scripting attacks. For more information see vulnerability #1 in: SA23893 19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information. For more information see vulnerability #2 in: SA23893 20) An error in WebCore when handling properties of certain global objects can be exploited to conduct cross-site scripting attacks when navigating to a new URL with Safari. 21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL. This is similar to: SA14164 22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. 23) Input validation errors exists in bzgrep and zgrep. For more information: SA15047 SOLUTION: Apply Security Update 2007-007. Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172 OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/ SA15047: http://secunia.com/advisories/15047/ SA16987: http://secunia.com/advisories/16987/ SA20406: http://secunia.com/advisories/20406/ SA21354: http://secunia.com/advisories/21354/ SA22588: http://secunia.com/advisories/22588/ SA23195: http://secunia.com/advisories/23195/ SA23893: http://secunia.com/advisories/23893/ SA24814: http://secunia.com/advisories/24814/ SA24356: http://secunia.com/advisories/24356/ SA24440: http://secunia.com/advisories/24440/ SA24505: http://secunia.com/advisories/24505/ SA24542: http://secunia.com/advisories/24542/ SA24732: http://secunia.com/advisories/24732/ SA25800: http://secunia.com/advisories/25800/ SA25123: http://secunia.com/advisories/25123/ SA25200: http://secunia.com/advisories/25200/ SA25232: http://secunia.com/advisories/25232/ SA25383: http://secunia.com/advisories/25383/ SA25721: http://secunia.com/advisories/25721/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200708-0463 CVE-2007-2405 PDFKit of Preview Integer underflow vulnerability CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allows remote attackers to execute arbitrary code via a crafted PDF file. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26235 VERIFY ADVISORY: http://secunia.com/advisories/26235/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI. 2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks. 3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet. 4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet. 5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet. Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution. For more information: SA13237 7) A boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in iChat can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system. For more information: SA25800 9) An error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in mDNSResponder can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system. For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123 12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed. 13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA25232 14) An unspecified error in Samba can be exploited to bypass file system quotas. 15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. For more information: SA16987 SA20406 SA21354 SA23195 SA25200 16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions. For more information: SA24732 SA25383 SA25721 17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences. 18) An error in WebCore can be exploited to conduct cross-site scripting attacks. For more information see vulnerability #1 in: SA23893 19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information. For more information see vulnerability #2 in: SA23893 20) An error in WebCore when handling properties of certain global objects can be exploited to conduct cross-site scripting attacks when navigating to a new URL with Safari. 21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL. This is similar to: SA14164 22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. 23) Input validation errors exists in bzgrep and zgrep. For more information: SA15047 SOLUTION: Apply Security Update 2007-007. Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172 OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/ SA15047: http://secunia.com/advisories/15047/ SA16987: http://secunia.com/advisories/16987/ SA20406: http://secunia.com/advisories/20406/ SA21354: http://secunia.com/advisories/21354/ SA22588: http://secunia.com/advisories/22588/ SA23195: http://secunia.com/advisories/23195/ SA23893: http://secunia.com/advisories/23893/ SA24814: http://secunia.com/advisories/24814/ SA24356: http://secunia.com/advisories/24356/ SA24440: http://secunia.com/advisories/24440/ SA24505: http://secunia.com/advisories/24505/ SA24542: http://secunia.com/advisories/24542/ SA24732: http://secunia.com/advisories/24732/ SA25800: http://secunia.com/advisories/25800/ SA25123: http://secunia.com/advisories/25123/ SA25200: http://secunia.com/advisories/25200/ SA25232: http://secunia.com/advisories/25232/ SA25383: http://secunia.com/advisories/25383/ SA25721: http://secunia.com/advisories/25721/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200708-0461 CVE-2007-2403 CFNetwork Any in FTP To server FTP Vulnerabilities triggered by sending commands CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26235 VERIFY ADVISORY: http://secunia.com/advisories/26235/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks. 3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet. 4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet. 5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet. Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution. For more information: SA13237 7) A boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in iChat can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system. For more information: SA25800 9) An error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in mDNSResponder can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file. 11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system. For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123 12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed. 13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA25232 14) An unspecified error in Samba can be exploited to bypass file system quotas. 15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. For more information: SA16987 SA20406 SA21354 SA23195 SA25200 16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions. For more information: SA24732 SA25383 SA25721 17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences. 