VARIoT IoT vulnerabilities database

Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Java 1.4 is prone to a denial-of-service vulnerability

Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file. These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. There is a buffer overflow vulnerability in QuickTime versions before 7.6.4 when processing MPEG-4 video files

The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. Apple iPhone is prone to a NULL-pointer dereference vulnerability. Successful exploits may allow attackers to cause the affected service to become unresponsive. This issue affects iPhone OS 1.0 through 3.0.1. This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 1) An error in CoreAudio when processing sample size table entries of AAC and MP3 files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 2) An error in Exchange Support exists due to the "Require Passcode" setting not being affected by the "Maximum inactivity time lock" setting. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. This can be exploited by malicious people with physical access to the device to disclose potentially sensitive information. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 6) An error in the handling of passwords in UIKit can be exploited by a person with physical access to a device to disclose a password. 7) Safari includes the user name and password in the "Referer" header, which can lead to the exposure of sensitive information. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file. These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. QuickTime versions before 7.6.4 have a memory corruption vulnerability when processing H.264 movie files

The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages. Apple iPhone and iPod touch are prone to an access-validation vulnerability. An attacker can exploit this issue to bypass certain security restrictions to obtain sensitive information that may lead to further attacks. This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. iPhone OS 1.0 through 3.0.1 iPhone OS for iPod touch 1.1 through 3.0. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 1) An error in CoreAudio when processing sample size table entries of AAC and MP3 files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 2) An error in Exchange Support exists due to the "Require Passcode" setting not being affected by the "Maximum inactivity time lock" setting. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. This can be exploited by malicious people with physical access to the device to disclose potentially sensitive information. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 5) A NULL pointer dereference error within the handling of SMS arrival notifications can be exploited to cause a service interruption. 6) An error in the handling of passwords in UIKit can be exploited by a person with physical access to a device to disclose a password. 7) Safari includes the user name and password in the "Referer" header, which can lead to the exposure of sensitive information. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. Apple iPhone and iPod touch are prone to an information-disclosure vulnerability in the Safari browser. Successful exploits may allow attackers to obtain username and password data from URI referer headers on linked sites. Information harvested may aid in launching further attacks. This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. This issue affects the following: iPhone OS 1.0 through 3.0.1 iPhone OS for iPod touch 1.1 through 3.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for webkit SECUNIA ADVISORY ID: SA41856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for webkit. For more information: SA36677 SA37346 SA37769 SA37931 SA38545 SA38932 SA39091 SA39651 SA40105 SA40196 SA40479 SA40664 SA41014 SA41085 SA41242 SA41328 SOLUTION: Apply updated packages. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 1) An error in CoreAudio when processing sample size table entries of AAC and MP3 files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 2) An error in Exchange Support exists due to the "Require Passcode" setting not being affected by the "Maximum inactivity time lock" setting. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. This can be exploited by malicious people with physical access to the device to disclose potentially sensitive information. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 5) A NULL pointer dereference error within the handling of SMS arrival notifications can be exploited to cause a service interruption. 6) An error in the handling of passwords in UIKit can be exploited by a person with physical access to a device to disclose a password. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)

Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table. Apple iPhone and iPod touch are prone to a heap-based buffer-overflow vulnerability. Successful exploits may allow an attacker to execute arbitrary code on a vulnerable device. Failed attacks will cause denial-of-service conditions. This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. This issue affects the following: iPhone OS 1.0 through 3.0.1 iPhone OS for iPod touch 1.1 through 3.0. Apple iPhone is a smart phone of Apple (Apple). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Apple iPhone OS AudioCodecs Heap Buffer Overflow Advisory ID: TKADV2009-007 Revision: 1.0 Release Date: 2009/09/09 Last Modified: 2009/09/09 Date Reported: 2009/04/05 Author: Tobias Klein (tk at trapkit.de) Affected Software: iPhone OS 1.0 through 3.0.1 iPhone OS for iPod touch 1.1 through 3.0 Remotely Exploitable: Yes Locally Exploitable: No Vendor URL: http://www.apple.com/ Vendor Status: Vendor has released an updated version CVE-ID: CVE-2009-2206 Patch development time: 158 days ====================== Vulnerability Details: ====================== The iPhone OS AudioCodecs library contains a heap buffer overflow vulnerability while parsing maliciously crafted AAC or MP3 files. One attack vector are iPhone ringtones with malformed sample size table entries. It was successfully tested that iTunes uploads such malformed ringtones to the phone. ================== Technical Details: ================== Vulnerable library: /System/Library/Frameworks/AudioToolbox.framework/AudioCodecs Vulnerable function: ACTransformerCodec::AppendInputData() Disassembly of the vulnerable function: [..] __text:3314443C LDR R3, [R5,#0xA8] __text:33144440 LDR R2, [R5,#0xA4] __text:33144444 ADD R3, R3, #1 __text:33144448 ADD R2, fp, R2 __text:3314444C STR R3, [R5,#0xA8] __text:33144450 MOV R3, #0 __text:33144454 STMIA IP, {R2,R3} [1] __text:33144458 MOV R3, #0 __text:3314445C STR R3, [IP,#8] [2] __text:33144460 LDR R3, [SP,#0x4C+sample_size] [3] __text:33144464 STR R3, [IP,#0xC] [4] __text:33144468 ADD IP, IP, #0x10 [5] [..] [1] The values of R2 and R3 are stored into the heap buffer pointed to by IP (R12). R2 contains user controlled data. [2] The value of R3 gets copied into the heap buffer. [3] R3 is filled with user controlled data from the audio file. [4] The user controlled data of R3 gets copied into the heap buffer. [5] The index into the heap buffer (pointed to by IP) gets incremented. This code snippet gets executed in a loop. As there is no bounds checking of the heap buffer pointed to by IP (R12) it is possible to cause an out of bounds write (heap buffer overflow). ==================== Disclosure Timeline: ==================== 2009/04/05 - Apple Product Security Team notified 2009/04/05 - Received an automated response message 2009/04/07 - Reply from Apple 2009/06/05 - Status update request sent to Apple 2009/06/05 - Apple confirms the vulnerability 2009/08/17 - Status update by Apple 2009/09/05 - Status update by Apple 2009/09/09 - New iPhone OS released by Apple 2009/09/09 - Release date of this security advisory ======== Credits: ======== Vulnerability found and advisory written by Tobias Klein. =========== References: =========== [REF1] http://support.apple.com/kb/HT3860 [REF2] http://www.trapkit.de/advisories/TKADV2009-007.txt ======== Changes: ======== Revision 0.1 - Initial draft release to the vendor Revision 1.0 - Public release =========== Disclaimer: =========== The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. ================== PGP Signature Key: ================== http://www.trapkit.de/advisories/tk-advisories-signature-key.asc Copyright 2009 Tobias Klein. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Charset: utf-8 wj8DBQFKqB4rkXxgcAIbhEERAik4AKD5gWG/GvB9bLQojJpaLhTVlfpj4gCfSJ9i nVSlzUd5NozllFGeI5rCboc= =B2cm -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 2) An error in Exchange Support exists due to the "Require Passcode" setting not being affected by the "Maximum inactivity time lock" setting. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. This can be exploited by malicious people with physical access to the device to disclose potentially sensitive information. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 5) A NULL pointer dereference error within the handling of SMS arrival notifications can be exploited to cause a service interruption. 6) An error in the handling of passwords in UIKit can be exploited by a person with physical access to a device to disclose a password. 7) Safari includes the user name and password in the "Referer" header, which can lead to the exposure of sensitive information. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Novell eDirectory is a cross-platform directory server. If a remote attacker submits a specially crafted HTTP request containing a large number of Unicode strings to the port 8028 of the eDirectory server (the default port of the Dhost Http Server), it will exhaust 100% of the CPU resources. Novell eDirectory is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to consume an excessive amount of resources, denying service to legitimate users. Novell eDirectory 8.8 SP5 is vulnerable; other versions may also be affected

Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes

Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response. Ipswitch WS_FTP Professional client is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition. WS_FTP Professional 12 is vulnerable; other versions may also be affected. Ipswitch WS_FTP is a widely used FTP server program that can be used under Microsoft NT/2000/XP operating system

Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. This vulnerability CVE-2007-3872 Is a different vulnerability.A third party may be affected unspecified. HP OpenView is prone to a remote security vulnerability. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: HP Operations Manager Unspecified Vulnerability SECUNIA ADVISORY ID: SA36541 VERIFY ADVISORY: http://secunia.com/advisories/36541/ DESCRIPTION: A vulnerability has been reported in HP Operations, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error and may allow execution of arbitrary code. No more information is currently available. The vulnerability is reported in version 8.1. Other versions may also be affected. SOLUTION: Due to the very limited available information, it is not possible to suggest an effective workaround. PROVIDED AND/OR DISCOVERED BY: Reportedly a module for VulnDisco Pack. ORIGINAL ADVISORY: http://intevydis.com/vd-list.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Crystal Reports Server 2008 is prone to a remote security vulnerability. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Crystal Reports Server Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA36583 VERIFY ADVISORY: http://secunia.com/advisories/36583/ DESCRIPTION: Some vulnerabilities have been reported in Crystal Reports Server, which can be exploited to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) An unspecified error can be exploited to cause a service to enter an infinite loop. The vulnerabilities are reported in version 2008. Other versions may also be affected. SOLUTION: Due to the very limited available information, it is not possible to suggest an effective workaround. PROVIDED AND/OR DISCOVERED BY: Reportedly modules for VulnDisco Pack. ORIGINAL ADVISORY: http://intevydis.com/vd-list.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Crystal Reports Server Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA36583 VERIFY ADVISORY: http://secunia.com/advisories/36583/ DESCRIPTION: Some vulnerabilities have been reported in Crystal Reports Server, which can be exploited to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) An unspecified error can be exploited to cause a service to enter an infinite loop. 3) An unspecified error can be exploited to cause a heap-based buffer overflow. The vulnerabilities are reported in version 2008. Other versions may also be affected. SOLUTION: Due to the very limited available information, it is not possible to suggest an effective workaround. PROVIDED AND/OR DISCOVERED BY: Reportedly modules for VulnDisco Pack. ORIGINAL ADVISORY: http://intevydis.com/vd-list.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. WRT54GL is prone to a remote security vulnerability. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Linksys WRT54GL Unspecified Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA36571 VERIFY ADVISORY: http://secunia.com/advisories/36571/ DESCRIPTION: A vulnerability has been reported in Linksys WRT54GL, which can be exploited by malicious people to compromise a vulnerable device. The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow. No further information is currently available. SOLUTION: Due to the very limited available information, it is not possible to suggest an effective workaround. PROVIDED AND/OR DISCOVERED BY: Reportedly a module for VulnDisco Pack. ORIGINAL ADVISORY: http://intevydis.com/vd-list.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

HP Operations Manager is prone to a remote security vulnerability. Operations Manager 8.1 for Windows is vulnerable; other versions may also be vulnerable. NOTE: This issue may be related to the issue documented in BID 37086 (HP Operations Manager Remote Unauthorized Access Vulnerability), but this has not been confirmed.

SAP NetWeaver is prone to multiple unspecified remote vulnerabilities, including: - Multiple information-disclosure vulnerabilities. - A NULL-pointer dereference vulnerability. - Multiple heap-overflow vulnerabilities. - A denial-of-service vulnerability. Attackers can exploit these issues to execute code within the context of the affected server, cause denial-of-service conditions, and obtain potentially sensitive information.

Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. AzeoTech DAQFactory is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed attacks will cause denial-of-service conditions. DAQFactory 5.77 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: DAQFactory Web Service Unspecified Buffer Overflow SECUNIA ADVISORY ID: SA36504 VERIFY ADVISORY: http://secunia.com/advisories/36504/ DESCRIPTION: A vulnerability has been reported in DAQFactory, which can be exploited by malicious people to compromise a vulnerable system. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 5.77. SOLUTION: Disable the web service if not required or restrict access to it. PROVIDED AND/OR DISCOVERED BY: Reportedly a module for VulnDisco Pack. ORIGINAL ADVISORY: http://intevydis.com/vd-list.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. - A heap-based buffer-overflow vulnerability. - An unspecified remote code-execution vulnerability. Attackers can exploit these issues to execute code within the context of the affected server and cause denial-of-service conditions. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Crystal Reports Server Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA36583 VERIFY ADVISORY: http://secunia.com/advisories/36583/ DESCRIPTION: Some vulnerabilities have been reported in Crystal Reports Server, which can be exploited to cause a DoS (Denial of Service) or compromise a vulnerable system. 2) An unspecified error may be exploited to execute arbitrary code. 3) An unspecified error can be exploited to cause a heap-based buffer overflow. The vulnerabilities are reported in version 2008. Other versions may also be affected. SOLUTION: Due to the very limited available information, it is not possible to suggest an effective workaround. PROVIDED AND/OR DISCOVERED BY: Reportedly modules for VulnDisco Pack. ORIGINAL ADVISORY: http://intevydis.com/vd-list.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SSL A vulnerability that impersonates a server exists. This vulnerability CVE-2009-2408 And is related.By crafted certificate, any SSL There is a possibility of impersonating a server. OpenLDAP is prone to a security-bypass vulnerability. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Summary: JBoss Enterprise Web Server 1.0.2 is now available from the Red Hat Customer Portal for Red Hat Enterprise Linux 4, 5 and 6, Solaris, and Microsoft Windows. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Description: JBoss Enterprise Web Server is a fully-integrated and certified set of components for hosting Java web applications. This is the first release of JBoss Enterprise Web Server for Red Hat Enterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, Solaris, and Microsoft Windows, this release serves as a replacement for JBoss Enterprise Web Server 1.0.1, and includes a number of bug fixes. Refer to the Release Notes, linked in the References, for more information. This update corrects security flaws in the following components: tomcat6: A cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. If a remote attacker could trick a user who is logged into the Manager application into visiting a specially-crafted URL, the attacker could perform Manager application tasks with the privileges of the logged in user. (CVE-2010-4172) tomcat5 and tomcat6: It was found that web applications could modify the location of the Apache Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. (CVE-2010-3718) A second cross-site scripting (XSS) flaw was found in the Manager application. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013) A possible minor information leak was found in the way Apache Tomcat generated HTTP BASIC and DIGEST authentication requests. For configurations where a realm name was not specified and Tomcat was accessed via a proxy, the default generated realm contained the hostname and port used by the proxy to send requests to the Tomcat server. (CVE-2010-1157) httpd: A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) A flaw was discovered in the way the mod_proxy_http module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. In some configurations, the proxy could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. Note: This issue only affected httpd running on the Windows operating system. (CVE-2010-2068) apr: It was found that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching. (CVE-2011-0419) apr-util: It was found that certain input could cause the apr-util library to allocate more memory than intended in the apr_brigade_split_line() function. An attacker able to provide input in small chunks to an application using the apr-util library (such as httpd) could possibly use this flaw to trigger high memory consumption. (CVE-2010-1623) The following flaws were corrected in the packages for Solaris and Windows. Updates for Red Hat Enterprise Linux can be downloaded from the Red Hat Network. Multiple flaws in OpenSSL, which could possibly cause a crash, code execution, or a change of session parameters, have been corrected. (CVE-2009-3245, CVE-2010-4180, CVE-2008-7270) Two denial of service flaws were corrected in Expat. (CVE-2009-3560, CVE-2009-3720) An X.509 certificate verification flaw was corrected in OpenLDAP. (CVE-2009-3767) More information about these flaws is available from the CVE links in the References. Solution: All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat Customer Portal are