VARIoT IoT vulnerabilities database

Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of AVI files. Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2, and Mac OS X. Apple QuickTime is a very popular multimedia player. ZDI-09-006: Apple QuickTime AVI Header nBlockAlign Heap Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-006 January 21, 2009 -- CVE ID: CVE-2009-0003 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6642. More details can be found at: http://support.apple.com/kb/HT3403 -- Disclosure Timeline: 2008-10-15 - Vulnerability reported to vendor 2009-01-21 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster@3com.com. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-022A Apple QuickTime Updates for Multiple Vulnerabilities Original release date: January 22, 2009 Last revised: -- Source: US-CERT Systems Affected * Apple QuickTime 7.5 for Windows and Mac OS X Overview Apple has released QuickTime 7.6 to correct multiple vulnerabilities affecting QuickTime for Mac OS X and Windows. I. Description Apple QuickTime 7.6 addresses a number of vulnerabilities affecting QuickTime. This file could be hosted on a web page or sent via email. II. Impact The impacts of these vulnerabilities vary. III. This and other updates are available via Software Update or via Apple Downloads. IV. References * About the security content of QuickTime 7.6 - <http://support.apple.com/kb/HT3403> * Apple Support Downloads - <http://support.apple.com/downloads/> * Mac OS X - updating your software - <http://support.apple.com/kb/HT1338?viewlocale=en_US> * Securing Your Web Browser - <https://www.us-cert.gov/reading_room/securing_browser/> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA09-022A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA09-022A Feedback VU#703068" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 22, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSXj25HIHljM+H4irAQKNIgf+LSBKBzHWdjxmJgYw3vYmAXtwpUxAVThs Ma4vIB1vSjv8Us83S2XrKIGcKrdPgQgeS7Vji9WRMmlzEv/AYlFJseqq17ufGely 5YosATUh+C0SjY6OAYeJNYMws7fgGcGJagtfQp0gJTRLruknEoB/iqlASBQ7MtNg 7viHKIR8r2BxCNB1A4ir1kzPELIHFF/pmmuaD+E2PnxH1XtYLM9b9t6xbkjie2PG vEwv7JCGH/RrJtst480ZMIHOghsZ0ONoMkTjZB7o5S0ww3guktGOMB+/QiZI8eFB KbU6nB6JGscZ8Fb1E4K3yOU9MvpzEfurIvYmyMcAdxFCiq5CSUjOug== =B5D3 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA33632 VERIFY ADVISORY: http://secunia.com/advisories/33632/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/advisories/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 1) A boundary error exists in the processing of RTSP URLs. This can be exploited to cause a heap-based buffer overflow when a specially crafted RTSP URL is accessed. 2) An error due to improper validation of transform matrix data exists when processing Track Header (THKD) atoms in QuickTime Virtual Reality (QTVR) movie files. This can be exploited to cause a heap-based buffer overflow via a specially crafted QTVR file. 4) A boundary error exists in the processing of MPEG-2 video files containing MP3 audio content, which can be exploited to cause a buffer overflow via a specially crafted movie file. 6) A signedness error exists within the processing of the MDAT atom when handling Cinepak encoded movie files. 7) An error exists within the function JPEG_DComponentDispatch() when processing the image width data in JPEG atoms embedded in STSD atoms. SOLUTION: Update to version 7.6. QuickTime 7.6 for Windows: http://support.apple.com/downloads/QuickTime_7_6_for_Windows QuickTime 7.6 for Leopard: http://support.apple.com/downloads/QuickTime_7_6_for_Leopard QuickTime 7.6 for Tiger: http://support.apple.com/downloads/QuickTime_7_6_for_Tiger PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Attila Suszter 4) Chad Dougherty, CERT Coordination Center 5) Dave Soldera, NGS Software 2, 3, 6, 7) An anonymous person, reported via ZDI ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3403 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-005/ http://www.zerodayinitiative.com/advisories/ZDI-09-006/ http://www.zerodayinitiative.com/advisories/ZDI-09-007/ http://www.zerodayinitiative.com/advisories/ZDI-09-008/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field. Successful exploits may allow an attacker to crash an affected application, execute arbitrary code, or bypass security. 3) Missing authentication to the Trend Micro Personal Firewall service (TmPfw.exe) listening on port 40000/TCP by default can be exploited by any local user to manipulate the firewall configuration via specially crafted packets regardless of whether password restriction has been enabled for the configuration interface. The vulnerabilities are confirmed in versions 16.10.1063 and 16.10.1079. Other versions may also be affected. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2008-42/ http://secunia.com/secunia_research/2008-43/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ====================================================================== 2) Severity Rating: Less critical Impact: Denial of Service Privilege Escalation Where: Local system ====================================================================== 3) Vendor's Description of Software "Trend Micro Internet Security provides smart, up-to-date protection for your home network against present and future threats without slowing down your PC.". These can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. 1) Input validation errors exist in the firewall service (TmPfw.exe) within the "ApiThread()" function when processing packets sent to the service (by default port 40000/TCP). These can be exploited to cause heap-based buffer overflows via specially crafted packets containing a small value in a size field. 2) Input validation errors exist in the firewall service (TmPfw.exe) within the "ApiThread()" function when processing packets sent to the service (by default port 40000/TCP). These can be exploited to crash the service via specially crafted packets containing an overly large value in a size field. ====================================================================== 5) Solution Apply patch for OfficeScan 8.0 SP1 Patch 1. ====================================================================== 6) Time Table 17/10/2008 - Vendor notified. 18/10/2008 - Vendor response. 14/12/2008 - Vendor provides hotfix for testing. 19/12/2008 - Vendor informed that hotfix fixes vulnerabilities. 18/01/2009 - Vendor issues fix for OfficeScan 8.0 SP1 Patch 1. 20/01/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Carsten Eiram, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned the following CVE identifiers: * CVE-2008-3864 (DoS via large size value) * CVE-2008-3865 (buffer overflow) Trend Micro: http://www.trendmicro.com/ftp/documentation/readme/ OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-42/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ======================================================================

Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. ( dot dot ) Through strings, arbitrary directories may be enumerated and arbitrary files may be created or viewed. The HTC OBEX FTP service is prone to a directory-traversal vulnerability. Exploiting this issue allows an attacker to write arbitrary files to locations outside the application's current directory, download arbitrary files, and obtain sensitive information. Other attacks may also be possible. The issue affects HTC devices running the OBEX FTP service on Windows Mobile 6.0 and 6.1. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Mobile Bluetooth Stack OBEX Directory Traversal SECUNIA ADVISORY ID: SA33598 VERIFY ADVISORY: http://secunia.com/advisories/33598/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: Microsoft Windows Mobile 6.x http://secunia.com/advisories/product/14717/ DESCRIPTION: Alberto Moreno Tablado has reported a vulnerability in Microsoft Windows Mobile, which can be exploited by malicious users to disclose sensitive information and bypass certain security restrictions. Successful exploitation requires OBEX read or write access. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Alberto Moreno Tablado ORIGINAL ADVISORY: http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. Successful exploits may allow an attacker to crash an affected application, execute arbitrary code, or bypass security. These issues affect the following: Trend Micro OfficeScan Corporate Edition 8.0 SP1 Patch 1 Trend Micro Internet Security 2008 Trend Micro Internet Security Pro 2008 Trend Micro PC-cillin Internet Security 2007. These can be exploited to cause heap-based buffer overflows via specially crafted packets containing a small value in a size field. The vulnerabilities are confirmed in versions 16.10.1063 and 16.10.1079. Other versions may also be affected. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2008-42/ http://secunia.com/secunia_research/2008-43/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ====================================================================== 2) Severity Rating: Less critical Impact: Security bypass Where: Local system ====================================================================== 3) Vendor's Description of Software "Trend Micro Internet Security provides smart, up-to-date protection for your home network against present and future threats without slowing down your PC.". This can be exploited by malicious, local users to manipulate firewall settings regardless of configured security settings. the firewall settings. To prevent any user from changing the settings, password restriction can be enabled. This can be exploited to manipulate the firewall settings regardless of whether password restriction is enabled by sending specially crafted packets to the service listening on port 40000/TCP. ====================================================================== 5) Solution Apply patch for OfficeScan 8.0 SP1 Patch 1. ====================================================================== 6) Time Table 22/10/2008 - Vendor notified. 22/10/2008 - Vendor response. 14/12/2008 - Vendor provides hotfix for testing. 19/12/2008 - Vendor informed that hotfix fixes vulnerabilities. 18/01/2009 - Vendor issues fix for OfficeScan 8.0 SP1 Patch 1. 20/01/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Carsten Eiram, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2008-3866 for the vulnerability. Trend Micro: http://www.trendmicro.com/ftp/documentation/readme/ OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-43/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field. Successful exploits may allow an attacker to crash an affected application, execute arbitrary code, or bypass security. These issues affect the following: Trend Micro OfficeScan Corporate Edition 8.0 SP1 Patch 1 Trend Micro Internet Security 2008 Trend Micro Internet Security Pro 2008 Trend Micro PC-cillin Internet Security 2007. 3) Missing authentication to the Trend Micro Personal Firewall service (TmPfw.exe) listening on port 40000/TCP by default can be exploited by any local user to manipulate the firewall configuration via specially crafted packets regardless of whether password restriction has been enabled for the configuration interface. The vulnerabilities are confirmed in versions 16.10.1063 and 16.10.1079. Other versions may also be affected. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2008-42/ http://secunia.com/secunia_research/2008-43/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ====================================================================== 2) Severity Rating: Less critical Impact: Denial of Service Privilege Escalation Where: Local system ====================================================================== 3) Vendor's Description of Software "Trend Micro Internet Security provides smart, up-to-date protection for your home network against present and future threats without slowing down your PC.". These can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. 1) Input validation errors exist in the firewall service (TmPfw.exe) within the "ApiThread()" function when processing packets sent to the service (by default port 40000/TCP). These can be exploited to cause heap-based buffer overflows via specially crafted packets containing a small value in a size field. 2) Input validation errors exist in the firewall service (TmPfw.exe) within the "ApiThread()" function when processing packets sent to the service (by default port 40000/TCP). These can be exploited to crash the service via specially crafted packets containing an overly large value in a size field. ====================================================================== 5) Solution Apply patch for OfficeScan 8.0 SP1 Patch 1. ====================================================================== 6) Time Table 17/10/2008 - Vendor notified. 18/10/2008 - Vendor response. 14/12/2008 - Vendor provides hotfix for testing. 19/12/2008 - Vendor informed that hotfix fixes vulnerabilities. 18/01/2009 - Vendor issues fix for OfficeScan 8.0 SP1 Patch 1. 20/01/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Carsten Eiram, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned the following CVE identifiers: * CVE-2008-3864 (DoS via large size value) * CVE-2008-3865 (buffer overflow) Trend Micro: http://www.trendmicro.com/ftp/documentation/readme/ OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-42/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ======================================================================

Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet. Products that use the Preboot Execution Environment (PXE) SDK sample code provided by Intel contain multiple vulnerabilities. Products that use the PXE SDK sample code provided by Intel contain directory traversal and buffer overflow vulnerabilities. Nobuyuki Kanaya of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information stored by the product using the PXE SDK sample code may be viewed, or arbitrary code may be executed. Fujitsu Systemcast Wizard Lite is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied input. Attackers can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will compromise the application and the underlying computer. Failed attacks will cause denial-of-service conditions. Systemcast Wizard Lite 2.0A and prior are vulnerable. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Fujitsu SystemcastWizard Lite Multiple Vulnerabilities SECUNIA ADVISORY ID: SA33594 VERIFY ADVISORY: http://secunia.com/advisories/33594/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information, DoS, System access WHERE: >From remote SOFTWARE: Fujitsu SystemcastWizard Lite 2.x http://secunia.com/advisories/product/21065/ Fujitsu SystemcastWizard Lite 1.x http://secunia.com/advisories/product/21064/ DESCRIPTION: Some vulnerabilities have been reported in Fujitsu SystemcastWizard Lite, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Successful exploitation allows execution of arbitrary code. 2) An input validation error in the TFTP service can be exploited to download files from arbitrary locations via directory traversal sequences. The vulnerabilities are reported in versions 2.0, 2.0A, and prior 1.x versions. SOLUTION: Apply vendor patch for versions after 1.6A. Reportedly, a patch for previous versions will be available later. PROVIDED AND/OR DISCOVERED BY: 1) Ruben Santamarta, Wintercore 2) Reported by the vendor. ORIGINAL ADVISORY: Fujitsu: http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html Ruben Santamarta: http://www.wintercore.com/advisories/advisory_W010109.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value. Failed attacks will likely cause denial-of-service conditions. Axis Camera Control 2.40.0.0 is vulnerable; other versions may also be vulnerable. The vulnerability is confirmed in version 2.40.0.0. Prior versions may also be affected. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2008-58/ Axis Communications: http://www.axis.com/techsup/software/acc/files/acc_security_update_090119.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ====================================================================== 2) Severity Rating: Highly critical Impact: System compromise Where: Remote ====================================================================== 3) Vendor's Description of Software "AXIS Camera Control (ActiveX component) makes it possible to view Motion JPEG video streams from an Axis Network Video product directly in Microsoft Development Tools and Microsoft Internet Explorer." Product Link: http://www.axis.com/techsup/software/acc/index.htm ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in AXIS Camera Control, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code, but requires that the user is tricked into visiting and clicking a malicious web page. ====================================================================== 5) Solution The vendor recommends removing the ActiveX control and using AXIS Media Control as a replacement. ====================================================================== 6) Time Table 09/01/2009 - Vendor notified. 09/01/2009 - Vendor response. 23/01/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Alin Rad Pop, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2008-5260 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-58/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ======================================================================

Multiple Sagem F@st routers are prone to an unauthorized-access vulnerability. Attackers can exploit this issue to reset the router, possibly resulting in denial-of-service conditions. Other security implications that could aid in further attacks may also occur. The following routers are affected: Sagem F@st 1200 Sagem F@st 1240 Sagem F@st 1400 Sagem F@st 1400W Sagem F@st 1500 Sagem F@st 1500-WG Sagem F@st 2404

IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and the bcgarchive (aka the archiver script). IBM WebSphere Partner Gateway (WPG) is prone to an information-disclosure vulnerability. Exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. WPG 6.1.0 and 6.1.1 are vulnerable. WebSphere Partner Gateway is a centralized, integrated B2B trading partner and transaction management tool

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. This vulnerability CVE-2008-3821 Is a different vulnerability. IOS is prone to a cross-site scripting vulnerability. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. This type of attack may result in replacing the target's management interface, or redirecting confidential information to an unauthorized third party, for example, the data returned by the /level/15/exec/-/show/run/CR URL can be modified through the XMLHttpRequest object. In addition, attackers can also perform administrative operations through cross-site request forgery attacks. For example, injecting an img tag pointing to /level/15/configure/-/enable/secret/newpass will change the enable password to newpass. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Cisco IOS Cross-Site Scripting and Cross-Site Request Forgery SECUNIA ADVISORY ID: SA33844 VERIFY ADVISORY: http://secunia.com/advisories/33844/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/advisories/product/182/ Cisco IOS R12.x http://secunia.com/advisories/product/50/ DESCRIPTION: Zloss has reported some vulnerabilities in Cisco IOS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via the URL when executing commands is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The device allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to potentially alter the configuration of the device by tricking the user into visiting a malicious web site. The vulnerabilities are reported in Cisco IOS firmware version 12.4(23). Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. Do not visit untrusted websites while being logged in to the device. PROVIDED AND/OR DISCOVERED BY: Zloss ORIGINAL ADVISORY: http://packetstormsecurity.org/0902-exploits/cisco12423-xss.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session. Cisco ONS is prone to a denial-of-service vulnerability when handling specially crafted TCP traffic. An attacker can exploit this issue to cause the control cards in the affected devices to reload, denying service to legitimate users. The following devices are affected: Cisco ONS 15310-CL and 15310-MA Cisco ONS 15327 Cisco ONS 15454 and 15454 SDH Cisco ONS 15600 This issue is being tracked by Cisco BugID CSCsr41128. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco ONS Platform Crafted Packet Vulnerability Advisory ID: cisco-sa-20090114-ons http://www.cisco.com/warp/public/707/cisco-sa-20090114-ons.shtml Revision 1.0 For Public Release 2009 January 14 1600 UTC (GMT) - --------------------------------------------------------------------- Summary ======= The Cisco ONS 15300 series Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiservice Platform, and the Cisco ONS 15600 Multiservice Switching Platform contains a vulnerability when processing TCP traffic streams that may result in a reload of the device control card. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. Several mitigations exist that can limit the exposure of this vulnerability. To determine your software version, view the Help > About window on the CTC management software). These control cards are usually connected to a Data Communications Network (DCN). In this context the term DCN is used to denote the network that transports management information between a management station and the network entity (NE). This definition of DCN is sometimes referred to as Management Communication Network (MCN). The DCN is usually physically or logically separated from the optical data network and isolated from the Internet. This limits the exposure to the exploitation of this vulnerability from the Internet. A crafted stream of TCP traffic to the control cards on a node will result in a reset of the corresponding control cards on this node. A complete 3-way handshake is required on any open TCP port to be able to exploit this vulnerability. The timing for the data channels traversing the switch is provided by the control cards. When an active and a standby Cisco ONS 15310-MA, ONS 15310-CL, ONS 15327, ONS 15454 or ONS 15454 SDH control card reloads at the same time, the synchronous data channels traversing the switch drop traffic until the card comes back online. Asynchronous data channels traversing the switch are not impacted. Manageability functions provided by the network element using the CTX, CTX2500, XTC or TCC/ TCC+/TCC2/TCC2P control cards are not available until the control card comes back online. On the Cisco ONS 15600 hardware, whenever both the active and standby control cards are rebooting at the same time, there is no impact to the data channels traversing the switch because the TSC performs a software reset which does not impact the timing being provided by the TSC for the data channels. Manageability functions provided by the network element through the TSC control cards are not available until the control card comes back online. This vulnerability is documented in Cisco bug ID CSCsr41128 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-3818. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CVSS Base Score - 7.8 Access Vector : Network Access Complexity : Low Authentication : None Confidentiality Impact: None Integrity Impact : None Availability Impact : Complete CVSS Temporal Score - 6.4 Exploitability : Functional Remediation Level : Official-Fix Report Confidence : Confirmed Impact ====== Successful exploitation of this vulnerability will result in a reset of the node's control card. Repeated attempts to exploit this vulnerability could result in a sustained DoS condition, dropping the synchronous data channels traversing the switch (Cisco ONS 15310-MA, ONS 15310-CL, ONS 15327, ONS 15454, ONS 15454 SDH) and preventing manageability functions provided by the network element control cards (all ONS switches) until the control card comes back online. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +-------------------------------------------------------------------------+ | Affected Major Release | First Fixed Release | |---------------------------------+---------------------------------------| | 7.0 | Note: Releases prior to 7.0.2 are not | | | vulnerable. First fixed in 7.0.7 | |---------------------------------+---------------------------------------| | 7.2 | Note: Releases prior to 7.2.2 are not | | | vulnerable. First fixed in 7.2.3 | |---------------------------------+---------------------------------------| | 8.0 | Vulnerable; migrate to 8.5.3 or | | | later. | |---------------------------------+---------------------------------------| | 8.5 | Note: Releases prior to 8.5.1 are not | | | vulnerable. First fixed in 8.5.3 | |---------------------------------+---------------------------------------| | 9.0 | Not vulnerable. | +-------------------------------------------------------------------------+ Note: Releases prior to 7.0 are not affected by this vulnerability. Workarounds =========== There are no workarounds for this vulnerability. The following general mitigation actions help prevent remote exploitation: * Isolate DCN: Ensuring the DCN is physically or logically separated from the customer network and isolated from the Internet will limit the exposure to the exploitation of these vulnerabilities from the Internet or customer networks. * Apply Transit Access Control Lists: Apply access control lists (ACLs) on routers / switches / firewalls installed in front of the vulnerable network devices such that TCP/IP traffic destined for the CTX, CTX2500, XTC, TCC2 /TCC2+/TCC2P, or TSC control cards on the ONS is allowed only from the network management workstations. For examples on how to apply ACLs on Cisco routers, refer to the white paper "Transit Access Control Lists: Filtering at Your Edge", which is available at the following link: http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090114-ons.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was found by reviewing Cisco TAC service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090114-ons.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-January-14 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkluC5MACgkQ86n/Gc8U/uCIiwCfb0TgaYDql8VEjtERKMaqgHOm h0oAniEObgEKjHbo+CHnJxfFFKhCr17o =7xLg -----END PGP SIGNATURE-----

PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error.". Cisco IronPort Encryption Appliance and PostX are prone to multiple information-disclosure and cross-site request-forgery vulnerabilities. Attackers may exploit these issues to obtain sensitive information, including user passwords, or to modify user information through the web administration interface. This may aid in further attacks. IronPort series products are widely used email encryption gateways, which can seamlessly complete the encryption, decryption and digital signature of confidential emails. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities Advisory ID: cisco-sa-20090114-ironport Revision 1.0 For Public Release 2009 January 14 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= IronPort PXE Encryption is an e-mail encryption solution that is designed to secure e-mail communications without the need for a Public Key Infrastructure (PKI) or special agents on receiving systems. When an e-mail message is targeted for encryption, the PXE encryption engine on an IronPort e-mail gateway encrypts the original e-mail message as an HTML file and attaches it to a notification e-mail message that is sent to the recipient. The per-message key used to decrypt the HTML file attachment is stored on a local IronPort Encryption Appliance, PostX software installation or the Cisco Registered Envelope Service, which is a Cisco-managed software service. PXE Encryption Privacy Vulnerabilities +------------------------------------- The IronPort PXE Encryption solution is affected by two vulnerabilities that could allow unauthorized individuals to view the contents of secure e-mail messages. To exploit the vulnerabilities, attackers must first intercept secure e-mail messages on the network or via a compromised e-mail account. These vulnerabilities do not affect Cisco Registered Envelope Service users. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for the vulnerabilities that are described in this advisory. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml Affected Products ================= Vulnerable Products +------------------ The following IronPort Encryption Appliance/PostX versions are affected by these vulnerabilities: * All PostX 6.2.1 versions prior to 6.2.1.1 * All PostX 6.2.2 versions prior to 6.2.2.3 * All IronPort Encryption Appliance/PostX 6.2.4 versions prior to 6.2.4.1.1 * All IronPort Encryption Appliance/PostX 6.2.5 versions * All IronPort Encryption Appliance/PostX 6.2.6 versions * All IronPort Encryption Appliance/PostX 6.2.7 versions prior to 6.2.7.7 * All IronPort Encryption Appliance 6.3 versions prior to 6.3.0.4 * All IronPort Encryption Appliance 6.5 versions prior to 6.5.0.2 The version of software that is running on an IronPort Encryption Appliance is located on the About page of the IronPort Encryption Appliance administration interface. Note: Customers should contact IronPort support to determine which software fixes are applicable for their environment. Please consult the Obtaining Fixed Software section of this advisory for more information. Products Confirmed Not Vulnerable +-------------------------------- IronPort C, M and S-Series appliances are not affected by these vulnerabilities. Although C-Series appliances can be configured to use a local IronPort Encryption Appliance for per-message key retention, the C-Series appliances are not vulnerable. The Cisco Registered Envelope Service is not vulnerable. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Note: IronPort tracks bugs using an internal system that is not available to customers. The IronPort bug tracking identifiers are provided for reference only. PXE Encryption Privacy Vulnerabilities +------------------------------------- Individual PXE Encryption users are vulnerable to two message privacy vulnerabilities that could allow an attacker to gain access to sensitive information. All the vulnerabilities require an attacker to first intercept a secure e-mail message as a condition for successful exploitation. Attackers can obtain secure e-mail messages by monitoring a network or a compromised user e-mail account. Using the decryption key, an attacker could decrypt the contents of the secure e-mail message. This vulnerability is documented in IronPort bug 8062 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0053. By modifying the contents of intercepted secure e-mail messages or by forging a close copy of the e-mail message, it may be possible for an attacker to convince a user to view a modified secure e-mail message and then cause the exposure of the user's credentials and message content. Please see the Workarounds section for more information on mitigations available to reduce exposure to these phishing-style attacks. This vulnerability is documented in IronPort bug 8149 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0054. IronPort Encryption Appliance Administration Interface Vulnerabilities +--------------------------------------------------------------------- The administration interface of IronPort Encryption Appliance devices contains a cross-site request forgery (CSRF) vulnerability that could allow an attacker to modify a user's IronPort Encryption Appliance preferences, including their user name and personal security pass phrase, if the user is logged into the IronPort Encryption Appliance administration interface. Exploitation of the vulnerability will not allow an attacker to change a user's password. This vulnerability is documented in IronPort bug 5806 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0055. Exploitation of the vulnerability will not allow an attacker to change a user's password. This vulnerability is documented in IronPort bug 6403 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0056. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss PXE Encryption Message Decryption Vulnerability - IronPort Bug 8062 CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed PXE Encryption Phishing Vulnerabilities - IronPort Bug 8149 CVSS Base Score - 6.1 Access Vector - Network Access Complexity - High Authentication - None Confidentiality Impact - Complete Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 5 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed IronPort Encryption Appliance CSRF Vulnerability - IronPort Bug 5806 CVSS Base Score - 5.8 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 4.8 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed IronPort Encryption Appliance Logout Action CSRF Vulnerability - IronPort Bug 6403 CVSS Base Score - 5.8 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 4.8 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed Impact ====== PXE Encryption Privacy Vulnerabilities +------------------------------------- Successful exploitation of these vulnerabilities could allow an attacker to obtain user credentials and view the contents of intercepted secure e-mail messages, which could result in the disclosure of sensitive information. IronPort Encryption Appliance Administration Interface Vulnerabilities +--------------------------------------------------------------------- Successful exploitation of these vulnerabilities could allow an attacker to access user accounts on an IronPort Encryption Appliance device, which could result in the modification of user preferences. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. Workarounds =========== There are no workarounds for the vulnerabilities that are described in this advisory. There are mitigations available to help prevent exploitation of the PXE Encryption phishing-style vulnerability. Phishing attacks can be greatly reduced if DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) are implemented on IronPort e-mail gateways to help ensure message integrity and source origin. Additionally, the PXE Encryption solution contains an anti-phishing Secure Pass Phrase feature to ensure that secure notification e-mail messages are valid. This feature is enabled by recipients when configuring their PXE user profile. Cisco has released a best practices document that describes several techniques to mitigate against the phishing-style attacks that is available at the following link: http://www.cisco.com/web/about/security/intelligence/bpiron.html Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. The affected products in this advisory are directly supported by IronPort, and not via the Cisco TAC organization. Customers should contact IronPort technical support at the link below to obtain software fixes. IronPort technical support will assist customers in determining the correct fixes and installation procedures. Customers should direct all warranty questions to IronPort technical support. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. http://www.ironport.com/support/contact_support.html Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. J.B. Snyder of Brintech reported a method for obtaining PXE Encryption user credentials via a phishing-style attack to Cisco. All other vulnerabilities were discovered by Cisco or reported by customers. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-January-14 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iD8DBQFJbhoo86n/Gc8U/uARAjuxAJ4oLc1JjS7N9728Ueb6JB7Y2LVJtACfaSfA A6WIz481vajHya3jIlp+/Xc= =cFJ6 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Cisco IronPort Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA33479 VERIFY ADVISORY: http://secunia.com/advisories/33479/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: Cisco IronPort Encryption Appliance 6.x http://secunia.com/advisories/product/20990/ SOFTWARE: Cisco IronPort PostX 6.x http://secunia.com/advisories/product/20991/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IronPort products, which can be exploited by malicious people to disclose sensitive information or conduct cross-site request forgery attacks. 3) The web-based administration interface allows user to perform certain actions via HTTP request without performing any validity checks to verify the requests. This can be exploited to e.g. http://www.ironport.com/support/contact_support.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits J.B. Snyder of Brintech ORIGINAL ADVISORY: Cisco (cisco-sa-20090114-ironport): http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message. Cisco IronPort Encryption Appliance and PostX are prone to multiple information-disclosure and cross-site request-forgery vulnerabilities. Attackers may exploit these issues to obtain sensitive information, including user passwords, or to modify user information through the web administration interface. This may aid in further attacks. IronPort series products are widely used email encryption gateways, which can seamlessly complete the encryption, decryption and digital signature of confidential emails. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities Advisory ID: cisco-sa-20090114-ironport Revision 1.0 For Public Release 2009 January 14 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= IronPort PXE Encryption is an e-mail encryption solution that is designed to secure e-mail communications without the need for a Public Key Infrastructure (PKI) or special agents on receiving systems. When an e-mail message is targeted for encryption, the PXE encryption engine on an IronPort e-mail gateway encrypts the original e-mail message as an HTML file and attaches it to a notification e-mail message that is sent to the recipient. The per-message key used to decrypt the HTML file attachment is stored on a local IronPort Encryption Appliance, PostX software installation or the Cisco Registered Envelope Service, which is a Cisco-managed software service. PXE Encryption Privacy Vulnerabilities +------------------------------------- The IronPort PXE Encryption solution is affected by two vulnerabilities that could allow unauthorized individuals to view the contents of secure e-mail messages. To exploit the vulnerabilities, attackers must first intercept secure e-mail messages on the network or via a compromised e-mail account. These vulnerabilities do not affect Cisco Registered Envelope Service users. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for the vulnerabilities that are described in this advisory. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml Affected Products ================= Vulnerable Products +------------------ The following IronPort Encryption Appliance/PostX versions are affected by these vulnerabilities: * All PostX 6.2.1 versions prior to 6.2.1.1 * All PostX 6.2.2 versions prior to 6.2.2.3 * All IronPort Encryption Appliance/PostX 6.2.4 versions prior to 6.2.4.1.1 * All IronPort Encryption Appliance/PostX 6.2.5 versions * All IronPort Encryption Appliance/PostX 6.2.6 versions * All IronPort Encryption Appliance/PostX 6.2.7 versions prior to 6.2.7.7 * All IronPort Encryption Appliance 6.3 versions prior to 6.3.0.4 * All IronPort Encryption Appliance 6.5 versions prior to 6.5.0.2 The version of software that is running on an IronPort Encryption Appliance is located on the About page of the IronPort Encryption Appliance administration interface. Note: Customers should contact IronPort support to determine which software fixes are applicable for their environment. Please consult the Obtaining Fixed Software section of this advisory for more information. Products Confirmed Not Vulnerable +-------------------------------- IronPort C, M and S-Series appliances are not affected by these vulnerabilities. Although C-Series appliances can be configured to use a local IronPort Encryption Appliance for per-message key retention, the C-Series appliances are not vulnerable. The Cisco Registered Envelope Service is not vulnerable. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Note: IronPort tracks bugs using an internal system that is not available to customers. The IronPort bug tracking identifiers are provided for reference only. All the vulnerabilities require an attacker to first intercept a secure e-mail message as a condition for successful exploitation. Attackers can obtain secure e-mail messages by monitoring a network or a compromised user e-mail account. Using the decryption key, an attacker could decrypt the contents of the secure e-mail message. This vulnerability is documented in IronPort bug 8062 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0053. By modifying the contents of intercepted secure e-mail messages or by forging a close copy of the e-mail message, it may be possible for an attacker to convince a user to view a modified secure e-mail message and then cause the exposure of the user's credentials and message content. Please see the Workarounds section for more information on mitigations available to reduce exposure to these phishing-style attacks. This vulnerability is documented in IronPort bug 8149 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0054. IronPort Encryption Appliance Administration Interface Vulnerabilities +--------------------------------------------------------------------- The administration interface of IronPort Encryption Appliance devices contains a cross-site request forgery (CSRF) vulnerability that could allow an attacker to modify a user's IronPort Encryption Appliance preferences, including their user name and personal security pass phrase, if the user is logged into the IronPort Encryption Appliance administration interface. Exploitation of the vulnerability will not allow an attacker to change a user's password. This vulnerability is documented in IronPort bug 5806 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0055. Exploitation of the vulnerability will not allow an attacker to change a user's password. This vulnerability is documented in IronPort bug 6403 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0056. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss PXE Encryption Message Decryption Vulnerability - IronPort Bug 8062 CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed PXE Encryption Phishing Vulnerabilities - IronPort Bug 8149 CVSS Base Score - 6.1 Access Vector - Network Access Complexity - High Authentication - None Confidentiality Impact - Complete Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 5 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed IronPort Encryption Appliance CSRF Vulnerability - IronPort Bug 5806 CVSS Base Score - 5.8 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 4.8 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed IronPort Encryption Appliance Logout Action CSRF Vulnerability - IronPort Bug 6403 CVSS Base Score - 5.8 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 4.8 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed Impact ====== PXE Encryption Privacy Vulnerabilities +------------------------------------- Successful exploitation of these vulnerabilities could allow an attacker to obtain user credentials and view the contents of intercepted secure e-mail messages, which could result in the disclosure of sensitive information. IronPort Encryption Appliance Administration Interface Vulnerabilities +--------------------------------------------------------------------- Successful exploitation of these vulnerabilities could allow an attacker to access user accounts on an IronPort Encryption Appliance device, which could result in the modification of user preferences. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. Workarounds =========== There are no workarounds for the vulnerabilities that are described in this advisory. There are mitigations available to help prevent exploitation of the PXE Encryption phishing-style vulnerability. Phishing attacks can be greatly reduced if DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) are implemented on IronPort e-mail gateways to help ensure message integrity and source origin. Additionally, the PXE Encryption solution contains an anti-phishing Secure Pass Phrase feature to ensure that secure notification e-mail messages are valid. This feature is enabled by recipients when configuring their PXE user profile. Cisco has released a best practices document that describes several techniques to mitigate against the phishing-style attacks that is available at the following link: http://www.cisco.com/web/about/security/intelligence/bpiron.html Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. The affected products in this advisory are directly supported by IronPort, and not via the Cisco TAC organization. Customers should contact IronPort technical support at the link below to obtain software fixes. IronPort technical support will assist customers in determining the correct fixes and installation procedures. Customers should direct all warranty questions to IronPort technical support. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. http://www.ironport.com/support/contact_support.html Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. J.B. All other vulnerabilities were discovered by Cisco or reported by customers. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-January-14 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iD8DBQFJbhoo86n/Gc8U/uARAjuxAJ4oLc1JjS7N9728Ueb6JB7Y2LVJtACfaSfA A6WIz481vajHya3jIlp+/Xc= =cFJ6 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Cisco IronPort Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA33479 VERIFY ADVISORY: http://secunia.com/advisories/33479/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: Cisco IronPort Encryption Appliance 6.x http://secunia.com/advisories/product/20990/ SOFTWARE: Cisco IronPort PostX 6.x http://secunia.com/advisories/product/20991/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IronPort products, which can be exploited by malicious people to disclose sensitive information or conduct cross-site request forgery attacks. 3) The web-based administration interface allows user to perform certain actions via HTTP request without performing any validity checks to verify the requests. This can be exploited to e.g. http://www.ironport.com/support/contact_support.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits J.B. Snyder of Brintech ORIGINAL ADVISORY: Cisco (cisco-sa-20090114-ironport): http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors. Attackers may exploit these issues to obtain sensitive information, including user passwords, or to modify user information through the web administration interface. This may aid in further attacks. IronPort series products are widely used email encryption gateways, which can seamlessly complete the encryption, decryption and digital signature of confidential emails. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities Advisory ID: cisco-sa-20090114-ironport Revision 1.0 For Public Release 2009 January 14 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= IronPort PXE Encryption is an e-mail encryption solution that is designed to secure e-mail communications without the need for a Public Key Infrastructure (PKI) or special agents on receiving systems. When an e-mail message is targeted for encryption, the PXE encryption engine on an IronPort e-mail gateway encrypts the original e-mail message as an HTML file and attaches it to a notification e-mail message that is sent to the recipient. The per-message key used to decrypt the HTML file attachment is stored on a local IronPort Encryption Appliance, PostX software installation or the Cisco Registered Envelope Service, which is a Cisco-managed software service. PXE Encryption Privacy Vulnerabilities +------------------------------------- The IronPort PXE Encryption solution is affected by two vulnerabilities that could allow unauthorized individuals to view the contents of secure e-mail messages. To exploit the vulnerabilities, attackers must first intercept secure e-mail messages on the network or via a compromised e-mail account. These vulnerabilities do not affect Cisco Registered Envelope Service users. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for the vulnerabilities that are described in this advisory. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml Affected Products ================= Vulnerable Products +------------------ The following IronPort Encryption Appliance/PostX versions are affected by these vulnerabilities: * All PostX 6.2.1 versions prior to 6.2.1.1 * All PostX 6.2.2 versions prior to 6.2.2.3 * All IronPort Encryption Appliance/PostX 6.2.4 versions prior to 6.2.4.1.1 * All IronPort Encryption Appliance/PostX 6.2.5 versions * All IronPort Encryption Appliance/PostX 6.2.6 versions * All IronPort Encryption Appliance/PostX 6.2.7 versions prior to 6.2.7.7 * All IronPort Encryption Appliance 6.3 versions prior to 6.3.0.4 * All IronPort Encryption Appliance 6.5 versions prior to 6.5.0.2 The version of software that is running on an IronPort Encryption Appliance is located on the About page of the IronPort Encryption Appliance administration interface. Note: Customers should contact IronPort support to determine which software fixes are applicable for their environment. Please consult the Obtaining Fixed Software section of this advisory for more information. Products Confirmed Not Vulnerable +-------------------------------- IronPort C, M and S-Series appliances are not affected by these vulnerabilities. Although C-Series appliances can be configured to use a local IronPort Encryption Appliance for per-message key retention, the C-Series appliances are not vulnerable. The Cisco Registered Envelope Service is not vulnerable. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Note: IronPort tracks bugs using an internal system that is not available to customers. The IronPort bug tracking identifiers are provided for reference only. PXE Encryption Privacy Vulnerabilities +------------------------------------- Individual PXE Encryption users are vulnerable to two message privacy vulnerabilities that could allow an attacker to gain access to sensitive information. All the vulnerabilities require an attacker to first intercept a secure e-mail message as a condition for successful exploitation. Attackers can obtain secure e-mail messages by monitoring a network or a compromised user e-mail account. The IronPort Encryption Appliance contains a logic error that could allow an attacker to obtain the unique, per-message decryption key that is used to protect the content of an intercepted secure e-mail message without user interaction. Using the decryption key, an attacker could decrypt the contents of the secure e-mail message. This vulnerability is documented in IronPort bug 8062 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0053. By modifying the contents of intercepted secure e-mail messages or by forging a close copy of the e-mail message, it may be possible for an attacker to convince a user to view a modified secure e-mail message and then cause the exposure of the user's credentials and message content. Please see the Workarounds section for more information on mitigations available to reduce exposure to these phishing-style attacks. This vulnerability is documented in IronPort bug 8149 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0054. Exploitation of the vulnerability will not allow an attacker to change a user's password. This vulnerability is documented in IronPort bug 5806 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0055. Exploitation of the vulnerability will not allow an attacker to change a user's password. This vulnerability is documented in IronPort bug 6403 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0056. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss PXE Encryption Message Decryption Vulnerability - IronPort Bug 8062 CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed PXE Encryption Phishing Vulnerabilities - IronPort Bug 8149 CVSS Base Score - 6.1 Access Vector - Network Access Complexity - High Authentication - None Confidentiality Impact - Complete Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 5 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed IronPort Encryption Appliance CSRF Vulnerability - IronPort Bug 5806 CVSS Base Score - 5.8 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 4.8 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed IronPort Encryption Appliance Logout Action CSRF Vulnerability - IronPort Bug 6403 CVSS Base Score - 5.8 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 4.8 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed Impact ====== PXE Encryption Privacy Vulnerabilities +------------------------------------- Successful exploitation of these vulnerabilities could allow an attacker to obtain user credentials and view the contents of intercepted secure e-mail messages, which could result in the disclosure of sensitive information. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. Workarounds =========== There are no workarounds for the vulnerabilities that are described in this advisory. There are mitigations available to help prevent exploitation of the PXE Encryption phishing-style vulnerability. Phishing attacks can be greatly reduced if DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) are implemented on IronPort e-mail gateways to help ensure message integrity and source origin. Additionally, the PXE Encryption solution contains an anti-phishing Secure Pass Phrase feature to ensure that secure notification e-mail messages are valid. This feature is enabled by recipients when configuring their PXE user profile. Cisco has released a best practices document that describes several techniques to mitigate against the phishing-style attacks that is available at the following link: http://www.cisco.com/web/about/security/intelligence/bpiron.html Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. The affected products in this advisory are directly supported by IronPort, and not via the Cisco TAC organization. Customers should contact IronPort technical support at the link below to obtain software fixes. IronPort technical support will assist customers in determining the correct fixes and installation procedures. Customers should direct all warranty questions to IronPort technical support. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. http://www.ironport.com/support/contact_support.html Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. J.B. Snyder of Brintech reported a method for obtaining PXE Encryption user credentials via a phishing-style attack to Cisco. All other vulnerabilities were discovered by Cisco or reported by customers. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-January-14 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iD8DBQFJbhoo86n/Gc8U/uARAjuxAJ4oLc1JjS7N9728Ueb6JB7Y2LVJtACfaSfA A6WIz481vajHya3jIlp+/Xc= =cFJ6 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Cisco IronPort Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA33479 VERIFY ADVISORY: http://secunia.com/advisories/33479/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: Cisco IronPort Encryption Appliance 6.x http://secunia.com/advisories/product/20990/ SOFTWARE: Cisco IronPort PostX 6.x http://secunia.com/advisories/product/20991/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IronPort products, which can be exploited by malicious people to disclose sensitive information or conduct cross-site request forgery attacks. 3) The web-based administration interface allows user to perform certain actions via HTTP request without performing any validity checks to verify the requests. This can be exploited to e.g. http://www.ironport.com/support/contact_support.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits J.B. Snyder of Brintech ORIGINAL ADVISORY: Cisco (cisco-sa-20090114-ironport): http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action. Cisco IronPort Encryption Appliance and PostX are prone to multiple information-disclosure and cross-site request-forgery vulnerabilities. Attackers may exploit these issues to obtain sensitive information, including user passwords, or to modify user information through the web administration interface. This may aid in further attacks. IronPort series products are widely used email encryption gateways, which can seamlessly complete the encryption, decryption and digital signature of confidential emails. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities Advisory ID: cisco-sa-20090114-ironport Revision 1.0 For Public Release 2009 January 14 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= IronPort PXE Encryption is an e-mail encryption solution that is designed to secure e-mail communications without the need for a Public Key Infrastructure (PKI) or special agents on receiving systems. When an e-mail message is targeted for encryption, the PXE encryption engine on an IronPort e-mail gateway encrypts the original e-mail message as an HTML file and attaches it to a notification e-mail message that is sent to the recipient. The per-message key used to decrypt the HTML file attachment is stored on a local IronPort Encryption Appliance, PostX software installation or the Cisco Registered Envelope Service, which is a Cisco-managed software service. PXE Encryption Privacy Vulnerabilities +------------------------------------- The IronPort PXE Encryption solution is affected by two vulnerabilities that could allow unauthorized individuals to view the contents of secure e-mail messages. To exploit the vulnerabilities, attackers must first intercept secure e-mail messages on the network or via a compromised e-mail account. These vulnerabilities do not affect Cisco Registered Envelope Service users. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for the vulnerabilities that are described in this advisory. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml Affected Products ================= Vulnerable Products +------------------ The following IronPort Encryption Appliance/PostX versions are affected by these vulnerabilities: * All PostX 6.2.1 versions prior to 6.2.1.1 * All PostX 6.2.2 versions prior to 6.2.2.3 * All IronPort Encryption Appliance/PostX 6.2.4 versions prior to 6.2.4.1.1 * All IronPort Encryption Appliance/PostX 6.2.5 versions * All IronPort Encryption Appliance/PostX 6.2.6 versions * All IronPort Encryption Appliance/PostX 6.2.7 versions prior to 6.2.7.7 * All IronPort Encryption Appliance 6.3 versions prior to 6.3.0.4 * All IronPort Encryption Appliance 6.5 versions prior to 6.5.0.2 The version of software that is running on an IronPort Encryption Appliance is located on the About page of the IronPort Encryption Appliance administration interface. Note: Customers should contact IronPort support to determine which software fixes are applicable for their environment. Please consult the Obtaining Fixed Software section of this advisory for more information. Products Confirmed Not Vulnerable +-------------------------------- IronPort C, M and S-Series appliances are not affected by these vulnerabilities. Although C-Series appliances can be configured to use a local IronPort Encryption Appliance for per-message key retention, the C-Series appliances are not vulnerable. The Cisco Registered Envelope Service is not vulnerable. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Note: IronPort tracks bugs using an internal system that is not available to customers. The IronPort bug tracking identifiers are provided for reference only. PXE Encryption Privacy Vulnerabilities +------------------------------------- Individual PXE Encryption users are vulnerable to two message privacy vulnerabilities that could allow an attacker to gain access to sensitive information. All the vulnerabilities require an attacker to first intercept a secure e-mail message as a condition for successful exploitation. Attackers can obtain secure e-mail messages by monitoring a network or a compromised user e-mail account. The IronPort Encryption Appliance contains a logic error that could allow an attacker to obtain the unique, per-message decryption key that is used to protect the content of an intercepted secure e-mail message without user interaction. Using the decryption key, an attacker could decrypt the contents of the secure e-mail message. This vulnerability is documented in IronPort bug 8062 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0053. By modifying the contents of intercepted secure e-mail messages or by forging a close copy of the e-mail message, it may be possible for an attacker to convince a user to view a modified secure e-mail message and then cause the exposure of the user's credentials and message content. Please see the Workarounds section for more information on mitigations available to reduce exposure to these phishing-style attacks. This vulnerability is documented in IronPort bug 8149 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0054. Exploitation of the vulnerability will not allow an attacker to change a user's password. This vulnerability is documented in IronPort bug 5806 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0055. Exploitation of the vulnerability will not allow an attacker to change a user's password. This vulnerability is documented in IronPort bug 6403 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-0056. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss PXE Encryption Message Decryption Vulnerability - IronPort Bug 8062 CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed PXE Encryption Phishing Vulnerabilities - IronPort Bug 8149 CVSS Base Score - 6.1 Access Vector - Network Access Complexity - High Authentication - None Confidentiality Impact - Complete Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 5 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed IronPort Encryption Appliance CSRF Vulnerability - IronPort Bug 5806 CVSS Base Score - 5.8 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 4.8 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed IronPort Encryption Appliance Logout Action CSRF Vulnerability - IronPort Bug 6403 CVSS Base Score - 5.8 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 4.8 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed Impact ====== PXE Encryption Privacy Vulnerabilities +------------------------------------- Successful exploitation of these vulnerabilities could allow an attacker to obtain user credentials and view the contents of intercepted secure e-mail messages, which could result in the disclosure of sensitive information. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. Workarounds =========== There are no workarounds for the vulnerabilities that are described in this advisory. There are mitigations available to help prevent exploitation of the PXE Encryption phishing-style vulnerability. Phishing attacks can be greatly reduced if DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) are implemented on IronPort e-mail gateways to help ensure message integrity and source origin. Additionally, the PXE Encryption solution contains an anti-phishing Secure Pass Phrase feature to ensure that secure notification e-mail messages are valid. This feature is enabled by recipients when configuring their PXE user profile. Cisco has released a best practices document that describes several techniques to mitigate against the phishing-style attacks that is available at the following link: http://www.cisco.com/web/about/security/intelligence/bpiron.html Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. The affected products in this advisory are directly supported by IronPort, and not via the Cisco TAC organization. Customers should contact IronPort technical support at the link below to obtain software fixes. IronPort technical support will assist customers in determining the correct fixes and installation procedures. Customers should direct all warranty questions to IronPort technical support. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. http://www.ironport.com/support/contact_support.html Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. J.B. Snyder of Brintech reported a method for obtaining PXE Encryption user credentials via a phishing-style attack to Cisco. All other vulnerabilities were discovered by Cisco or reported by customers. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-January-14 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iD8DBQFJbhoo86n/Gc8U/uARAjuxAJ4oLc1JjS7N9728Ueb6JB7Y2LVJtACfaSfA A6WIz481vajHya3jIlp+/Xc= =cFJ6 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Cisco IronPort Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA33479 VERIFY ADVISORY: http://secunia.com/advisories/33479/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of sensitive information WHERE: >From remote OPERATING SYSTEM: Cisco IronPort Encryption Appliance 6.x http://secunia.com/advisories/product/20990/ SOFTWARE: Cisco IronPort PostX 6.x http://secunia.com/advisories/product/20991/ DESCRIPTION: Some vulnerabilities have been reported in Cisco IronPort products, which can be exploited by malicious people to disclose sensitive information or conduct cross-site request forgery attacks. 3) The web-based administration interface allows user to perform certain actions via HTTP request without performing any validity checks to verify the requests. This can be exploited to e.g. http://www.ironport.com/support/contact_support.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits J.B. Snyder of Brintech ORIGINAL ADVISORY: Cisco (cisco-sa-20090114-ironport): http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. The web-based interface implemented in Cisco IOS is vulnerable to cross-site scripting. Some versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability. A wide range of versions are affected. If the web-based interface is disabled, it is not affected. Some versions of the Cisco IOS have the web-based interface enabled by default. For more information, refer to the information provided by Cisco. NOBUHIRO TSUJI of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. These issues are tracked by Cisco bug IDs CSCsi13344 and CSCsr72301. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. The attacker may also perform cross-site request-forgery attacks on the same scripts and parameters. Other attacks may also be possible. This type of attack may result in replacing the target's management interface, or redirecting confidential information to an unauthorized third party, for example, the data returned by the /level/15/exec/-/show/run/CR URL can be modified through the XMLHttpRequest object. For example, injecting an img tag pointing to /level/15/configure/-/enable/secret/newpass will change the enable password to newpass. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: 1) Adrian Pastor and Richard J. Brain of ProCheckUp. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml ProCheckUp: http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19 JVN: http://jvn.jp/en/jp/JVN28344798/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ProCheckup has posted a Security Advisory titled "XSS on Cisco IOS HTTP Server" posted at http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19 Cisco would like to thank Adrian Pastor and Richard J. A system that contains the IOS HTTP server or HTTP secure server, but does not have it enabled, is not affected. To determine if the HTTP server is running on your device, issue the show ip http server status | include status and the show ip http server secure status | include status commands at the prompt and look for output similar to: Router#show ip http server status | include status HTTP server status: Enabled HTTP secure server status: Enabled If the device is not running the HTTP server, you should see output similar to: Router#show ip http server status | include status HTTP server status: Disabled HTTP secure server status: Disabled These vulnerabilities are documented in the following Cisco bug IDs: * Cisco bug ID CSCsi13344 - XSS in IOS HTTP Server Special Characters are not escaped in URL strings sent to the HTTP server. * Cisco bug ID CSCsr72301 - XSS in IOS HTTP Server (ping parameter) Special Characters are not escaped in URL strings sent to the HTTP server, via the ping parameter. The ping parameter is used both by external applications such as Router and Security Device Manager (SDM) as well as a direct HTTP session to Cisco IOS http server. These vulnerabilities are independent of each other. These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-3821. Workaround +--------- If the HTTP server is not used for any legitimate purposes on the device, it is a best practice to disable it by issuing the following commands in configure mode: no ip http server no ip http secure-server If the HTTP server is required, it is a recommended best practice to control which hosts may access the HTTP server to only trusted sources. To control which hosts can access the HTTP server, you can apply an access list to the HTTP server. To apply an access list to the HTTP server, use the following command in global configuration mode: ip http access-class {access-list-number | access-list-name} The following example shows an access list that allows only trusted hosts to access the Cisco IOS HTTP server: ip access-list standard 20 permit 192.168.1.0 0.0.0.255 remark "Above is a trusted subnet" remark "Add further trusted subnets or hosts below" ! (Note: all other access implicitly denied) ! (Apply the access-list to the http server) ip http access-class 20 For additional information on configuring the Cisco IOS HTTP server, consult Using the Cisco Web Browser User Interface. For additional information on cross-site scripting attacks and the methods used to exploit these vulnerabilities, please refer to the Cisco Applied Mitigation Bulletin "Understanding Cross-Site Scripting (XSS) Threat Vectors", which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20060922-understanding-xss.shtml Further Problem Description +-------------------------- This vulnerability is about escaping characters in the URL that are sent to the HTTP server. The fix for this vulnerability is to escape special characters in the URL string echoed in the response generated by the web exec application. Software Version and Fixes +------------------------- When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center ("TAC") or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) describes a release train and the platforms or products for which it is intended. If a given release train is vulnerable, then the earliest possible releases that contain the fix (the "First Fixed Release") and the anticipated date of availability for each are listed in the "Rebuild" and "Maintenance" columns. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. The release should be upgraded at least to the indicated release or a later version (greater than or equal to the First Fixed Release label). For more information on the terms "Rebuild" and "Maintenance," consult the following URL: http://www.cisco.com/warp/public/620/1.html +----------------------------------------+ | Major | Availability of Repaired | | Release | Releases | |------------+---------------------------| | Affected | First Fixed | Recommended | | 12.0-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0 | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0DA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0DB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0DC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | 12.0(33)S3; | | | 12.0S | Available | | | | on | | | | 03-APR-2009 | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SC | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SL | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0SP | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0ST | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SX | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SY | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | | | 12.0SZ | first fixed | | | | in 12.0S | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0T | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.0(3c)W5 | | 12.0W | first fixed | (8) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0WC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.0WT | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.0XF | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XG | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Releases | | | | prior to | | | | 12.0(4)XI2 | | | | are | | | | vulnerable, | | | 12.0XI | release | 12.4(15) | | | 12.0(4)XI2 | T812.4(23) | | | and later | | | | are not | | | | vulnerable; | | | | first fixed | | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XJ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XK | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XL | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XM | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XN | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XQ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XR | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XS | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XT | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.0XV | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | Affected | First Fixed | Recommended | | 12.1-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1 | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1AA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1AX | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1AY | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1AZ | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1CX | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1DA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1DB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1DC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.1E | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1EA | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | 12.1EB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.2(33) | | 12.1EC | first fixed | SCA212.2 | | | in 12.3BC | (33)SCB12.3 | | | | (23)BC6 | |------------+-------------+-------------| | 12.1EO | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.2(31) | | 12.1EU | first fixed | SGA912.2 | | | in 12.2SG | (50)SG | |------------+-------------+-------------| | | Vulnerable; | 12.2(20) | | 12.1EV | first fixed | S1212.2(33) | | | in 12.4 | SB312.4(15) | | | | T812.4(23) | |------------+-------------+-------------| | | | 12.2(31) | | | Vulnerable; | SGA912.2 | | 12.1EW | first fixed | (50)SG12.4 | | | in 12.4 | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1EX | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.1EY | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1EZ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1GA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1GB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1T | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XF | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XG | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XI | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XJ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XL | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XM | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XP | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XQ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XR | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XS | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XT | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XU | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XV | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XW | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XX | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XY | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1XZ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Releases | | | | prior to | | | | 12.1(5)YE6 | | | | are | | | | vulnerable, | | | 12.1YE | release | 12.4(15) | | | 12.1(5)YE6 | T812.4(23) | | | and later | | | | are not | | | | vulnerable; | | | | first fixed | | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YF | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.1YH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.1YI | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.1YJ | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | Affected | First Fixed | Recommended | | 12.2-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2 | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2B | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | | 12.2(33) | | | Vulnerable; | SCA212.2 | | 12.2BC | first fixed | (33)SCB12.3 | | | in 12.4 | (23)BC612.4 | | | | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2BW | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.2(33) | | 12.2BX | first fixed | SB312.4(15) | | | in 12.4 | T812.4(23) | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2BY | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2BZ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | | 12.2(33) | | | Vulnerable; | SCA212.2 | | 12.2CX | first fixed | (33)SCB12.3 | | | in 12.4 | (23)BC612.4 | | | | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | | 12.2(33) | | | Vulnerable; | SCA212.2 | | 12.2CY | first fixed | (33)SCB12.3 | | | in 12.4 | (23)BC612.4 | | | | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | Vulnerable; | 12.2(20) | | 12.2CZ | first fixed | S1212.2(33) | | | in 12.2SB | SB3 | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2DA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2DD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2DX | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.2(31) | | 12.2EW | first fixed | SGA912.2 | | | in 12.2SG | (50)SG | |------------+-------------+-------------| | | Vulnerable; | 12.2(31) | | 12.2EWA | first fixed | SGA912.2 | | | in 12.2SG | (50)SG | |------------+-------------+-------------| | 12.2EX | 12.2(40)EX | 12.2(44)EX1 | |------------+-------------+-------------| | | 12.2(44)EY; | 12.2(46)EY; | | 12.2EY | Available | Available | | | on | on | | | 30-JAN-2009 | 23-JAN-2009 | |------------+-------------+-------------| | | Vulnerable; | | | 12.2EZ | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2FX | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | 12.2(44) | | 12.2FY | first fixed | EX112.2(44) | | | in 12.2EX | SE4 | |------------+-------------+-------------| | | Vulnerable; | | | 12.2FZ | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | 12.2IRA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2IRB | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2IXA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXE | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXF | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXG | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2JA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2JK | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2MB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2MC | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2S | first fixed | 12.2(20)S12 | | | in 12.2SB | | |------------+-------------+-------------| | | 12.2(33) | | | | SB12.2(31) | | | 12.2SB | SB14; | 12.2(33)SB3 | | | Available | | | | on | | | | 16-JAN-2009 | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SBC | first fixed | 12.2(33)SB3 | | | in 12.2SB | | |------------+-------------+-------------| | 12.2SCA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SCB | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SE | 12.2(40)SE | 12.2(44)SE4 | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEA | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEB | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEC | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SED | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEE | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SEF | first fixed | 12.2(44)SE4 | | | in 12.2SE | | |------------+-------------+-------------| | | Vulnerable; | 12.2(44) | | 12.2SEG | first fixed | EX112.2(44) | | | in 12.2EX | SE4 | |------------+-------------+-------------| | 12.2SG | 12.2(44)SG | 12.2(50)SG | |------------+-------------+-------------| | 12.2SGA | 12.2(31) | 12.2(31) | | | SGA9 | SGA9 | |------------+-------------+-------------| | 12.2SL | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SM | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SO | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SQ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SR | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SRA | migrate to | 12.2(33) | | | any release | SRC3 | | | in 12.2SRC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SRB | migrate to | 12.2(33) | | | any release | SRC3 | | | in 12.2SRC | | |------------+-------------+-------------| | 12.2SRC | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SRD | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2STE | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2SU | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.2SV | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SVA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SVC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SVD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SVE | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2SW | first fixed | 12.4(15)T8 | | | in 12.4SW | | |------------+-------------+-------------| | 12.2SX | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXE | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXF | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2SXH | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SXI | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.2(20) | | 12.2SY | first fixed | S1212.2(33) | | | in 12.2SB | SB3 | |------------+-------------+-------------| | | Vulnerable; | 12.2(20) | | 12.2SZ | first fixed | S1212.2(33) | | | in 12.2SB | SB3 | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2T | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.2TPC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XB | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XC | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XD | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | | 12.2(33) | | | Vulnerable; | SCA212.2 | | 12.2XF | first fixed | (33)SCB12.3 | | | in 12.4 | (23)BC612.4 | | | | (15)T812.4 | | | | (23) | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XG | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XI | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XJ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XK | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XL | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XM | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | | 12.2(20) | | | | S1212.2(33) | | | | SB312.2(33) | | 12.2XN | 12.2(33)XN1 | SRC312.2 | | | | (33) | | | | XNA212.2 | | | | (33r)SRD2 | |------------+-------------+-------------| | 12.2XNA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XNB | Not | | | | Vulnerable | | |------------+-------------+-------------| | | 12.2(46)XO; | 12.2(46)XO; | | 12.2XO | Available | Available | | | on | on | | | 02-FEB-2009 | 02-FEB-2009 | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XQ | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XR | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XS | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XT | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XU | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XV | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2XW | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2YA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.2YB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YE | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YF | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YG | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YH | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YJ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YK | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YL | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2YM | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.2YN | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YO | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2YP | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.2YQ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YR | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YS | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YT | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YU | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YV | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YW | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YX | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YY | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2YZ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Releases | | | | prior to | | | | 12.2(13)ZC | | | | are | | | 12.2ZC | vulnerable, | | | | release | | | | 12.2(13)ZC | | | | and later | | | | are not | | | | vulnerable; | | |------------+-------------+-------------| | 12.2ZD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2ZE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2ZF | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2ZG | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.2ZH | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.2ZJ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZL | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZP | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2ZU | migrate to | | | | any release | | | | in 12.2SXH | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2ZX | first fixed | 12.2(33)SB3 | | | in 12.2SB | | |------------+-------------+-------------| | 12.2ZY | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2ZYA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | Affected | First Fixed | Recommended | | 12.3-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3 | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3B | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.3BC | 12.3(23)BC6 | 12.3(23)BC6 | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3BW | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.3EU | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.3JA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.3JEA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.3JEB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.3JEC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3JK | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.3JL | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.3JX | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3T | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | 12.3TPC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3VA | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XA | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.3XB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XC | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XD | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XE | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | 12.3XF | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XG | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3XI | first fixed | 12.2(33)SB3 | | | in 12.2SB | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3XJ | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XK | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XL | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XQ | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XR | first fixed | T812.4(23) | | | in 12.4 | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XS | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3XU | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3XW | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XX | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XY | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3XZ | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | 12.4(15) | | 12.3YA | first fixed | T812.4(23) | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YD | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YF | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YG | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YH | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YI | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YJ | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YK | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YM | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YQ | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YS | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YT | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YU | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3YX | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | 12.3YZ | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | | | 12.3ZA | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | Affected | First Fixed | Recommended | | 12.4-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | 12.4 | 12.4(16) | 12.4(23) | |------------+-------------+-------------| | 12.4JA | 12.4(16b)JA | 12.4(16b) | | | | JA1 | |------------+-------------+-------------| | 12.4JDA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.4JK | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.4JL | 12.4(3)JL1 | 12.4(3)JL1 | |------------+-------------+-------------| | 12.4JMA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.4JMB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.4(16b) | | 12.4JX | first fixed | JA1 | | | in 12.4JA | | |------------+-------------+-------------| | 12.4MD | 12.4(15)MD | 12.4(15)MD2 | |------------+-------------+-------------| | 12.4MR | 12.4(16)MR | | |------------+-------------+-------------| | 12.4SW | 12.4(11)SW3 | 12.4(15)T8 | |------------+-------------+-------------| | 12.4T | 12.4(15)T | 12.4(15)T8 | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XA | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XB | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XC | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XD | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XE | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | 12.4XF | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XG | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XJ | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XK | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | 12.4XL | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XM | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XN | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XP | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.4XQ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XR | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | | | 12.4XT | first fixed | 12.4(15)T8 | | | in 12.4T | | |------------+-------------+-------------| | 12.4XV | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | | 12.4(11) | | | | XW10; | | 12.4XW | 12.4(11)XW3 | Available | | | | on | | | | 22-JAN-2009 | |------------+-------------+-------------| | 12.4XY | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4XZ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.4YA | Not | | | | Vulnerable | | +----------------------------------------+ Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-January-14 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkluC58ACgkQ86n/Gc8U/uA6vACfY36eBjbCbnJsrnJlOCE0Mr6Y JqUAn1TVyUvBk8lGTm94F+tvmZy4n3Ke =cGUi -----END PGP SIGNATURE-----

Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers. Cisco Unified IP Phone 7960G and 7940G are prone to a denial-of-service vulnerability An attacker can exploit this issue to cause the affected phones to reboot, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed. Cisco Unified IP Phone is a set of unified IP phone solutions of Cisco (Cisco). Once the call is established, the media content is carried by the RTP protocol. Cisco released a patched firmware on October 21, 2008 which is described in the bug identifier CSCsu22285 (Cisco Unified IP Phone 7960G and 7940G (SIP) Release Notes for Firmware Release 8.10). Credits: -------- * This vulnerability was discovered by Gabriel Campana and Laurent Butti from France Telecom / Orange

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2009-06-08-1. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 35321 WebKit XML External Entity Information Disclosure Vulnerability 35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability 35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability 35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability 35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability 35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability 35317 WebKit Subframe Click Jacking Vulnerability 35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability 35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability 35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability 35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability 35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability 35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability 35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability 35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability 35272 WebKit Drag Event Remote Information Disclosure Vulnerability 35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability 33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability 35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability 35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability 35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability 35350 WebKit Java Applet Remote Code Execution Vulnerability 35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability 35348 WebKit Web Inspector Cross Site Scripting Vulnerability 35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability 35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability 35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability 35333 WebKit File Enumeration Information Disclosure Vulnerability 35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability 35332 WebKit 'about:blank' Security Bypass Vulnerability 35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability 35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability 35328 WebKit Frame Transition Cross Domain Scripting Vulnerability 35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability 35344 Apple Safari CFNetwork Script Injection Weakness 35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. Multiple web browsers are prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue to gain information about the internal state of the random number generator used by the vulnerable browsers. This may aid in further attacks. The following browsers are vulnerable: Microsoft Internet Explorer Mozilla Firefox Apple Safari Google Chrome Opera Other browsers may also be affected. Safari is the web browser bundled by default in the Apple family machine operating system. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35379 VERIFY ADVISORY: http://secunia.com/advisories/35379/ DESCRIPTION: Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information or compromise a user's system. 1) An error in the handling of TrueType fonts can be exploited to corrupt memory when a user visits a web site embedding a specially crafted font. Successful exploitation may allow execution of arbitrary code. 2) Some vulnerabilities in FreeType can potentially be exploited to compromise a user's system. For more information: SA34723 3) Some vulnerabilities in libpng can potentially be exploited to compromise a user's system. For more information: SA33970 4) An error in the processing of external entities in XML files can be exploited to read files from the user's system when a users visits a specially crafted web page. Other vulnerabilities have also been reported of which some may also affect Safari version 3.x. SOLUTION: Upgrade to Safari version 4, which fixes the vulnerabilities. PROVIDED AND/OR DISCOVERED BY: 1-3) Tavis Ormandy 4) Chris Evans of Google Inc. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3613 Chris Evans: http://scary.beasts.org/security/CESA-2009-006.html OTHER REFERENCES: SA33970: http://secunia.com/advisories/33970/ SA34723: http://secunia.com/advisories/34723/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA43068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 RELEASE DATE: 2011-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities. For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document. WebKit is prone to a cross-domain scripting vulnerability. A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or to launch spoofing attacks against other sites. Other attacks are also possible. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 35321 WebKit XML External Entity Information Disclosure Vulnerability 35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability 35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability 35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability 35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability 35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability 35317 WebKit Subframe Click Jacking Vulnerability 35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability 35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability 35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability 35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability 35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability 35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability 35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability 35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability 35272 WebKit Drag Event Remote Information Disclosure Vulnerability 35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability 33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability 35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability 35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability 35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability 35350 WebKit Java Applet Remote Code Execution Vulnerability 35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability 35348 WebKit Web Inspector Cross Site Scripting Vulnerability 35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability 35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability 35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability 35333 WebKit File Enumeration Information Disclosure Vulnerability 35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability 35332 WebKit 'about:blank' Security Bypass Vulnerability 35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability 35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability 35328 WebKit Frame Transition Cross Domain Scripting Vulnerability 35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability 35344 Apple Safari CFNetwork Script Injection Weakness 35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. Safari is the web browser bundled by default in the Apple family machine operating system. If a user is tricked into visiting a malicious site, the document.implementation of an embedded or parent document provided by a different security zone will be overwritten. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35379 VERIFY ADVISORY: http://secunia.com/advisories/35379/ DESCRIPTION: Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information or compromise a user's system. 1) An error in the handling of TrueType fonts can be exploited to corrupt memory when a user visits a web site embedding a specially crafted font. Successful exploitation may allow execution of arbitrary code. 2) Some vulnerabilities in FreeType can potentially be exploited to compromise a user's system. For more information: SA34723 3) Some vulnerabilities in libpng can potentially be exploited to compromise a user's system. For more information: SA33970 4) An error in the processing of external entities in XML files can be exploited to read files from the user's system when a users visits a specially crafted web page. Other vulnerabilities have also been reported of which some may also affect Safari version 3.x. SOLUTION: Upgrade to Safari version 4, which fixes the vulnerabilities. PROVIDED AND/OR DISCOVERED BY: 1-3) Tavis Ormandy 4) Chris Evans of Google Inc. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3613 Chris Evans: http://scary.beasts.org/security/CESA-2009-006.html OTHER REFERENCES: SA33970: http://secunia.com/advisories/33970/ SA34723: http://secunia.com/advisories/34723/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA43068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 RELEASE DATE: 2011-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities. For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server

WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2009-06-08-1. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 35321 WebKit XML External Entity Information Disclosure Vulnerability 35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability 35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability 35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability 35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability 35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability 35317 WebKit Subframe Click Jacking Vulnerability 35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability 35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability 35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability 35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability 35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability 35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability 35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability 35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability 35272 WebKit Drag Event Remote Information Disclosure Vulnerability 35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability 33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability 35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability 35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability 35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability 35350 WebKit Java Applet Remote Code Execution Vulnerability 35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability 35348 WebKit Web Inspector Cross Site Scripting Vulnerability 35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability 35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability 35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability 35333 WebKit File Enumeration Information Disclosure Vulnerability 35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability 35332 WebKit 'about:blank' Security Bypass Vulnerability 35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability 35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability 35328 WebKit Frame Transition Cross Domain Scripting Vulnerability 35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability 35344 Apple Safari CFNetwork Script Injection Weakness 35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. WebKit is prone to a remote information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Safari is the web browser bundled by default in the Apple family machine operating system. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35379 VERIFY ADVISORY: http://secunia.com/advisories/35379/ DESCRIPTION: Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information or compromise a user's system. 1) An error in the handling of TrueType fonts can be exploited to corrupt memory when a user visits a web site embedding a specially crafted font. Successful exploitation may allow execution of arbitrary code. 2) Some vulnerabilities in FreeType can potentially be exploited to compromise a user's system. For more information: SA34723 3) Some vulnerabilities in libpng can potentially be exploited to compromise a user's system. For more information: SA33970 4) An error in the processing of external entities in XML files can be exploited to read files from the user's system when a users visits a specially crafted web page. Other vulnerabilities have also been reported of which some may also affect Safari version 3.x. SOLUTION: Upgrade to Safari version 4, which fixes the vulnerabilities. PROVIDED AND/OR DISCOVERED BY: 1-3) Tavis Ormandy 4) Chris Evans of Google Inc. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3613 Chris Evans: http://scary.beasts.org/security/CESA-2009-006.html OTHER REFERENCES: SA33970: http://secunia.com/advisories/33970/ SA34723: http://secunia.com/advisories/34723/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA43068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 RELEASE DATE: 2011-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities. For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server