18) An error in WebCore can be exploited to conduct cross-site scripting attacks. For more information see vulnerability #1 in: SA23893 19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information. For more information see vulnerability #2 in: SA23893 20) An error in WebCore when handling properties of certain global objects can be exploited to conduct cross-site scripting attacks when navigating to a new URL with Safari. 21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL. This is similar to: SA14164 22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. 23) Input validation errors exists in bzgrep and zgrep. For more information: SA15047 SOLUTION: Apply Security Update 2007-007. Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172 OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/ SA15047: http://secunia.com/advisories/15047/ SA16987: http://secunia.com/advisories/16987/ SA20406: http://secunia.com/advisories/20406/ SA21354: http://secunia.com/advisories/21354/ SA22588: http://secunia.com/advisories/22588/ SA23195: http://secunia.com/advisories/23195/ SA23893: http://secunia.com/advisories/23893/ SA24814: http://secunia.com/advisories/24814/ SA24356: http://secunia.com/advisories/24356/ SA24440: http://secunia.com/advisories/24440/ SA24505: http://secunia.com/advisories/24505/ SA24542: http://secunia.com/advisories/24542/ SA24732: http://secunia.com/advisories/24732/ SA25800: http://secunia.com/advisories/25800/ SA25123: http://secunia.com/advisories/25123/ SA25200: http://secunia.com/advisories/25200/ SA25232: http://secunia.com/advisories/25232/ SA25383: http://secunia.com/advisories/25383/ SA25721: http://secunia.com/advisories/25721/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200708-0462 CVE-2007-2404 CFNetwork In CRLF Injection vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26235 VERIFY ADVISORY: http://secunia.com/advisories/26235/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI. 2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks. 3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet. 4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet. 5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet. Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution. For more information: SA13237 7) A boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in iChat can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system. For more information: SA25800 9) An error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in mDNSResponder can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file. 11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system. For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123 12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed. 13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA25232 14) An unspecified error in Samba can be exploited to bypass file system quotas. 15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. For more information: SA16987 SA20406 SA21354 SA23195 SA25200 16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions. For more information: SA24732 SA25383 SA25721 17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences. For more information see vulnerability #1 in: SA23893 19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information. For more information see vulnerability #2 in: SA23893 20) An error in WebCore when handling properties of certain global objects can be exploited to conduct cross-site scripting attacks when navigating to a new URL with Safari. 21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL. This is similar to: SA14164 22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. 23) Input validation errors exists in bzgrep and zgrep. For more information: SA15047 SOLUTION: Apply Security Update 2007-007. Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172 OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/ SA15047: http://secunia.com/advisories/15047/ SA16987: http://secunia.com/advisories/16987/ SA20406: http://secunia.com/advisories/20406/ SA21354: http://secunia.com/advisories/21354/ SA22588: http://secunia.com/advisories/22588/ SA23195: http://secunia.com/advisories/23195/ SA23893: http://secunia.com/advisories/23893/ SA24814: http://secunia.com/advisories/24814/ SA24356: http://secunia.com/advisories/24356/ SA24440: http://secunia.com/advisories/24440/ SA24505: http://secunia.com/advisories/24505/ SA24542: http://secunia.com/advisories/24542/ SA24732: http://secunia.com/advisories/24732/ SA25800: http://secunia.com/advisories/25800/ SA25123: http://secunia.com/advisories/25123/ SA25200: http://secunia.com/advisories/25200/ SA25232: http://secunia.com/advisories/25232/ SA25383: http://secunia.com/advisories/25383/ SA25721: http://secunia.com/advisories/25721/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200708-0460 CVE-2007-3748 iChat of UPnP IGD Implementation buffer overflow vulnerability CVSS V2: 5.4
CVSS V3: -
Severity: MEDIUM
Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26235 VERIFY ADVISORY: http://secunia.com/advisories/26235/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI. 2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks. 3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet. 4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet. 5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet. Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution. 8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system. 10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file. 11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system. For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123 12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed. 13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA25232 14) An unspecified error in Samba can be exploited to bypass file system quotas. 15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. For more information: SA16987 SA20406 SA21354 SA23195 SA25200 16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions. For more information: SA24732 SA25383 SA25721 17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences. 