advised to upgrade to JBoss Enterprise Web Server 1.0.2, which corrects these issues. The References section of this erratum contains a download link (you must log in to download the update). Before installing the update, backup your existing JBoss Enterprise Web Server installation (including all applications and configuration files). Apache Tomcat and the Apache HTTP Server must be restarted for the update to take effect. Bugs fixed (http://bugzilla.redhat.com/): 530715 - CVE-2009-3767 OpenLDAP: Doesn't properly handle NULL character in subject Common Name 531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences 533174 - CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences 570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks 585331 - CVE-2010-1157 tomcat: information disclosure in authentication headers 618189 - CVE-2010-1452 httpd mod_cache, mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments 632994 - CVE-2010-2068 httpd (mod_proxy): Sensitive response disclosure due improper handling of timeouts 640281 - CVE-2010-1623 apr-util: high memory consumption in apr_brigade_split_line() 656246 - CVE-2010-4172 tomcat: cross-site-scripting vulnerability in the manager application 659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack 660650 - CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack 675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface 675792 - CVE-2010-3718 tomcat: file permission bypass flaw 703390 - CVE-2011-0419 apr: unconstrained recursion in apr_fnmatch 5. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. For the oldstable distribution (etch), this problem has been fixed in version 2.3.30-5+etch3 for openldap2.3. For the stable distribution (lenny), this problem has been fixed in version 2.4.11-1+lenny1 for openldap. For the testing distribution (squeeze), and the unstable distribution (sid), this problem has been fixed in version 2.4.17-2.1 for openldap. We recommend that you upgrade your openldap2.3/openldap packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz Size/MD5 checksum: 2971126 c40bcc23fa65908b8d7a86a4a6061251 http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.dsc Size/MD5 checksum: 1214 36efc1cf2a98c54d4b1da0910e273843 http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.diff.gz Size/MD5 checksum: 315058 310ce752b78ff3227d78dcd8c1bd60a5 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_alpha.deb Size/MD5 checksum: 293108 2172048d5f8b8b7f379b3414fc5c2e37 http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_alpha.deb Size/MD5 checksum: 1280772 ab65f162a40607c1787f9b03783a7563 http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_alpha.deb Size/MD5 checksum: 193768 602a6da790648dd8b0af7d9f386b5c6e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_amd64.deb Size/MD5 checksum: 285554 42480b47018eb1d70b9e62d05b925a5b http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_amd64.deb Size/MD5 checksum: 1244570 b88256f8259516b09c51f166ff6b4aea http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_amd64.deb Size/MD5 checksum: 184652 716cc53985a031d1fe03fede778d6ae5 arm architecture (ARM) http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_arm.deb Size/MD5 checksum: 1190314 8686c6a9a9240e6113f92c8bb20d7e1a http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_arm.deb Size/MD5 checksum: 254828 49d9c9a250fb4a5a828de5791ee92380 http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_arm.deb Size/MD5 checksum: 155876 bb45d3104fe4b9811fdb3063da42d3b1 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_hppa.deb Size/MD5 checksum: 1307146 698d7416e4cc544522ce2e25ac9c0fce http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_hppa.deb Size/MD5 checksum: 292798 eb9d6d19560a1153cc58ccae3f354a4e http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_hppa.deb Size/MD5 checksum: 182568 caade74265ee9d7b8ac77c844c23b413 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_i386.deb Size/MD5 checksum: 1177552 f3ccf11b82474593af5e30a272f9edb9 http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_i386.deb Size/MD5 checksum: 148744 168e58797e74f9b3b6d3c337b6369ca7 http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_i386.deb Size/MD5 checksum: 266538 3be52b8402d06913624a3e808be58ecb ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_ia64.deb Size/MD5 checksum: 239248 78d1537b3a106824ff5d076e828a0312 http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_ia64.deb Size/MD5 checksum: 379904 dbc96e1a44dce4bb5f79b9c043823293 http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_ia64.deb Size/MD5 checksum: 1660854 fcc2873ffd50e45c956d9bcc81d83c51 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mips.deb Size/MD5 checksum: 258210 298f5a83a1efd8c035644fd58df21f2c http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mips.deb Size/MD5 checksum: 185598 b6c67ee072f2de03820e7ce11edb39c3 http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mips.deb Size/MD5 checksum: 1205768 3f312958af5ea129384513e5fab72208 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mipsel.deb Size/MD5 checksum: 258852 d7ba57787989e3fb5035fce34b04965d http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mipsel.deb Size/MD5 checksum: 187100 46910e3923926ac060c13a7a53f8cac4 http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mipsel.deb Size/MD5 checksum: 1188878 5698884b42d7206c2b0c134602861354 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_powerpc.deb Size/MD5 checksum: 188914 e03855167b8e13bdb72e47baa9644f86 http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_powerpc.deb Size/MD5 checksum: 272378 f5741b7ac8f4172e7481f5c2e699231b http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_powerpc.deb Size/MD5 checksum: 1243754 2a8b933e956e5ac4bc29028688bb09ec s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_s390.deb Size/MD5 checksum: 291822 6b47ac5b7fbc269c1973c494d5dadbc2 http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_s390.deb Size/MD5 checksum: 168716 f72b023d98d61565c624f7acbf953baf http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_s390.deb Size/MD5 checksum: 1241532 0167eb506b063de5435181f40c6cf809 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_sparc.deb Size/MD5 checksum: 1177712 770a58d0c60ad11e5ca4cf25159fe2c7 http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_sparc.deb Size/MD5 checksum: 153682 d8bf20f2a94456451d4ea29d3237d280 http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_sparc.deb Size/MD5 checksum: 258560 4bfd77d56852608813f158ecfd91b42b Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.diff.gz Size/MD5 checksum: 148075 024b717169f42734ee5650ebe2978631 http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.dsc Size/MD5 checksum: 1831 ca4cb86b4847a59f95275ff2f4d0e173 http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11.orig.tar.gz Size/MD5 checksum: 4193523 d4e8669e2c9b8d981e371e97e3cf92d9 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 3624752 5b4e467360ecd8cc897b03b5aca57dad http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 205526 3b083869976ab4d8d8df69d27fe9480e http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 280526 4ed333757fef7e98d89c5edda6589b04 http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 1537448 98d6aeab748560a491e0b526d930fc0c http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 1013148 cc656603f7ae0eacc2b3c22dd1fae967 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 285128 e526e547a4af2c13bf3ae90dfdf023a2 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 1493300 31c077d63cc2ff159927939cadb29808 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 299612 e148216f77a9136adb19acd8df026d6d http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 267470 f903f46433faa1d2b6b203e50aaed3d8 http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 881074 de337737dd93af0b81bd90e3c6f23377 http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 3664994 8ad4581bd54e1ed7a8f3c1c8bf210c17 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 204896 c0dba3b62aa14392d29f831d6c87206d arm architecture (ARM) http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 280140 ccaed923684d35304f50f27fc6b868b3 http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 248918 a08cf9fd18ce8806be437c364179c2b3 http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 877400 614df898211cc5311a62159f6ee21b93 http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 1405962 5e1e62d6f0a5984486fa2eaa478eab38 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 180520 96b5fe5d50b9a1d59eb5ab03489a1b90 http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 3572646 a8e804a9e966a57306a9229acd11ff80 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 1533292 8d5c2d83596b10c9d3ee7a4dcb692026 http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 3619256 2ad8452962291b553fadc8bb6398f834 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 200874 27205d8a86701cb133f7507eeef5e76a http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 283816 1163f67e39b08c10cf492b24bd526f24 http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 264158 905749f1e385f9d93c2358b05dc42dfb http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 999386 6a071952604a9c30483fca7f3a3754ec i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 189442 879dac84b581979646c49bde9743c630 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 286808 2dcb4f8e5514d9e4d9072b4853da322d http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 892068 449ba5d6037617e4e93dfd6bcb093549 http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 3560322 c6a6fbc66944bd05585c1065ab012c93 http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 244952 5a5b31ebb9098059e62eb57d209a6846 http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 1404266 a3bffb93ec3b0d0d130a6a7e29091a9b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 3589108 d34afb06a3b21ad7267ef5d31b6ad322 http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 932026 1194a002673f8a73cf382c2333c7882b http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 352020 e40c570396514fee0c6eee3920be2607 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 269084 1720388cc8102f33122375034a703a05 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 259018 658248f4329555e81896800709302575 http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 2006532 6ad20563d8999759f32445576fd69856 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 3712752 8d48a2797c1f4e6b5dea203698e4b31c http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 180956 88613b463fcdba79539048ce681d4f5e http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 260240 f6fa5402a6fc03aef4b87735030969c5 http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 854756 76ad64ab6fe85c5bfc654266101e024a http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 1394436 