18) An error in WebCore can be exploited to conduct cross-site scripting attacks. For more information see vulnerability #1 in: SA23893 19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information. For more information see vulnerability #2 in: SA23893 20) An error in WebCore when handling properties of certain global objects can be exploited to conduct cross-site scripting attacks when navigating to a new URL with Safari. 21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL. This is similar to: SA14164 22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. 23) Input validation errors exists in bzgrep and zgrep. For more information: SA15047 SOLUTION: Apply Security Update 2007-007. Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172 OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/ SA15047: http://secunia.com/advisories/15047/ SA16987: http://secunia.com/advisories/16987/ SA20406: http://secunia.com/advisories/20406/ SA21354: http://secunia.com/advisories/21354/ SA22588: http://secunia.com/advisories/22588/ SA23195: http://secunia.com/advisories/23195/ SA23893: http://secunia.com/advisories/23893/ SA24814: http://secunia.com/advisories/24814/ SA24356: http://secunia.com/advisories/24356/ SA24440: http://secunia.com/advisories/24440/ SA24505: http://secunia.com/advisories/24505/ SA24542: http://secunia.com/advisories/24542/ SA24732: http://secunia.com/advisories/24732/ SA25800: http://secunia.com/advisories/25800/ SA25123: http://secunia.com/advisories/25123/ SA25200: http://secunia.com/advisories/25200/ SA25232: http://secunia.com/advisories/25232/ SA25383: http://secunia.com/advisories/25383/ SA25721: http://secunia.com/advisories/25721/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200708-0458 CVE-2007-3746 CoreAudio To Java Vulnerability in arbitrary code execution in the interface CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26235 VERIFY ADVISORY: http://secunia.com/advisories/26235/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI. 2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks. 3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet. 5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet. Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution. For more information: SA13237 7) A boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in iChat can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system. For more information: SA25800 9) An error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in mDNSResponder can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file. 11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system. For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123 12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed. 13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA25232 14) An unspecified error in Samba can be exploited to bypass file system quotas. 15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. For more information: SA16987 SA20406 SA21354 SA23195 SA25200 16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions. For more information: SA24732 SA25383 SA25721 17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences. 18) An error in WebCore can be exploited to conduct cross-site scripting attacks. For more information see vulnerability #1 in: SA23893 19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information. For more information see vulnerability #2 in: SA23893 20) An error in WebCore when handling properties of certain global objects can be exploited to conduct cross-site scripting attacks when navigating to a new URL with Safari. 21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL. This is similar to: SA14164 22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. 23) Input validation errors exists in bzgrep and zgrep. For more information: SA15047 SOLUTION: Apply Security Update 2007-007. Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172 OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/ SA15047: http://secunia.com/advisories/15047/ SA16987: http://secunia.com/advisories/16987/ SA20406: http://secunia.com/advisories/20406/ SA21354: http://secunia.com/advisories/21354/ SA22588: http://secunia.com/advisories/22588/ SA23195: http://secunia.com/advisories/23195/ SA23893: http://secunia.com/advisories/23893/ SA24814: http://secunia.com/advisories/24814/ SA24356: http://secunia.com/advisories/24356/ SA24440: http://secunia.com/advisories/24440/ SA24505: http://secunia.com/advisories/24505/ SA24542: http://secunia.com/advisories/24542/ SA24732: http://secunia.com/advisories/24732/ SA25800: http://secunia.com/advisories/25800/ SA25123: http://secunia.com/advisories/25123/ SA25200: http://secunia.com/advisories/25200/ SA25232: http://secunia.com/advisories/25232/ SA25383: http://secunia.com/advisories/25383/ SA25721: http://secunia.com/advisories/25721/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200708-0457 CVE-2007-3745 CoreAudio To Java An arbitrary memory release vulnerability in the interface CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. A remote attacker could exploit this vulnerability to take control of a user's system by enticing the user to visit a malicious web page. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26235 VERIFY ADVISORY: http://secunia.com/advisories/26235/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI. 2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks. 3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet. 4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet. 5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet. Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution. For more information: SA13237 7) A boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in iChat can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system. For more information: SA25800 9) An error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in mDNSResponder can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet. 10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file. 11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system. For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123 12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed. 13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA25232 14) An unspecified error in Samba can be exploited to bypass file system quotas. 