4930b2b56c642182c8ccd69d5bc53685 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 302106 3672bab4d2c0c037a1d9c0a61fa16139 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 3718584 7b120292ce66e7ea85b3ad623da0bb4e http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 295146 f131ea5cdbab25c2416ff06f6697bc08 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 199248 c683d506deb5fadabea906c9dec36c9f http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 1536614 b5c37ae6f72127bdf6910100edeb06e5 http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 907106 6af4614c092e6ccda8580e6a73cb8728 http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 284952 b75e2ddab46ddab036ef40b21cec63ee sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 872178 a7739e034d0df26a69e0cb569802d594 http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 249022 334ecf73608e20ec6cff79716cf10fde http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 1387990 4935db487abd61e04adb3a846ed7aadc http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 260980 006fdd6b90293fdf1331442ccabde568 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 182822 73c3edfab6b52e772ed36c990c13f210 http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 3502906 c19b8875ae915cec344bb74a5e462e44 These files will probably be moved into the stable distribution on its next update. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-36 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenLDAP: Multiple vulnerabilities Date: June 30, 2014 Bugs: #290345, #323777, #355333, #388605, #407941, #424167 ID: 201406-36 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in OpenLDAP, allowing for Denial of Service or a man-in-the-middle attack. Background ========== OpenLDAP is an LDAP suite of application and development tools. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-nds/openldap < 2.4.35 >= 2.4.35 Description =========== Multiple vulnerabilities have been discovered in OpenLDAP. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using OpenLDAP, bypass security restrictions or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenLDAP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-nds/openldap-2.4.35" References ========== [ 1 ] CVE-2009-3767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3767 [ 2 ] CVE-2010-0211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0211 [ 3 ] CVE-2010-0212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0212 [ 4 ] CVE-2011-1024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1024 [ 5 ] CVE-2011-1025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1025 [ 6 ] CVE-2011-1081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1081 [ 7 ] CVE-2011-4079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4079 [ 8 ] CVE-2012-1164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1164 [ 9 ] CVE-2012-2668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2668 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201406-36.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2010-0015 Synopsis: VMware ESX third party updates for Service Console Issue date: 2010-09-30 Updated on: 2010-09-30 (initial release of advisory) CVE numbers: CVE-2010-0826 CVE-2009-3767 CVE-2010-0734 CVE-2010-1646 CVE-2009-3555 CVE-2009-2409 CVE-2009-3245 CVE-2010-0433 - ------------------------------------------------------------------------ 1. Summary ESX 4.0 Console OS (COS) updates for NSS_db, OpenLDAP, cURL, sudo OpenSSL, GnuTLS, NSS and NSPR packages. 2. Relevant releases VMware ESX 4.0 without patches ESX400-201009407-SG, ESX400-201009408-SG, ESX400-201009409-SG, ESX400-201009410-SG, ESX400-201009401-SG Notes: Effective May 2010, VMware's patch and update release program during Extended Support will be continued with the condition that all subsequent patch and update releases will be based on the latest baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1, ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section "End of Product Availability FAQs" at http://www.vmware.com/support/policies/lifecycle/vi/faq.html for details. Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan to upgrade to at least ESX 3.5 and preferably to the newest release available. 3. Problem Description a. Service Console update for NSS_db The service console package NSS_db is updated to version nss_db-2.2-35.4.el5_5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0826 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX affected, patch pending ESX 4.0 ESX ESX400-201009407-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Server, Fusion. b. Service Console update for OpenLDAP The service console package OpenLDAP updated to version 2.3.43-12.el5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3767 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX affected, patch pending ESX 4.0 ESX ESX400-201009408-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Server, Fusion. c. Service Console update for cURL The service console packages for cURL updated to version 7.15.5-9.el5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX affected, patch pending ESX 4.0 ESX ESX400-201009409-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Server, Fusion. d. Service Console update for sudo The service console package sudo updated to version 1.7.2p1-7.el5_5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1646 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX affected, patch pending ESX 4.0 ESX ESX400-201009410-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Server, Fusion. e. Service Console update for OpenSSL, GnuTLS, NSS and NSPR Service Console updates for OpenSSL to version 097a-0.9.7a-9.el5_4.2 and version 0.9.8e-12.el5_4.6, GnuTLS to version 1.4.1-3.el5_4.8, and NSS to version 3.12.6-1.3235.vmw and NSPR to version 4.8.4-1.3235.vmw. These four updates are bundled together due to their mutual dependencies. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3555, CVE-2009-2409, CVE-2009-3245 and CVE-2010-0433 to the issues addressed in this update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX affected, patch pending ESX 4.0 ESX ESX400-201009401-SG ** ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Server, Fusion. ** Note: This patch also addresses non-security issues. See KB article 1023759 for details. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX 4.0 ------- ESX400-201009001 Download link: http://bit.ly/adhjEu md5sum: 988c593b7a7abf0be5b72970ac64a369 sha1sum: 26d875955b01c19f4e56703216e135257c08836f http://kb.vmware.com/kb/1025321 ESX400-201009001 contains the following security bulletins: ESX400-201009407-SG (NSS_db) | http://kb.vmware.com/kb/1023763 ESX400-201009408-SG (OpenLDAP) | http://kb.vmware.com/kb/1023764 ESX400-201009409-SG (cURL) | http://kb.vmware.com/kb/1023765 ESX400-201009410-SG (sudo) | http://kb.vmware.com/kb/1023766 ESX400-201009401-SG (OpenSSL, GnuTLS, NSS) | http://kb.vmware.com/kb/1023759 And contains the following security bundles from VMSA-2010-0013.1: ESX400-201009402-SG (cpio) | http://kb.vmware.com/kb/1023760 ESX400-201009406-SG (tar) | http://kb.vmware.com/kb/1023762 ESX400-201009403-SG (krb5) | http://kb.vmware.com/kb/1023761 ESX400-201009411-SG (perl) | http://kb.vmware.com/kb/1023767 And also contains ESX400-201009412-BG a non-security critical update. To install an individual bulletin use esxupdate with the -b option. 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0826 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 - ------------------------------------------------------------------------ 6. Change log 2010-09-30 VMSA-2010-0015 Initial security advisory after release of patches for ESX 4.0 on 2010-09-30 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware Security Advisories http://www.vmware.com/security/advisoiries VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iEYEARECAAYFAkykSsUACgkQS2KysvBH1xn89gCcCMcHvt1LDG9pNh5lbRmxphDg R2UAmQHIUDg4mWUStJolvh98eiTS140I =bM3K -----END PGP SIGNATURE----- . Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLXwOHmqjQ0CJFipgRAp7yAJ40umReJDo1Asg6BoihvuXXShK+vACeP+Vx 9jUkR+Zs9Nl7nEVuZXdjAvw= =Fkxu -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-858-1 November 12, 2009 openldap2.2 vulnerability CVE-2009-3767 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libldap-2.2-7 2.2.26-5ubuntu2.9 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that OpenLDAP did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.diff.gz Size/MD5: 516098 098a03b4f7d511ce730e9647deca2072 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.dsc Size/MD5: 1028 5a95dae94a1016fbcf41c1c1992ea8e6 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_amd64.deb Size/MD5: 130854 1f1b40b12adcb557a810194d0c4f7993 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_amd64.deb Size/MD5: 166444 500528d10502361c075a08578c1586f5 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_amd64.deb Size/MD5: 961974 f56eef919306d6ca7f4a7a090d2ae6ba i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_i386.deb Size/MD5: 118638 0558a833fb6eadf4d87bd9fd6e687838 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_i386.deb Size/MD5: 146444 fc85d5259c97622324047bbda153937d http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_i386.deb Size/MD5: 873424 358c78f76ee16010c1fb81e89adfe849 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_powerpc.deb Size/MD5: 133012 92d9de435a795261e6bf4143f2bf59c7 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_powerpc.deb Size/MD5: 157480 099b1ee5e158f77be109a7972587f596 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_powerpc.deb Size/MD5: 960052 850fb56995224edd6ae329af1b8236ef sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_sparc.deb Size/MD5: 120932 4fa0f7accd968ba71dff1f7c5b2ef811 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_sparc.deb Size/MD5: 148546 2d1af209a8b53a8315fbd4bd86573d70 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_sparc.deb Size/MD5: 903928 4aa6b0478821e803c80a020b031aafed

Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Attackers can exploit these issues to completely compromise the vulnerable device; other attacks may also be possible. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: ASUS WL-500W Wireless Router Two Vulnerabilities SECUNIA ADVISORY ID: SA36439 VERIFY ADVISORY: http://secunia.com/advisories/36439/ DESCRIPTION: Two vulnerabilities have been reported in ASUS WL-500W wireless router. 1) An unspecified error can be exploited to cause a buffer overflow. 2) An unspecified error has an unknown impact. SOLUTION: Due to the very limited available information, it is not possible to suggest an effective workaround. PROVIDED AND/OR DISCOVERED BY: Reported as modules included in VulnDisco Pack. ORIGINAL ADVISORY: http://intevydis.com/vd-list.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------