15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. For more information: SA16987 SA20406 SA21354 SA23195 SA25200 16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions. For more information: SA24732 SA25383 SA25721 17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences. 18) An error in WebCore can be exploited to conduct cross-site scripting attacks. For more information see vulnerability #1 in: SA23893 19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information. For more information see vulnerability #2 in: SA23893 20) An error in WebCore when handling properties of certain global objects can be exploited to conduct cross-site scripting attacks when navigating to a new URL with Safari. 21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL. This is similar to: SA14164 22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. 23) Input validation errors exists in bzgrep and zgrep. For more information: SA15047 SOLUTION: Apply Security Update 2007-007. Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172 OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/ SA15047: http://secunia.com/advisories/15047/ SA16987: http://secunia.com/advisories/16987/ SA20406: http://secunia.com/advisories/20406/ SA21354: http://secunia.com/advisories/21354/ SA22588: http://secunia.com/advisories/22588/ SA23195: http://secunia.com/advisories/23195/ SA23893: http://secunia.com/advisories/23893/ SA24814: http://secunia.com/advisories/24814/ SA24356: http://secunia.com/advisories/24356/ SA24440: http://secunia.com/advisories/24440/ SA24505: http://secunia.com/advisories/24505/ SA24542: http://secunia.com/advisories/24542/ SA24732: http://secunia.com/advisories/24732/ SA25800: http://secunia.com/advisories/25800/ SA25123: http://secunia.com/advisories/25123/ SA25200: http://secunia.com/advisories/25200/ SA25232: http://secunia.com/advisories/25232/ SA25383: http://secunia.com/advisories/25383/ SA25721: http://secunia.com/advisories/25721/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200708-0456 CVE-2007-3744 mDNSResponder of UPnP IGD Implementation heap-based buffer overflow vulnerability CVSS V2: 5.8
CVSS V3: -
Severity: MEDIUM
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. BACKGROUND mDNSResponder is part of the Bonjour suite of applications. Bonjour is used to provide automatic and transparent configuration of network devices. It is similar to UPnP, in that the goal of both is to allow users to simply plug devices into a network without worrying about configuration details. mDNSResponder runs by default on both Server and Workstation. More information can be found on the vendor's website. http://developer.apple.com/opensource/internet/bonjour.html II. The vulnerability exists within the Legacy NAT Traversal code. Unlike the core of the mDNSResponder service, this area of code does not rely on Multicast UDP. It listens on a dynamically allocated Unicast UDP port. The vulnerability occurs when parsing a malformed HTTP request. This results in an exploitable heap overflow. III. No authentication is needed to exploit this vulnerability. Failed attempts will result in the service crashing. Shortly after crashing, it will be restarted. IV. Previous versions may also be affected. V. WORKAROUND iDefense is currently unaware of any workarounds for this issue. VI. More information is available at the following URL. http://docs.info.apple.com/article.html?artnum=306172 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-3744 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 07/26/2007 Initial vendor notification 07/26/2007 Initial vendor response 08/07/2007 Coordinated public disclosure IX. CREDIT This vulnerability was reported to iDefense by Neil Kettle (mu-b) of www.digit-labs.org. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201201-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: mDNSResponder: Multiple vulnerabilities Date: January 20, 2012 Bugs: #290822 ID: 201201-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in mDNSResponder, which could lead to execution of arbitrary code with root privileges. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/mDNSResponder < 212.1 >= 212.1 Description =========== Multiple vulnerabilities have been discovered in mDNSResponder. Please review the CVE identifiers referenced below for details. Resolution ========== All mDNSResponder users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mDNSResponder-212.1" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 21, 2009. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2007-2386 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2386 [ 2 ] CVE-2007-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3744 [ 3 ] CVE-2007-3828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3828 [ 4 ] CVE-2008-0989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0989 [ 5 ] CVE-2008-2326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2326 [ 6 ] CVE-2008-3630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3630 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26235 VERIFY ADVISORY: http://secunia.com/advisories/26235/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI. 2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks. 3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet. 4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet. 5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet. 8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system. 10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file. 11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system. For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123 12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed. 13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA25232 14) An unspecified error in Samba can be exploited to bypass file system quotas. 15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. For more information: SA16987 SA20406 SA21354 SA23195 SA25200 16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions. For more information: SA24732 SA25383 SA25721 17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences. 18) An error in WebCore can be exploited to conduct cross-site scripting attacks. For more information see vulnerability #1 in: SA23893 19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information. For more information see vulnerability #2 in: SA23893 20) An error in WebCore when handling properties of certain global objects can be exploited to conduct cross-site scripting attacks when navigating to a new URL with Safari. 21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL. This is similar to: SA14164 22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. 23) Input validation errors exists in bzgrep and zgrep. For more information: SA15047 SOLUTION: Apply Security Update 2007-007. Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172 OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/ SA15047: http://secunia.com/advisories/15047/ SA16987: http://secunia.com/advisories/16987/ SA20406: http://secunia.com/advisories/20406/ SA21354: http://secunia.com/advisories/21354/ SA22588: http://secunia.com/advisories/22588/ SA23195: http://secunia.com/advisories/23195/ SA23893: http://secunia.com/advisories/23893/ SA24814: http://secunia.com/advisories/24814/ SA24356: http://secunia.com/advisories/24356/ SA24440: http://secunia.com/advisories/24440/ SA24505: http://secunia.com/advisories/24505/ SA24542: http://secunia.com/advisories/24542/ SA24732: http://secunia.com/advisories/24732/ SA25800: http://secunia.com/advisories/25800/ SA25123: http://secunia.com/advisories/25123/ SA25200: http://secunia.com/advisories/25200/ SA25232: http://secunia.com/advisories/25232/ SA25383: http://secunia.com/advisories/25383/ SA25721: http://secunia.com/advisories/25721/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200606-0487 CVE-2006-2761 Hitachi Hitsenser3 Unknown SQL Injection Vulnerability CVSS V2: 6.4
CVSS V3: -
Severity: MEDIUM
SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. Hitachi HITSENSER3 HITSENSER3 / PRP, HITSENSER3 / PUP, HITSENSER3 / STP, and HITSENSER3 / EUP have SQL injection vulnerabilities. HITSENSER3 is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Versions 01-02 through 01-08 are vulnerable to this issue. ---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows bypassing of user authentication. The vulnerability has been reported in versions 01-02 through 01-08 of the following products: * HITSENSER3/PRP Model C-A7120-072 * HITSENSER3/PUP Model C-A7120-082 * HITSENSER3/STP Model C-A7120-092 * HITSENSER3/EUP Model C-A7120-102 SOLUTION: Update to version 01-08-/A. Users can contact Hitachi support service for the update. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS06-011_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200605-0602 No CVE CNVD-2006-3621 CVSS V2: -
CVSS V3: -
Severity: -
D-Link Airspot DSA-3100 Gateway is a gateway device developed by DLINK. The D-Link Airspot DSA-3100 Gateway contains a web interface that does not adequately filter the URI data submitted by the user. Remote attackers can use the vulnerability to conduct cross-site scripting attacks and obtain sensitive information. The problem is that the 'login_error.shtml' script lacks filtering of the web parameters submitted by the user, submits malicious script code as parameter data, and induces the user to access, and can obtain sensitive information
VAR-200606-0421 CVE-2006-2806 Apache James SMTP Remotely Extra long data Denial of service vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. Apache James is prone to a remote denial-of-service vulnerability. This issue is due to the application's failure to efficiently handle malformed SMTP commands. This issue allows remote attackers to consume excessive CPU resources of affected computers, potentially denying service to legitimate users. Apache James version 2.2.0 is vulnerable to this issue; other versions may also be affected
VAR-200605-0422 CVE-2006-2653 D-Link Airspot DSA-3100 Gateway Login_error.SHTML Cross-Site Scripting Vulnerability CVSS V2: 2.6
CVSS V3: -
Severity: LOW
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. D-Link DSA-3100 has a cross-site scripting vulnerability in login_error.shtml. This issue is due to a failure to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. TITLE: Elite-Board "search" Parameter Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA20289 VERIFY ADVISORY: http://secunia.com/advisories/20289/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: Elite-Board 1.x http://secunia.com/product/10164/ DESCRIPTION: luny has reported a vulnerability in Elite-Board, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "search" parameter in search.html during searches is not properly sanitised before being returned to users. The vulnerability has been reported in version 1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: luny ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . SOLUTION: Do not visit other web sites while accessing the gateway
VAR-200605-0454 CVE-2006-2679 Cisco VPN Client Local Privilege Escalation Vulnerability CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. Cisco VPN Client is susceptible to a local privilege-escalation vulnerability. This issue is due to an unspecified flaw in the VPN client GUI application. This issue allows local attackers to gain Local System privileges on affected computers. This facilitates the complete compromise of affected computers. This vulnerability affects Cisco VPN Clients on Microsoft Windows. Versions prior to 4.8.01.x, with the exception of version 4.7.00.0533, are affected. There is a loophole in the implementation of the Cisco VPN client, and local attackers may use this loophole to elevate their own access rights. A user must be able to authenticate and start an interactive Windows session to exploit this vulnerability. Successful exploitation of this vulnerability could allow a normal user or an attacker to take complete control of the system, circumventing any controls placed by the Windows system administrator. The vulnerability has been reported in versions 2.x, 3.x, 4.0.x, 4.6.x, 4.7.x (except version 4.7.00.0533), and 4.8.00.x for Windows. SOLUTION: Update to version 4.8.01.0300. http://www.cisco.com/pcgi-bin/tablebuild.pl/windows PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Andrew Christensen, FortConsult. * Johan Ronkainen ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060524-vpnclient.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------